Learning Microsoft Windows Server 2012 Dynamic Access Control
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Configuring Dynamic Access Control

The next steps will provide you with the main tasks to implement your first Dynamic Access Control configuration.

Create some test users in your Active Directory with a minimum of 10 users and:

  1. Define the Active Directory claim types.
  2. Country, Department, and Location for the folder structure decided earlier.
  3. Populate the three attributes for the 10 test users.
  4. Define the Resource properties for Country, Department, and Location.
  5. Define the Active Directory Access Rule as follows: 
    (Resource.Country equals User.Country) AND (Resource.Location equals User.Location) AND (Resource.Department equals User.Department)
  6. Build a Central Access Policy and deploy the Access Rule to the file servers.
  7. Build a Resource Property list, and deploy it to the file servers.
  8. Open an administrative PowerShell, and fire gpupdate /force and Update-FSRMClassificationPropertyDefinition on the file server.
  9. On the resources, apply the Resource properties correctly.

    Note

    Every folder gets a Country, Department, and Location stamp.

  10. Apply the Central Access Policy to the file shares.
  11. Apply the Access Rule to all the Country shares and the Location and Department folders.
  12. Try out whether access is allowed or not.

Note

Try to fix this first short solution with the help of the provided information on this chapter or use the following lab to give you some advice to solve this problem:

http://online.holsystems.com/Software/holLaunchPadOnline/holLaunchPadOnline.application?eng=TENA2013&auth=none&src=CommNet&altadd=true&labid=8697

上一章目录下一章