http://mschnlnine.vo.llnwd.net/d1/inetpub/kevinremde/KROmniture.htmSo you have files to secure…
And forever you’ve been using security groups in Active Directory, and file and/or share permissions in Access Control Lists (ACLs), right?
“Uh huh. What’s wrong with that?”
Nothing. But what if I were to tell you that you have some new and very flexible options available to you now in Windows Server 2012?
In Server 2012 we introduce a capability called Dynamic Access Control. Basically, the idea is to give you the ability to grant or deny access based on more than just security groups and permissions. For example, your user accounts in Active Directory have details such as Department or Country, so why can’t you use those items to apply permissions?
And maybe there are certain aspects of some documents that we could dynamically detect, and assign usage rights to those documents based on those aspects. For example, a document that contains some set of numbers that looks like a U.S. Social Security number. Based on that, we would grant access to the document to only a very select set of individuals.
“That sounds very useful! Where can I go to learn more?”
I’m glad you asked. In today’s installment of “31 Days of our Favorite Things”, my friend and coworker Brian Lewis gives a good description of Dynamic Access Control in Windows Server 2012.
Does Dynamic Access Control interest you? Are you going to start looking at file security in a more dynamic way now? Let’s talk about it in the comments!