Learning Microsoft Windows Server 2012 Dynamic Access Control电子书

Learning Microsoft Windows Server 2012 Dynamic Access Control

Table of Contents

Learning Microsoft Windows Server 2012 Dynamic Access Control

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Instant Updates on New Packt Books

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Getting in Touch with Dynamic Access Control

Business needs, purpose, and benefits

Inside the architecture of DAC

Building blocks

Infrastructure requirements

User and device claims

Expression-based access rules

Classification enhancements

Central Access and Audit policies

Access-denied assistance

Building your smart test lab

Configuring Dynamic Access Control

Summary

2. Understanding the Claims-based Access Model

Understanding claims

Claims support in Windows 8/2012 and newer

Kerberos authentication enhancements

Kerberos Armoring and Compound Authentication

Kerberos Armoring

Compound Authentication

Managing Claims and Resource properties

Naming conventions

Authoritative system and data validation

Administrative delegation

Resource properties

Using Claim Transformation and Filtering

Groups or DAC, let's extend our first solution

Summary

3. Classification and the File Classification Infrastructure

Map the business and security requirements

Different types and methods for tagging and classifying information

Manual Classification

Using the Windows File Classification Infrastructure

Data Classification Toolkit 2012

The Data Classification Toolkit wizard

The Data Classification Toolkit Claims wizard

Designing and configuring classifications

Summary

4. Access Control in Action

Defining expression-based Access policies

Deploying Central Access Policies

Protecting the legal department's information with Central Access Policies

Identifying a Group Policy and registry settings

Configuring FCI and Central Access Policies

Building a staging environment using proposed permissions

Applying Central Access Policies

Access Denied Remediation

Understanding the ADR process

ADR – a step-by-step guide

Summary

5. Auditing a DAC Solution

Auditing with conditional expressions

Claims-based Global Object Access Auditing

Monitoring your Dynamic Access Control scenarios

Configuring an effective auditing solution

Policy considerations

Extending the solution with System Center

Summary

6. Integrating Rights Management Protection

Windows 2012 AD RMS

Installing Rights Management Services

Rights Protected Folder

Classification-based encryption

Protecting your information with a combination

The rights management template

Encryption rule

Information access

Building the RPF example in your environment

File retention

AD RMS in a SAP environment

Summary

7. Extending the DAC Base Solution

Keeping Active Directory attributes up-to-date

Third-party tools for Dynamic Access Control

Classification

Central Access Policy

RMS Protection

Auditing

Using DAC in SharePoint

BYOD – using Dynamic Access Control

Summary

8. Automating the Solution

Identifying the complete solution

How other Microsoft products can assist you

Advanced architectures for Information Protection

Summary

9. Troubleshooting

Common misconfigurations

General troubleshooting

Domain Controller count

Data quality of Active Directory attributes

Checking the user and device claims

Domain connectivity

Advanced Security Editor

The order of entries in the Permissions tab

The Central Policy tab

FCI - resource conditions and resource properties

Access Control Lists

Advanced troubleshooting

Domain function level

Active Directory trust

Claim Transformation Policy (CTP)

Summary

Index