Windows 2012 Dynamic Access Control ( 動態存取控管 )
7
Windows 2012 Dynamic Access Control ( 動動動動動動 )
description
Windows 2012 Dynamic Access Control ( 動態存取控管 ). Dynamic Acess Control (DAC) ,微軟 15 年 來對 file server 權限控管 最重要的功能改進 …… perhaps the most important addition to the new Microsoft 2012 server said Principal Program Manager Nir Ben-Zvi. 比較以前和現在的做法. files. Groups. - PowerPoint PPT Presentation
Transcript of Windows 2012 Dynamic Access Control ( 動態存取控管 )
![Page 1: Windows 2012 Dynamic Access Control ( 動態存取控管 )](https://reader036.fdocuments.us/reader036/viewer/2022081419/568142b1550346895daef2e9/html5/thumbnails/1.jpg)
1 Proprietary & Confidential
Windows 2012 Dynamic Access Control
( 動態存取控管 )
![Page 2: Windows 2012 Dynamic Access Control ( 動態存取控管 )](https://reader036.fdocuments.us/reader036/viewer/2022081419/568142b1550346895daef2e9/html5/thumbnails/2.jpg)
2
Dynamic Acess Control (DAC) ,微軟 15 年來對 file server 權限控管最重要的功能改進…… perhaps the most important addition to the newMicrosoft 2012 server said Principal Program Manager Nir Ben-Zvi
![Page 3: Windows 2012 Dynamic Access Control ( 動態存取控管 )](https://reader036.fdocuments.us/reader036/viewer/2022081419/568142b1550346895daef2e9/html5/thumbnails/3.jpg)
3
以前 : 針對每一台 file server ,個別透過 AD group 對應ACL( 存取控制清單 ) ,決定誰可以存取檔案及權限 。多台、大量 group 建置、套用及維護。檔案離開 file server 無法再控管 !
比較以前和現在的做法
![Page 4: Windows 2012 Dynamic Access Control ( 動態存取控管 )](https://reader036.fdocuments.us/reader036/viewer/2022081419/568142b1550346895daef2e9/html5/thumbnails/4.jpg)
4
(continued..)
現在 : Dynamic Access Control 。集中管理 file server , 大量減少 AD group 。例“ user= 財務部” & ” 文件等級 =機密” & “ 財務部電腦”可存取財務部檔案 ; 即依宣告(Claims) 之陳述條件 (conditional expressions) ,授予不同使用者不同的存取權限。檔案離開 file server 仍可控管 !
![Page 5: Windows 2012 Dynamic Access Control ( 動態存取控管 )](https://reader036.fdocuments.us/reader036/viewer/2022081419/568142b1550346895daef2e9/html5/thumbnails/5.jpg)
5
Dynamic Access Control
Step 1 檔案分類
Step 2 動態存取控管 (on top ACL 上 )
![Page 6: Windows 2012 Dynamic Access Control ( 動態存取控管 )](https://reader036.fdocuments.us/reader036/viewer/2022081419/568142b1550346895daef2e9/html5/thumbnails/6.jpg)
6
Step 3 存取稽核
Step 4 加密 ( 如需要 )