First published on TechNet on May 29, 2012
Hi all,
Ned
here. Our friend Nir has another
new DAC-related post up
, this time on the File Cab blog:
Getting started with Central Access Policies - Reducing security group complexity and achieving...
If you need a reason to go read this, consider the following quote:
"So, we have 2,000 groups, 2,000 ACLs and many groups that are affected by a person changing a role not to mention the complexity of adding another level (say Branch) or the implications if we want to change the folder structure.
With Dynamic Access Control, you can cut the number of groups down from 2,000 to 71 (50 for country, 20 for department and 1 for sensitive data access). This is made possible by the ability to use expressions in Windows ACL. For example: You would use
MemberOf (Spain_Security_Group) AND MemberOf (Finance_Security_Group) AND MemberOf(Sensitive_Security_Group)
to limit access to Spain’s finance department sensitive information."
Get on over there and
give it a read.
I swear we are going to post some original content here at some point. Just crushed under the load.
- Ned "sock puppet" Pyle
