Dynamic Access Control Overview Matthias Wollnik Program Manager
- Slides: 43
Dynamic Access Control Overview Matthias Wollnik Program Manager, File Server Microsoft Corporation
demo Data Classification demo Location based classification Automatic content based classification
50 Groups Department 1000 Groups Sensitive 2000 Groups! Country x 50 x 20
demo Expression based ACL demo Country based central access rule
File Server AD DS User claims User. Department = Finance User. Clearance = High Device claims Device. Department = Finance Device. Managed = True Resource properties Resource. Department = Finance Resource. Impact = High ACCESS POLICY Applies to: @File. Impact = High Allow | Read, Write | if (@User. Department == @File. Department) AND (@Device. Managed == True) 10
demo Central Access Policy with user claims Country based central access rule
Windows Server 2012 Active Directory Resource In Active Directory: User Claims Property Definitions Access Policy On File Server: At Runtime: End User ? Windows Server 2012 File Server
No conditional expressions Using groups with conditional expressions Using user claims
demo Automatic Rights Management Protection
Domain Controller (Active Directory) Staging File Server 1. Import • OOB Knowledge • Scale (#File Servers) • Hybrid Environment Production File Servers 3. Deploy Windows 2008 R 2 Windows 2012 Management Client Collect 2. Export 4. Report DCT Database
An attempt was made to access an object. Subject: Security ID: CONTOSODOMalice Account Name: alice Account Domain: CONTOSODOM Logon ID: 0 x 3 e 7 Object: Object Server: Security Object Type: File Object Name: C: Finance Document ShareFinancial. StatementsMarch. Employee. Stmt. xls Handle ID: 0 x 8 e 4 Resource Attributes: S: AI(RA; ; ; WD; ( “Personally Identifiable Information", TS, 0 x 0, "High"))(RA; ; ; WD; (“Department_23 AFE", TS, 0 x 0, “Finance"))
demo Expression Based Auditing
Windows Server 2012 Active Directory Resource In Active Directory: User Claims In Group Policy: Property Definitions Access Policy On File Server: Windows Server 2012 File Server At Runtime: End User ? Event collection system Event collected to central repository for analysis and reporting
DAC Partners
Country x 50 Department x 20 Sensitive Stealth. AUDIT® for Windows Server 2012 Dynamic Access Control http: //www. stealthbits. com/ ACCESS POLICY Applies to: @File. Impact = High Allow | Read, Write | if (@User. Department == @File. Department) AND (@Device. Managed == True)
http: //www. jijitechnologies. com/dynamic-access-control-effective-permission-report. aspx
Data Loss Prevention dg classification http: //www. dynamicaccesscontrol. com http: //www. websense. com/content/ data-security-overview. aspx CA Data. Minder http: //www. ca. com/us/data-security-solutions. aspx
Dynamic Policy Enforcer http: //www. gigatrust. com
Titus Metadata Security for Share. Point http: //www. titus. com/ Control Center for Windows Server 2012 Dynamic Access Control http: //www. nextlabs. com/html/? q=microsoft_solutions Axiomatics Policy Server http: //www. axiomatics. com/dynamic-accesssddl-xacml-windows-server-2012
RSA Net. Witness http: //www. emc. com/security/rsa-netwitness. htm
In Summary…. .
Reduce group complexity
Simplify access control
Implement effective access control
SIA 207 – Windows Server 2012 Dynamic Access Control Overview SIA 341 – Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization Policies SIA 316 – Windows Server 2012 Dynamic Access Control Best Practices and Case Study Deployments in Microsoft IT SIA 21 -HOL – Using Dynamic Access Conrol to Automatically and Centrally Secure Data in Windows Server 2012 SIA 02 -TLC – Windows Server 2012 Active Directory and Dynamic Access Control Find Me Later At the Windows Server booth
Learning Connect. Share. Discuss. Microsoft Certification & Training Resources http: //europe. msteched. com www. microsoft. com/learning Tech. Net Resources for IT Professionals Resources for Developers http: //microsoft. com/technet http: //microsoft. com/msdn
Evaluations Submit your evals online http: //europe. msteched. com/sessions
Required Slide *delete this box when your slide is finalized Resource 1 Resource 2 Resource 3 Resource 4 Track PMs will supply the content for this slide, which will be inserted during the final scrub.
Matthias wollnik
Secure server access
Active directory dynamic access control
Terminal access controller access control system plus
Terminal access controller access-control system
Senior manager vs general manager
Portfolio manager synergy manager parental developer
Ca privileged access manager download
Ca privileged access manager download
Dynamic dynamic - bloom
Sbic program overview
Overview on the national tuberculosis elimination programme
Ma smart program overview
Synchronous dynamic ram
Avaya acccm
Gsa fleet management
Microsoft partner program manager
Microsoft partner program manager
Population health program manager
Principal program manager microsoft
Dynamic response in control systems
Traction control mc
Dynamic control software
Matthias thor
Matthias schleiden
Matthias schleiden facts
Matthias liepe cornell
Matthias loose
Msc marine biogeochemistry
Matthias kerl
Matthias fechner
Vsa lohntabelle
How apostles died
Matthias beller
Matthias schleiden clipart
Matthias gysler
Matthias perdekamp
Matthias schleiden
Matthias schleiden
Matthias kuder berlin
Matthias sablatnig
Ltp online
Matthias perdekamp
Uob biz smart
