July 09, 2012, 11:11 AM — In the first week of June, Microsoft released a near-final version of Windows Server 2012 alongside its client
brother, Windows 8 Release Preview. In the days since that release, I've been spending time thoroughly examining
some of the new features in the 2012 edition. Here's a preview of a few that I find particularly compelling.
These are in addition to those I've already described in my earlier review of the Windows Server 2012 beta
version -- multimachine management, numerous Hyper-V improvements, improved security and others. And it's worth noting, too, that the UI
is still set to change by the time the software hits the "release to manufacturing" (RTM) stage, so I'll reserve my
final judgment until then. At this point, I still believe that Metro is the wrong way to go for a server operating
system aimed at professional systems administrators.
Dynamic access control
In Windows Server 2012, dynamic access control (DAC) is a suite of features and utilities that work together to
augment the file system security that has been a part of Windows since the NT days. It joins classification, policy
enforcement, auditing and encryption as another way to protect all sorts of data from unauthorized access and
Let's take a look at how this works, starting with a couple of different types of policies.
First are the central access policies, which make up a layer of security that complements the existing access
control list (ACL) entries that we've come to know and love about the NT File System. These policies ride on top of
ACLs and add an additional layer of authorization to file and object access. They also pertain to all servers in an
organization, so they're applied very broadly and affect the entire business.
They also are more granular than specific file or folder ACLs and better translate to some of the business
requirements you're likely to face. These policies take into account the identity of the user, what type of device
the person is using for the access attempt and what kind of data is being accessed. It's more than just the
yes-or-no choice that ACLs force you to make.
This is one of the spots in Active Directory Domain Services where you can set up dynamic access control
For example, businesses could create policies that restrict access to a certain file or folder based on the
nature of the information, like data subject to HIPAA in the United States. This assists in overall organizational
compliance with government and industry regulations.