Windows Server 2012: Dynamic Access Control
Windows Server 2012: Dynamic Access Control
// LON-DC1 -> login as adatum/administrator
// Configure Claims
1) [Windows Server 2012] > [Server Manager] > Tools > Active Directory Administrative Center > Dynamic Access Control - (double-click) Claim Types > (right-hand side) Claim Types - New > Create Claim Type - Source Attribute > Display Name: department | Value Type: String | Belongs to: user, computer | ID: Department > Display name: HR department | Claims of this type can be issued for the following classes: (x) User > OK >
2) [Windows Server 2012] > [Server Manager] > Tools > Active Directory Administrative Center > Dynamic Access Control - (double-click) Claim Types > (right-hand side) Claim Types - New > Create Claim Type - Source Attribute > Display Name: description | Value Type: Multi Valued | Belongs to: user, computer | ID: Description > Display name: description1 | Claims of this type can be issued for the following classes: (x) User > OK >
3) After completing Steps 1) & 2) , you'll see:- under Active Directory Administrative Center > Dynamic Access Control - Claim Types:-
Display name: | ID: | Source Type: | Source:
description1 ad://ext/description1:88d2... Attribute Description
HR department ad://ext/HRdepartment:88... Attribute Department
// Configure Resource Properties
4) [Windows Server 2012] > [Server Manager] > Tools > Active Directory Administrative Center > Dynamic Access Control - Resource Properties >
Display name: | ID: | Referenced: | Value Type:
(double-click) Department Department_MS No Single Valued Choice
4) i) Department - General > Suggested Values > Add > Add a suggested Value - Value: research | Display name: research > OK >
// Configure Access Rules
5) [Windows Server 2012] > [Server Manager] > Tools > Active Directory Administrative Center > Dynamic Access Control - (click) Central Access Rules > (right-hand side) Central Access Rules - New > Central Access Rule > Create Central Access Rule - General > Name: Department Match 1 | (x) Protect from accidental deletion > OK
// LON-DC1 -> login as adatum/administrator
// Configure Claims
1) [Windows Server 2012] > [Server Manager] > Tools > Active Directory Administrative Center > Dynamic Access Control - (double-click) Claim Types > (right-hand side) Claim Types - New > Create Claim Type - Source Attribute > Display Name: department | Value Type: String | Belongs to: user, computer | ID: Department > Display name: HR department | Claims of this type can be issued for the following classes: (x) User > OK >
2) [Windows Server 2012] > [Server Manager] > Tools > Active Directory Administrative Center > Dynamic Access Control - (double-click) Claim Types > (right-hand side) Claim Types - New > Create Claim Type - Source Attribute > Display Name: description | Value Type: Multi Valued | Belongs to: user, computer | ID: Description > Display name: description1 | Claims of this type can be issued for the following classes: (x) User > OK >
3) After completing Steps 1) & 2) , you'll see:- under Active Directory Administrative Center > Dynamic Access Control - Claim Types:-
Display name: | ID: | Source Type: | Source:
description1 ad://ext/description1:88d2... Attribute Description
HR department ad://ext/HRdepartment:88... Attribute Department
// Configure Resource Properties
4) [Windows Server 2012] > [Server Manager] > Tools > Active Directory Administrative Center > Dynamic Access Control - Resource Properties >
Display name: | ID: | Referenced: | Value Type:
(double-click) Department Department_MS No Single Valued Choice
4) i) Department - General > Suggested Values > Add > Add a suggested Value - Value: research | Display name: research > OK >
// Configure Access Rules
5) [Windows Server 2012] > [Server Manager] > Tools > Active Directory Administrative Center > Dynamic Access Control - (click) Central Access Rules > (right-hand side) Central Access Rules - New > Central Access Rule > Create Central Access Rule - General > Name: Department Match 1 | (x) Protect from accidental deletion > OK
Comments
Post a Comment