Chapter 1. Getting in Touch with Dynamic Access Control

Dynamic Access Control (DAC) is a complete, end-to-end solution to secure information access and is not just another new feature of Windows Server 2012. DAC can really help you to solve some daily problems you may have in giving access to data on distributed file servers. For example, Jack works on a project called Ikarus, and he needs some information from the marketing department, but Jack is not really a member of that department. Therefore, you are going to build some security groups to solve this request, and a complex group scenario starts to exist, because the groups and their memberships will grow and in each case become more and more complex. In addition, it is always a challenge to audit and monitor such a solution. You might know situations such as "Who had access to the sensitive finance information on June 1, 2013?" Or the wonderful "access denied" message a user encounters that leads them to ask for access to a particular piece of information. Immediately you start searching to provide the Chief Information Security Officer (CISO) of the organization the right information for evidence on who the owner of this information is for the CISO or the data owner to decide whether or not to give the user proper access. These are a few short examples that we will discuss in the following chapters to give you a broad overview. Do not forget that we will go in deep in the following chapters.

The topics we will cover in this chapter are: