Book Image

Windows Server Security Essentials

Book Image

Windows Server Security Essentials

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Windows Server Security Essentials
Feb, 2015 | 240 pages
No titles found
Table of Contents (16 chapters)
Getting Started with Windows Server Security
Getting Started with Windows Server Security
Credits
Credits
About the Author
About the Author
Acknowledgments
Acknowledgments
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Operating System and Baseline Security
Operating System and Baseline Security
Microsoft Windows Server
Baseline and security
Summary
2
Native MS Security Tools and Configuration
Native MS Security Tools and Configuration
Microsoft SCM
Administering Microsoft SCM
Creating and implementing security policies
Exporting GPO from Active Directory
Importing GPO into SCM
Merging imported GPO with the SCM baseline policy
Exporting the SCM baseline policy
Importing a policy into Active Directory
Maintaining and monitoring the integrity of a baseline policy
Application control and management
Summary
3
Server Roles and Protocols
Server Roles and Protocols
Server types and roles
Managing servers using Server Manager
Server Message Block
Summary
4
Application Security
Application Security
File or data server
Print server
Hyper-V servers
Internet Information Services
Summary
5
Network Service Security
Network Service Security
Baseline policies
Dynamic Host Configuration Protocol
Service accounts
Enhanced Mitigation Experience Toolkit
Summary
6
Access Control
Access Control
Dynamic Access Control
Summary
7
Patch Management
Patch Management
Microsoft Windows Server Update Services
Summary
8
Auditing and Monitoring
Auditing and Monitoring
Auditing
Monitoring
Summary
Index
Index

Dynamic Access Control

As mentioned before, Dynamic Access Control (DAC) was introduced in Windows Server 2012. There are some requirements to support DAC in an enterprise. You need to have at least one Windows Server 2012 Domain Controller and the Active Directory Forest Functional Level (FFL) must be at least Windows 2003. Also, before you can start using the benefits of DAC, the Kerberos Key Distribution Center (KDC) support for claims, compound authentication and Kerberos armoring setting must be enabled on all Domain Controllers.

Note

The details of DAC can be found at http://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx.

On a higher level, the following steps are required to configure and implement a DAC mechanism in an Active Directory environment:

  • Enable KDC support

  • Create claim type

  • Create resource properties

  • Create Central Access Rule (CAR)

  • Create Central Access Policy (CAP)

  • Deploy Central Access Policy using GPO

  • Configure...

Previous Section
End of Section 2
Next Section