Security

MW05 An Introduction to Protecting Data with Dynamic Access Control

September 30th, 2013

1:00pm - 4:00pm

Level: Introductory

Mark Minasi

IT Consultant, Author, Speaker

MR&D

The competition for the title of "most significant change in Server 2012" is a pretty tough one, but Dynamic Access Control (DAC) is almost certainly the winner. As you probably know, before 2012, we controlled access to file shares via group memberships -- if you were a member of the right group, you got to the share. You can still do that, but DAC adds many new ways to control access to a file share. You can require users to be members of multiple groups or you can forgo groups altogether -- and stave off a pernicious disease called "token bloat" -- by controlling access to shares based on particular Active Directory attributes. You can control access to a share based on the machine the user's sitting at. You can link access to a file based on file type and contents, as in "only allow access to files of type 'source code' to users with the title 'programmer.'" But wait, there's more... you can tell 2012 to automatically classify a file as being of type "source code" if it included the text "#include." But that's not all, not by any means. Windows' "effective access" page has become a useful access troubleshooting tool, and when you ARE denied access, a form can pop up and let you tell the share's owner why you should be granted access. Find out about this and a whole lot more with Mark Minasi, a guy who's been working with Microsoft file shares since 1985. DAC is really big, but this talk covers it in the detail that you’ll need to get started using it back at your organization.