Identity, Access Management, and Security (SEC)

TH12 Understanding Dynamic Access Control: The File Share, Reimagined and Compliance-Enabled (SEC)

March 7th, 2013

1:15PM - 2:30PM

Level: Intermediate

Mark Minasi

IT Consultant, Author, Speaker


The competition for the title of "most significant change in Server 2012" is a pretty tough one, but Dynamic Access Control (DAC) is almost certainly the winner. As you probably know, before 2012, we controlled access to file shares via group memberships -- if you were a member of the right group, you got to the share. You can still do that, but DAC adds many new ways to control access to a file share. You can require users to be members of multiple groups or you can forgo groups altogether -- and stave off a pernicious disease called "token bloat" -- by controlling access to shares based on particular Active Directory attributes. You can control access to a share based on the machine the user's sitting at. You can link access to a file based on file type and contents, as in "only allow access to files of type 'source code' to users with the title 'programmer.’” But wait, there's more... you can tell 2012 to automatically classify a file as being of type "source code" if it included the text "#include." But that's not all, not by any means. Windows' "effective access" page has become a useful access troubleshooting tool, and when you ARE denied access, a form can pop up and let you tell the share's owner why you should be granted access. Find out about this and a whole lot more with Mark Minasi, a guy who's been working with Microsoft file shares since 1985. DAC is big, but only Mark can explain it all in 75 minutes!

You will learn:

  • Quickly understand the Dynamic Access Control value proposition
  • DAC's seven central concepts with clear, simple, easily-repeated-back-at-the-office demonstrations
  • See how those seven pieces fit together to build a coherent set of access policy