Learning Microsoft Windows Server 2012 Dynamic Access Control
()
About this ebook
Related to Learning Microsoft Windows Server 2012 Dynamic Access Control
Related ebooks
The Real Citrix CCA Exam Preparation Kit: Prepare for XenApp 5.0 Rating: 2 out of 5 stars2/5Microsoft Vista for IT Security Professionals Rating: 0 out of 5 stars0 ratingsMicrosoft Exchange Server 2013 High Availability Rating: 0 out of 5 stars0 ratingsSecuring Office 365: Masterminding MDM and Compliance in the Cloud Rating: 0 out of 5 stars0 ratingsInstant Citrix XenApp Rating: 5 out of 5 stars5/5Microsoft System Center Orchestrator 2012 R2 Essentials Rating: 0 out of 5 stars0 ratingsMicrosoft SQL Server 2012 with Hadoop Rating: 1 out of 5 stars1/5Active Directory Domain Services A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsMicrosoft Virtualization: Master Microsoft Server, Desktop, Application, and Presentation Virtualization Rating: 0 out of 5 stars0 ratingsMobile Vulnerability Management Tools A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsEMC Isilon A Complete Guide Rating: 0 out of 5 stars0 ratingsMCA Modern Desktop Administrator Study Guide: Exam MD-101 Rating: 0 out of 5 stars0 ratingsHelp Desk Software Tools A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsThe Real MCTS/MCITP Exam 70-640 Prep Kit: Independent and Complete Self-Paced Solutions Rating: 2 out of 5 stars2/5Microsoft Security Essentials Second Edition Rating: 0 out of 5 stars0 ratingsBeginning SQL Server Reporting Services Rating: 0 out of 5 stars0 ratingsSingle Sign On A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsLow-level design A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsAdobe Photoshop: The world's best imaging and photo editing software Rating: 0 out of 5 stars0 ratingsWindows 2000 Active Directory Rating: 0 out of 5 stars0 ratingsWindows Server 2012 Hyper-V Cookbook Rating: 0 out of 5 stars0 ratingsMicrosoft Windows Intune 2.0: Quickstart Administration Rating: 0 out of 5 stars0 ratingsMicrosoft Exchange Server 2013 Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsWindows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform Rating: 0 out of 5 stars0 ratingsResponsive Web Design A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsWindows 8 A Step By Step Guide For Beginners: Discover the Secrets to Unleash the Power of Windows 8! Rating: 0 out of 5 stars0 ratingsAzure Active Directory B2B Collaboration A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsPro Exchange 2019 and 2016 Administration: For Exchange On-Premises and Office 365 Rating: 0 out of 5 stars0 ratingsData Recovery Rating: 0 out of 5 stars0 ratings
Enterprise Applications For You
Excel Formulas and Functions 2020: Excel Academy, #1 Rating: 4 out of 5 stars4/5Microsoft Outlook 2016/2019/365 User Guide Rating: 5 out of 5 stars5/5Learn SQLite in 24 Hours Rating: 0 out of 5 stars0 ratingsExcel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5QuickBooks 2023 All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsBitcoin For Dummies Rating: 4 out of 5 stars4/5Excel Formulas That Automate Tasks You No Longer Have Time For Rating: 5 out of 5 stars5/5Notion for Beginners: Notion for Work, Play, and Productivity Rating: 4 out of 5 stars4/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Learn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsChatGPT Ultimate User Guide - How to Make Money Online Faster and More Precise Using AI Technology Rating: 0 out of 5 stars0 ratingsExcel 2019 Bible Rating: 4 out of 5 stars4/5Essential Office 365 Third Edition: The Illustrated Guide to Using Microsoft Office Rating: 3 out of 5 stars3/550 Useful Excel Functions: Excel Essentials, #3 Rating: 5 out of 5 stars5/5Data Governance: How to Design, Deploy and Sustain an Effective Data Governance Program Rating: 4 out of 5 stars4/5ConfigMgr - An Administrator's Guide to Deploying Applications using PowerShell Rating: 5 out of 5 stars5/5Excel 2016 For Dummies Rating: 4 out of 5 stars4/5Access 2019 For Dummies Rating: 0 out of 5 stars0 ratingsEnterprise AI For Dummies Rating: 3 out of 5 stars3/5Change Management for Beginners: Understanding Change Processes and Actively Shaping Them Rating: 5 out of 5 stars5/5QuickBooks 2024 All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsCreate Income through Self-Publishing: An Author's Approach on Generating Wealth by Self-Publishing Rating: 5 out of 5 stars5/5Excel 2019 For Dummies Rating: 3 out of 5 stars3/5Mastering QuickBooks 2020: The ultimate guide to bookkeeping and QuickBooks Online Rating: 0 out of 5 stars0 ratings
Reviews for Learning Microsoft Windows Server 2012 Dynamic Access Control
0 ratings0 reviews
Book preview
Learning Microsoft Windows Server 2012 Dynamic Access Control - Jochen Nickel
Table of Contents
Learning Microsoft Windows Server 2012 Dynamic Access Control
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Instant Updates on New Packt Books
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Getting in Touch with Dynamic Access Control
Business needs, purpose, and benefits
Inside the architecture of DAC
Building blocks
Infrastructure requirements
User and device claims
Expression-based access rules
Classification enhancements
Central Access and Audit policies
Access-denied assistance
Building your smart test lab
Configuring Dynamic Access Control
Summary
2. Understanding the Claims-based Access Model
Understanding claims
Claims support in Windows 8/2012 and newer
Kerberos authentication enhancements
Kerberos Armoring and Compound Authentication
Kerberos Armoring
Compound Authentication
Managing Claims and Resource properties
Naming conventions
Authoritative system and data validation
Administrative delegation
Resource properties
Using Claim Transformation and Filtering
Groups or DAC, let's extend our first solution
Summary
3. Classification and the File Classification Infrastructure
Map the business and security requirements
Different types and methods for tagging and classifying information
Manual Classification
Using the Windows File Classification Infrastructure
Data Classification Toolkit 2012
The Data Classification Toolkit wizard
The Data Classification Toolkit Claims wizard
Designing and configuring classifications
Summary
4. Access Control in Action
Defining expression-based Access policies
Deploying Central Access Policies
Protecting the legal department's information with Central Access Policies
Identifying a Group Policy and registry settings
Configuring FCI and Central Access Policies
Building a staging environment using proposed permissions
Applying Central Access Policies
Access Denied Remediation
Understanding the ADR process
ADR – a step-by-step guide
Summary
5. Auditing a DAC Solution
Auditing with conditional expressions
Claims-based Global Object Access Auditing
Monitoring your Dynamic Access Control scenarios
Configuring an effective auditing solution
Policy considerations
Extending the solution with System Center
Summary
6. Integrating Rights Management Protection
Windows 2012 AD RMS
Installing Rights Management Services
Rights Protected Folder
Classification-based encryption
Protecting your information with a combination
The rights management template
Encryption rule
Information access
Building the RPF example in your environment
File retention
AD RMS in a SAP environment
Summary
7. Extending the DAC Base Solution
Keeping Active Directory attributes up-to-date
Third-party tools for Dynamic Access Control
Classification
Central Access Policy
RMS Protection
Auditing
Using DAC in SharePoint
BYOD – using Dynamic Access Control
Summary
8. Automating the Solution
Identifying the complete solution
How other Microsoft products can assist you
Advanced architectures for Information Protection
Summary
9. Troubleshooting
Common misconfigurations
General troubleshooting
Domain Controller count
Data quality of Active Directory attributes
Checking the user and device claims
Domain connectivity
Advanced Security Editor
The order of entries in the Permissions tab
The Central Policy tab
FCI - resource conditions and resource properties
Access Control Lists
Advanced troubleshooting
Domain function level
Active Directory trust
Claim Transformation Policy (CTP)
Summary
Index
Learning Microsoft Windows Server 2012 Dynamic Access Control
Learning Microsoft Windows Server 2012 Dynamic Access Control
Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: December 2013
Production Reference: 1191213
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78217-818-7
www.packtpub.com
Cover Image by Aniket Sawant (<aniket_sawant_photography@hotmail.com>)
Credits
Author
Jochen Nickel
Reviewers
Marin Frankovic
Khaled Laz
Dario Liguori
Acquisition Editor
Kevin Colaco
Commissioning Editor
Priyanka S.
Technical Editors
Menza Mathew
Rahul U. Nair
Nachiket Vartak
Copy Editors
Roshni Banerjee
Sarang Chari
Karuna Narayanan
Kirti Pai
Shambhavi Pai
Alfida Paiva
Project Coordinator
Sageer Parkar
Proofreaders
Maria Gould
Paul Hindle
Indexer
Priya Subramani
Production Coordinator
Shantanu Zagade
Cover Work
Shantanu Zagade
About the Author
Jochen Nickel is an Identity and Access Management Solution Architect working for inovit GmbH in Switzerland, and every day he tries to understand new business needs of his customers, to provide better, more comfortable, and more flexible Microsoft Identity and Access Management Solutions.
He has been working on a lot of projects, proof of concepts, reviews, and workshops in this field of technology. Furthermore, he is a Microsoft V-TSP Security, Identity and Access Management, Microsoft Switzerland, and uses his experience for the directly managed business accounts in Switzerland. He has also been an established speaker at many technology conferences.
Jochen is very focused on Dynamic Access Control, Direct Access, Forefront UAG/TMG, ADFS, Web Application Proxy, AD RMS, and the Forefront Identity Manager. Committed to continuous learning, he holds Microsoft certifications such as MCT, MCSE/A, MCTS, MTA, and many other security titles. He enjoys spending as much time as possible with his family to get back the energy to handle such interesting technologies.
For more information about Microsoft Windows Server 2012 Dynamic Access Control, you can visit my blog at http://blog.idam.ch.
Thanks to my dear colleagues from Microsoft and my business partner for supporting me and helping me to handle this great technology. Also, thanks to my lovely family for giving me the time to realize such projects.
About the Reviewers
Marin Frankovic was born in Makarska in 1976, where he completed his elementary schooling and part of high school. He graduated from high school in the USA, where he attended his senior year as an exchange student. In 2003, he earned a Mag. oec. degree from Faculty of Economics, Zagreb, majoring in Business Computing. As a student, he volunteered in the faculty's IT department for a year as technical support. After obtaining his degree, Marin started as a Microsoft MOC and an IBM ACE instructor in the largest private IT education company, Algebra. There, he also started as a consultant for infrastructure, virtualization, and cloud computing based on Microsoft technologies. Later on, when Algebra opened a private college for Applied Computing, he took on the position of Head of the Operating Systems department, and undertook the responsibility of creating the course curriculums and managing several lecturers and assistants. He also does lectures on several key courses in the system administration track. For five years in a row, Microsoft honored him with an MVP title for System Center and Datacenter Management. Marin is a regular speaker on all regional conferences, such as Windays, KulenDayz, MobilityDay, NT Konferenca, MS Network, DevArena, and so on. In 2011, he was awarded the Microsoft ISV award for his contribution to the Microsoft community. Marin regularly writes technical articles for IT magazine Mreža. His main interests today are cloud computing, virtualization as its core component, and resource consolidation based on Microsoft technologies, such as Windows Server and System Center applications.
Khaled Laz is an IT professional working for CCC, the largest construction company in the Middle East.
His experience focuses on troubleshooting and maintenance of IT networks. He holds more than a dozen certificates in the IT field, such as CCNA, MCITP, MCSE, MCSA, and many others.
Together with his extensive experience, he is a qualified expert in the