Book Image

Windows Server Security Essentials

Book Image

Windows Server Security Essentials

Overview of this book

Table of Contents (16 chapters)
Getting Started with Windows Server Security
About the Author
About the Reviewers

Dynamic Access Control

As mentioned before, Dynamic Access Control (DAC) was introduced in Windows Server 2012. There are some requirements to support DAC in an enterprise. You need to have at least one Windows Server 2012 Domain Controller and the Active Directory Forest Functional Level (FFL) must be at least Windows 2003. Also, before you can start using the benefits of DAC, the Kerberos Key Distribution Center (KDC) support for claims, compound authentication and Kerberos armoring setting must be enabled on all Domain Controllers.

On a higher level, the following steps are required to configure and implement a DAC mechanism in an Active Directory environment:

  • Enable KDC support

  • Create claim type

  • Create resource properties

  • Create Central Access Rule (CAR)

  • Create Central Access Policy (CAP)

  • Deploy Central Access Policy using GPO

  • Configure...