Active Directory How To: Implementing the New Windows Server 2012 DAC

Need to know? Now you do!


Microsoft has identified Dynamic Access Control (DAC) as one of the most important new features in Windows Server 2012 because it's designed to provide better security, risk-management, and auditing policies in Active Directory by enabling more granular methods of authorization and authentication. DAC does this by providing more flexibility in how files are classified, secured, accessed, and governed, based on various attributes and conditions applied within Active Directory.

Despite these major improvements in how the new Windows Server can let you implement policies, DAC requires extensive changes, as noted in Redmond Editor Jeffrey Schwartz's January 2013 cover story, "Group Control". As a result, it will take time before many enterprises implement DAC widely due to the complexity and planning it requires.


However, DAC will become an important part of any Windows enterprise in the future for a number of reasons. The most obvious benefit to Active Directory admins is that it implements security without using security groups. As a result, I've spent a great amount of time exploring DAC, and I'll explain what you need to know to start implementing it.

Many organizations have a complex web of groups and nested groups, many of which they've forgotten about or ignored. I recall one company I worked with that said its proliferation of security groups became so difficult to manage that it didn't know who had domain admin rights -- and it was afraid to fix the situation because the whole infrastructure might come unraveled.

Read the rest of the article and see how to do it.


Last modified on Friday, 02 August 2013 11:07

Da Boss!

Website: Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.