At the end of this video, the student will learn how to do configure and understand the significance of using and applying resource properties to CA rules in Dynamic Access Control (DAC). Lists are used to insert into central access rules. These need to first be turned on in Group Policy, which is also covered in this video.
- [Instructor] We are configuring Dynamic Access Control. And in previous videos there was an intro to what Dynamic Access Control is made up of as well as an example on creating a claim type. Now we're going to move to the next piece of Dynamic Access Control, and we'll start by going to our Active Directory Administrative Center, and click on the Dynamic Access Control Option on the left. Now we're going to create a resource property. Let's double click on Resource Properties.
And there's lots of different pre-created templates for resource properties. You can see things like confidentiality, department, discoverability, et cetera. We're going to go ahead and stick with Department, which we started with last time. Let's go ahead and double click on Department, and we can see the different options that are in this particular resource property. We see that the display name, of course, is Department, and the value type is a Single-valued Choice. Now, there's other types of options here that have Yes or No, the date, and other things like that.
This one is just based on the category, Department, that was shown in the previous video in the Active Directory User where Department was one of the options under the Organization tab. Now, we see here that this is going to used for authorization. That means it's going to be used for authorizing access to data resources. And by default, it also has the Protect from accidental deletion box checked. And we can see, under Suggested Values, that the following values are suggested when a user assigns a value to this resource property.
So, we have Engineering, Finance, Human Resources, are all listed as suggested values. Let's go ahead and click Add, and we're going to type in Executives. And then we'll click OK. And now that we're done, let's go ahead and click OK again, and we're going to right click and we're going to choose Enable. And when we choose Enable, we see the little black circle goes away, and now it is going to be enabled. If we right click and chose Disable, we see the little black circle comes back.
So, this is how we can tell quickly whether or not a resource property is enabled or disabled. And now that we're done with our department, we're going to move on in an upcoming video to configuring the resource property Lists. So this property that we just edited goes into the lists which is the next step in configuring Dynamic Access control.
- Working with the Computer Management interface
- Formatting disks and editing files from the command line
- Configuring advanced file services such as BranchCache, auditing, and permissions
- Configuring Dynamic Access Control (DAC)
- Data deduplication
- Storage on Hyper-V
- Setting up Distributed File System (DFS)
- Understanding Volume Shadow Copy Service (VSS) and RAID storage options