Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Learning Microsoft Windows Server 2012 Dynamic Access Control
Learning Microsoft Windows Server 2012 Dynamic Access Control

Learning Microsoft Windows Server 2012 Dynamic Access Control: When you know Dynamic Access Control, you know how to take command of your organization's data for security and control. This book is a practical tutorial that will make you proficient in the main functions and extensions.

Arrow left icon
Profile Icon Jochen Nickel
Arrow right icon
$38.99
Paperback Dec 2013 146 pages 1st Edition
eBook
$19.99 $22.99
Paperback
$38.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Jochen Nickel
Arrow right icon
$38.99
Paperback Dec 2013 146 pages 1st Edition
eBook
$19.99 $22.99
Paperback
$38.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$19.99 $22.99
Paperback
$38.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Learning Microsoft Windows Server 2012 Dynamic Access Control

Chapter 2. Understanding the Claims-based Access Model

This chapter will explain the idea of identities and claims especially in the use of Windows 8 / Windows Server 2012 and higher. This chapter will also define how Kerberos Armoring and Compound Authentication works and how to manage claims and resource properties. Test lab will guide you to go deeper into the functionality of Dynamic Access Control (DAC). In this chapter you will learn about:

  • Understanding claims

  • Windows 8/ Windows Server 2012 and newer claims support

  • Kerberos Armoring and Compound Authentication

  • Managing claims and resource properties

  • Using Claim Transformation and Filtering

  • Groups or DAC, let's extend our first solution

By the end of this chapter you will have learned what a claim is and how to work with it. Furthermore, you will have configured a first advanced solution in the lab environment. The solution provides you an understanding about when to use groups or claims for authorization. Also, the situation in which a combination...

Understanding claims


Before we define what a claim is, we need to talk about identities. We can say that identity is a set of information that can uniquely identify anything and contains information about the subject's relationships to other entities. Identities, in general, are verified by using a trusted source of information. We can say a digital identity is a set of information to identify a person.

Now that we have defined the term identity, we can discuss a few examples about claims in the real and technical world. In general, claims are statements about an identity:

  • Passport: It is a common example; if you want to fly, you need to show your passport that contains information such as your name, address, date of birth, and a biometric photo. Each item is a claim made about you by the country issuing your passport. Your country ensures that the information in your passport is correct and can be trusted by other countries.

  • Bartender: In theory, he should check if you are of the required...

Claims support in Windows 8/2012 and newer


The following section gives a short introduction to the most important changes in the Kerberos protocol.

Kerberos authentication enhancements

The Kerberos authentication enhancements include:

  • Kerberos Security Support Provider (SSP)

    The main enhancement is placed in Kerberos.dll that includes user claims and device authorization. This functionality helps you to use your device information for authorizing access to a file or folder.

  • Key Distribution Center (KDC)

    KDC support claims.

  • Claim information within the Privilege Attribute Certificate (PAC) includes:

    • PAC in Pre-Windows 2012: It contains user and group membership security identifiers

    • PAC in Kerberos Ticket Granting Ticket (TGT): It contains information for a security principal and is optional for a device

  • NT Token sections

The part to the right of the preceding figure shows the new authentication token (2012 Token) that can be used. The main difference is that now devices and user claims can be used...

Kerberos Armoring and Compound Authentication


There are two major enhancements in the Kerberos authentication to provide a more secure Kerberos protocol and the chance to use the user and device claim for compound authentication. We will start with the Kerberos Armoring feature.

Kerberos Armoring

The Flexible Authentication Secure Tunneling (FAST) provides a protected channel between the Kerberos client and the KDC. You can see the protected channel marked with red lines in the following figure. In Windows 2012, FAST is called Kerberos Armoring and it is only available for Authentication Service (AS) and Ticket Granting Service (TGS) exchanges. The following figure gives you an idea about the conceptual architecture and the communication flow:

In Windows 2012, the following are the four Dynamic Access Control and Kerberos Armoring policy settings to configure the behavior of these settings, placed under Computer Configuration\ Policies \Administrative Templates\System\KDC:

  • Do not support Dynamic...

Managing Claims and Resource properties


As you already know, Dynamic Access Control is not a feature that can be quickly activated because you need to handle a lot of requirements and planning before you can productively use this feature. After knowing the real business needs and regulations, you need to apply one of the important planning steps.

After the identification of the claims and resource properties, you should think about the following information, because they are used for resource access decisions.

Naming conventions

One of the first things you should be aware of is a well-designed and working naming convention for different Active Directory objects and attributes:

  • Groups: They are File Service + Department + Read/Write (FIS-HR-RW).

  • Employee type: It can be FTE (Full Time Employee) or Vendor.

  • Title: It provides a list of used job titles inside your company (like Senior Developer or Principal Consultant).

  • Office: It provides structure to the attribute (for example, CH-ZURICH-B6F2O4...

Using Claim Transformation and Filtering


If you need to work with claims over organization boundaries, you will need Claim Transformation Policies (CTPs) and Filtering; an Active Directory trust relationship is also a requirement for such a scenario. One of the important requirements that challenge organizations is that in every forest you want to use claims, a Windows 2012 Domain Functional Level (DFL) is required.

Note

A Windows 2012 DFL means that only Windows 2012 Domain Controller or newer is allowed to be part of the domain. You can get more information at http://technet.microsoft.com/en-us/library/cc771294.aspx.

In our projects we have, for example, account forests and resource forests on a green field and in such a scenario, there is normally no problem to meet that requirement. Furthermore, there is always a good chance to meet these requirements when you bring the environments on an actual Operating System level and use the other advantages of Windows 2012. The following figure introduces...

Groups or DAC, let's extend our first solution


The next lab presents you with some challenges to get you familiar with Dynamic Access Control. Try the following things based on the knowledge you already have:

Extend the lab from Chapter 1, Getting in Touch with Dynamic Access Control, and solve the following problem:

  • First, you can use traditional group memberships as shown in the following figure.

  • Second, you can use Dynamic Access Control

Summary


After reading this chapter you should be able to define an identity and a claim because these are the two requirements for using Dynamic Access Control. Additionally, we tried to give a very quick overview of the Kerberos enhancement in Windows Server 2012 and we recommend that you read the additional information about Kerberos provided in this chapter to get deeper knowledge. It is just impossible to put all the information about Kerberos in this book. Also, think about the main decisions for managing claims and resource properties to get the right permissions at the right time, and for the right person. In the next chapter we will discuss the purpose of classifying information and the use of the FCI.

Left arrow icon Right arrow icon

Key benefits

  • Understand the advantages of using Dynamic Access Control and how it simplifies access control
  • Learn how to monitor, maintain, and secure your Dynamic Access Control environment
  • Troubleshoot and solve common misconfigurations and problems with professional techniques

Description

Identifying and classifying information inside a company is one of the most important prerequisites for securing the sensitive information of various business units. Windows Server 2012 Dynamic Access Control helps you not only to classify information, but it also gives you the opportunity and the functionality to provide a safe-net policy across your file servers, showing you some helpful ways of auditing and access denied assistance to improve usability. Understanding the architecture, the design, and implementing the solution, to troubleshooting will be covered in a practical and easy-to-read manner. This book is packed with project-based examples with plenty of information about the architecture, functionality, and extensions of Dynamic Access Control to help you excel in real-life projects. The book guides you through all the stages of a successful implementation of Dynamic Access Control. Microsoft Windows Server 2012 Dynamic Access Control will teach you everything you need to know to create your own projects, and is an essential resource for reviewing or extending already existing implementations. The book initially takes you through the task of understanding all of the functionality and extensions with ideas and overviews to help guide you in the decision process. The whole architecture will be explained in the main building blocks of Dynamic Access control. You will have a strong foundation and understanding of the claims model and Kerberos. Classifying information, the hardest part of the prerequisites to fulfil, is also covered in depth. You will also spend time understanding conditional expressions, and the method used to deploy them across your file server infrastructure. A special chapter is included for handling the data quality and the integration in other systems and strategies. Last, but not least, to get your solution up and running you will learn how to troubleshoot a Dynamic Access Control solution.

Who is this book for?

If you are an IT consultant/architect, system engineer, system administrator, or security engineers planning to implement Dynamic Access Control in your organization, or have already implemented it and want to discover more about the abilities and how to use them effectively, this book will be an essential resource. You should have some understanding of security solutions, Active Directory, Access Privileges/ Rights and Authentication methods, and a fundamental understanding of Microsoft technologies. Programming knowledge is not required but can be helpful for using PowerShell or the APIs to customize your solution.

What you will learn

  • Understand how Dynamic Access Control can help your organization control access to information
  • Identify and get to know the main building blocks and functionality of Dynamic Access Control
  • Create Central Access and Auditing Policies, including Transformation Policies
  • Classify information using different methods, including a deep dive into the File Classification infrastructure
  • Design and implement Rights Management integration
  • Extend your solution with third-party tools in particular for classification
  • Integrate Dynamic Access Control in SharePoint and other products
  • Discover the possibilities you get by using Dynamic Access Control for BYOD
  • Explore how other Microsoft solutions can be used as an enhancement of your solution
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Dec 26, 2013
Length: 146 pages
Edition : 1st
Language : English
ISBN-13 : 9781782178187
Vendor :
Microsoft
Languages :

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Publication date : Dec 26, 2013
Length: 146 pages
Edition : 1st
Language : English
ISBN-13 : 9781782178187
Vendor :
Microsoft
Languages :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 154.97
Network Analysis using Wireshark Cookbook
$54.99
Learning Microsoft Windows Server 2012 Dynamic Access Control
$38.99
Windows Server 2012 Automation with PowerShell Cookbook
$60.99
Total $ 154.97 Stars icon

Table of Contents

9 Chapters
Getting in Touch with Dynamic Access Control Chevron down icon Chevron up icon
Understanding the Claims-based Access Model Chevron down icon Chevron up icon
Classification and the File Classification Infrastructure Chevron down icon Chevron up icon
Access Control in Action Chevron down icon Chevron up icon
Auditing a DAC Solution Chevron down icon Chevron up icon
Integrating Rights Management Protection Chevron down icon Chevron up icon
Extending the DAC Base Solution Chevron down icon Chevron up icon
Automating the Solution Chevron down icon Chevron up icon
Troubleshooting Chevron down icon Chevron up icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the digital copy I get with my Print order? Chevron down icon Chevron up icon

When you buy any Print edition of our Books, you can redeem (for free) the eBook edition of the Print Book you’ve purchased. This gives you instant access to your book when you make an order via PDF, EPUB or our online Reader experience.

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela