Information Technology Reference
In-Depth Information
DAC also gives administrators the ability to control file access by using a central access
policy. This central access policy will also allow an administrator to set up audit access to
files for reporting and forensic investigation.
DAC allows an administrator to set up Active Directory Rights Management Service
(AD RMS) encryption for Microsoft Office documents. For example, you can set up
encryption for any documents that contain financial information.
DAC gives an administrator the flexibility to configure file access and auditing to
domain-based file servers. To do this, DAC controls claims in the authentication token,
resource properties, and conditional expressions within permission and auditing entries.
Administrators have the ability to give users access to files and folders based on Active
Directory attributes. For example, a user named Dana is given access to the file server share
because in the user's Active Directory (department attribute) properties, the value contains
the value Sales.
For DAC to function properly, an administrator must enable Windows 8
computers and Windows Server 2012/2012 R2 file servers to support
claims and compound authentication.
Using Group Policy for Security
Through the use of Group Policy settings, system administrators can assign thousands of
different settings and options for users, groups, and OUs. Specifically, in relation to secu-
rity, you can use many different options to control how important features, such as pass-
word policies, user rights, and account lockout settings, can be configured.
The general process for making these settings is to create a Group Policy object (GPO)
with the settings that you want and then link it to an OU or other Active Directory object.
Table 7.2 lists many Group Policy settings, which are relevant to creating a secure Active
Directory environment. Note that this list is not comprehensive—many other options are
available through Windows Server 2012 R2 administrative tools.
Table 7.2
Group Policy settings used for security purposes
Setting section
Setting name
Purpose
Enforce Password
History
Specifies how many passwords will be
remembered. This option prevents users
from reusing the same passwords whenever
they're changed.
Account Policies
➢
Password Policy
Minimum Password
Length
Prevents users from using short, weak pass-
words by specifying the minimum number of
characters that the password must include.
Account Policies
➢
Password Policy
Search WWH ::
Custom Search