MOAC 70-412: Configuring Advanced Windows Server 2012 Services
Lab 6
Implementing Dynamic Access Control
This lab contains the following exercises and activities:
Exercise 6.1 / Using Dynamic Access ControlExercise 6.2 / Implementing a Central Access Policy
Lab Challenge / Performing Access-Denied Remediation
Exercise 6.1 / Using Dynamic Access Control
Overview / In this exercise, you will configure Dynamic Access Control by enabling KDC support for claims and creating a resource property and resource rule.
Completion time / 40 minutes
Mindset Question: How does Dynamic Access Control allow you to secure files for an organization?
6. Take a screen shot of the KDC support for claims, compound authentication and Kerberos Armoring dialog box by pressing Alt+Prt Scr and then paste it into your Lab 6 worksheet file in the page provided by pressing Ctrl+V.
[copy screen shot over this text]
Question 1 / What is the default display name?Question 2 / What are the two classifications properties that have a global scope?
Question 3 / How many files and properties does the report show?
Question 4 / How many files and properties does the report show?
Question 5 / What is the Confidentiality set to?
52. Take a screen shot of the File Server Resource Manager by pressing Alt+Prt Scr and then paste it into your Lab 6 worksheet file in the page provided by pressing Ctrl+V.
[copy screen shot over this text]
Exercise 6.2 / Implementing a Central Access PolicyOverview / In this exercise, you will create and deploy a Central Access Policy, which is eventually applied using group policies.
Completion time / 30 minutes
Question 6 / What are the default basic permissions?
Question 7 / How is the condition displayed on the Advanced Security Settings for SharedFolder dialog box?
Lab REview Questions
Completion time / 10 minutes1. In Exercise 6.1,how is KDC enabled to support for claims?
2. In Exercise 6.1, what tool can be used to create and manage Dynamic Access Control?
3. In Exercise 6.1, to use Dynamic Access Control, what two components did you create?
4. In Exercise 6.1, what Windows component did you use to see how the classification rules were applied to a folder?
5. In Exercise 6.2,what program did you use to create a Central Access Policy?
6. In Exercise 6.2,what is used to apply the Central Access Policy?
Lab Challenge / Performing Access Denied RemediationOverview / To complete this challenge, you will describe how to enable access-denied remediation by writing the steps for the following scenario.
Completion time / 10 minutes
You have just established a Central Access Policy that identifies human resource documents and assign certain permissions to the documents. What steps would you use to enable Access–Denied Assistance so that when a user is denied access to a message, a customized message is displayed for the user to call the help desk for further assistance?
Write out the steps you performed to complete the challenge.