Join Robert McMillen for an in-depth discussion in this video Introduction to DAC, part of Windows Server 2012 R2: Configure File and Storage Solutions.
- The exciting new feature in file security in Server 2012 is Dynamic Access Control. Dynamic Access Control is made up of several different pieces that we're going to talk about and it allows administrators to lockdown access to files in a new way. Instead of using shares and groups in the Security tab alone, it can lockdown based on the contents of what is in the file. For example, if we locked down any file with the word confidential in the text, we can automatically tell Active Directory that only specific people can access the file that are in the Executive Department.
That's a pretty cool new feature. So, let's take a look at the different pieces that make up Dynamic Access Control. The first one is going to be Claim types. Now, once you've create a Claim type, you then put that into the Resource properties. Resource properties then go into Resource lists. Then we have a couple more pieces, Central access rules and Central access policies. So, don't worry about understanding all those things at this particular minute. In upcoming videos, we're going to step through each one of these different pieces in Active Directory.
So, let's take a look at how we access this. We are in our Domain Controller and we're in Server Manager. So, let's go up to the Tools menu, and let's go to a little known, little used, Active Directory tool called Active Directory Administrative Center. You're going to see a lot more of this with newer versions of Windows Server in the future. So, on the left hand side, you're going to see something called Dynamic Access Control. Let's go ahead and click on that. Now, we see those five pieces we just talked about, but they're not in the order that we just discussed.
However, we do start with Claim types and work our way through there. Now, before we can use any of these five pieces and configure them, we've got to turn on Kerberos Armoring. Kerberos is an open-source authentication tool that Windows Server uses and we're going to need it in order to make Dynamic Access Control work. So, in upcoming videos, we're going to step through each one of those things, including Group Policy Changes.
These tutorials will help prepare MCSA and MCSE candidates for the Configuring Advanced Windows Server 2012 Services exam (70-412). The topics covered here map to the "Configure File and Storage Solutions" domain of the exam.
- Disk formatting and file manipulation via the command line
- Configuring NFS, BranchCache, and File Classification Infrastructure (FCI)
- Viewing file access permissions
- Implementing Dynamic Access Control (DAC)
- Configuring iSCSI targets and initiators
- Managing free space on the server
- Configuring tiered storage
- Deduplicating data
- Storing data on Hyper-V
- Extending and shrinking partitions
- Working with DFS
- Configuring RAID storage
- Creating file shares