Windows Server 2012 Release Preview: Compelling new features

Much easier DirectAccess deployment and a full-scale dynamic access control system are among the key benefits.

By Jonathan Hassell, Computerworld |  Operating Systems, Microsoft, Windows Server

Additionally, you can create policies to restrict access based on the current department a user is assigned to
(as opposed to explicit security groups that would have to be updated regularly). Finally, you could create a
scenario where certain sectors of one organization could access only information pertaining to their work, a
situation that is common in financial institutions.

Central access policies work with the strategic placement of central audit policies, which basically back up the
access policies and prove an organization is in compliance. When you take any government or industry compliance
mandate and enter the conditions of that mandate into an audit policy, you can then retrieve instant reports to
prove that you're applying and maintaining a policy that accrues to the spirit of the regulation.

You can also see instances where access was granted inappropriately and, from there, fine-tune your policy
assignments to ensure those holes don't happen again. You can also spot scenarios where users or groups attempt to
access information (and are unsuccessful at it) -- which is helpful from a security standpoint, since it shows
where users need further education or consequences.

Access and audit policies work with the file classification infrastructure, which was introduced in Windows
Server 2008 R2 and enhanced in this latest build. By classifying files, you apply tags that indicate various
properties about them. The tags could be for the type of data, the type of regulation applying to the data, the
time limit the data could be valid for, the expiration date of any confidentiality restrictions on the data and so

The central access and audit policies work with these tags to determine, along with the file system ACLs, what
access can be granted to whom and on what conditions. For example, if you classify a certain folder as
HIPAA-sensitive because it contains patient medical data, then the central access policy would glom on to that tag
and activate when users attempt to access HIPAA information that the policy says should be restricted.

The audit policy would also key in to this activity and record the attempts, either successful or unsuccessful,
for further monitoring. In addition, Windows Server 2012 can now encrypt files automatically based on their
classification, so that all files with the HIPAA tag get encrypted automatically as soon as the tag is applied.
That encryption is maintained and can also be audited for compliance purposes.

This suite of facilities really enhances the way you can control access to information. It's no longer about
taking files or folders and making decisions about "yes, these people can" and "no, these people can't."

Originally published on Computerworld |  Click here to read the original story.
Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Operating SystemsWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question