Book Image

Learning Microsoft Windows Server 2012 Dynamic Access Control

By : Jochen Nickel
Book Image

Learning Microsoft Windows Server 2012 Dynamic Access Control

By: Jochen Nickel

Overview of this book

Identifying and classifying information inside a company is one of the most important prerequisites for securing the sensitive information of various business units. Windows Server 2012 Dynamic Access Control helps you not only to classify information, but it also gives you the opportunity and the functionality to provide a safe-net policy across your file servers, showing you some helpful ways of auditing and access denied assistance to improve usability. Understanding the architecture, the design, and implementing the solution, to troubleshooting will be covered in a practical and easy-to-read manner. This book is packed with project-based examples with plenty of information about the architecture, functionality, and extensions of Dynamic Access Control to help you excel in real-life projects. The book guides you through all the stages of a successful implementation of Dynamic Access Control. Microsoft Windows Server 2012 Dynamic Access Control will teach you everything you need to know to create your own projects, and is an essential resource for reviewing or extending already existing implementations. The book initially takes you through the task of understanding all of the functionality and extensions with ideas and overviews to help guide you in the decision process. The whole architecture will be explained in the main building blocks of Dynamic Access control. You will have a strong foundation and understanding of the claims model and Kerberos. Classifying information, the hardest part of the prerequisites to fulfil, is also covered in depth. You will also spend time understanding conditional expressions, and the method used to deploy them across your file server infrastructure. A special chapter is included for handling the data quality and the integration in other systems and strategies. Last, but not least, to get your solution up and running you will learn how to troubleshoot a Dynamic Access Control solution.
Table of Contents (16 chapters)
Learning Microsoft Windows Server 2012 Dynamic Access Control
About the Author
About the Reviewers

Kerberos Armoring and Compound Authentication

There are two major enhancements in the Kerberos authentication to provide a more secure Kerberos protocol and the chance to use the user and device claim for compound authentication. We will start with the Kerberos Armoring feature.

Kerberos Armoring

The Flexible Authentication Secure Tunneling (FAST) provides a protected channel between the Kerberos client and the KDC. You can see the protected channel marked with red lines in the following figure. In Windows 2012, FAST is called Kerberos Armoring and it is only available for Authentication Service (AS) and Ticket Granting Service (TGS) exchanges. The following figure gives you an idea about the conceptual architecture and the communication flow:

In Windows 2012, the following are the four Dynamic Access Control and Kerberos Armoring policy settings to configure the behavior of these settings, placed under Computer Configuration\ Policies \Administrative Templates\System\KDC:

  • Do not support Dynamic...