Dynamic Access Control

advertisement
Dynamic Access Control
the file server, reimagined
1
Dynamic Access Control
2
High-Level Benefits
3
High-Level Benefits
4
Approach
5
DAC Examples
6
DAC Joins Share and NTFS Perms
7
DAC Appears in Two Places
8
New Concepts/Skills
10
New Concepts/Skills
11
"And's" in Permissions
12
Making "And" Work
13
Our Opening Situation
14
15
16
17
18
New Permission
19
20
21
Next, Consider Claims
22
Making an AD Attribute a Claim
23
Promoting AD Attribs to Claims
24
Example: Make "Office" a Claim Type
25
Giving “Office” a Suggested Value (1)
26
Giving “Office” a Suggested Value (2)
27
Giving “Office” a Suggested Value (3)
28
Giving “Office” a Suggested Value (4)
29
Using Claims
30
Creating a Claims-Based ACE
31
Using Claims
32
33
How Does the File Server Know?
o Update-FSRMClassificationpropertyDefinition
34
One More Thing for Claims…
o whoami /claims
35
Seeing Claims and Setting Values
36
37
Is Using Claims Secure?
39
Now Your Workstation Counts, Too
40
File Classification
42
How to Classify Files?
43
ADAC and DAC
44
Enabling an Existing Property
45
Choosing Two Built-in Properties
46
And Once You’ve Chosen Them…
47
Tell the File Server
update-fsrmclassificationpropertydefinition
48
Example ACE with Resources
49
How Do You Set a Property?
50
Classification UI
51
If You Classify a Folder…
52
Home-Grown Properties
o update-fsrmclassificationpropertydefinition
53
54
Automatic Classification
55
Create the Rule (1)
56
Create the Rule (2)
57
Create the Rule (3)
58
Specifying Expression to Match
59
Re-Evaluation Rules
60
Apply the Rule
61
FSRM Classification Report
62
FSRM Classification Report
63
When You Run the Classifier…
64
Regular Expression Example
65
When Does it Happen?
o start-fsrmclassification
66
Back to the Big Picture
67
Contrived but Complete Example
68
Central Access Rules and Policies
69
To Follow Along…
70
More Specific Task List
71
Central Access Rules and Policies
72
73
Where To Make the Conditions
74
Creating a Resource Condition
75
Creating a Resource Condition
76
The Resource Condition is Visible
77
Create the User Condition
78
This Part Should Look Familiar
79
As Should This One…
80
A CAR is Born
81
Next, Create the CA Policy
82
Making a CAP
83
Adding a CAR
84
The new CAP
85
Deploy/Publish the CAP
86
87
Installing the CAP in the GPO
88
Deploy the GPO
89
CAP Installed
90
Testing CAPs
91
92
Using the Staged Permissions
93
Sample 4818
94
Thanks for Coming!
95
Download
Related flashcards

Neonatology

55 cards

Neonatology

54 cards

Pediatricians

20 cards

Pediatric cancers

12 cards

Create Flashcards