Discover what´s new in Windows 8 Active Directory

2,501 views
2,456 views

Published on

More info on http://www.techdays.be.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,501
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
85
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Discover what´s new in Windows 8 Active Directory

  1. 1. Disclaimer: everything in this talk is based on the Developer Preview released for //Build
  2. 2. Virtualization That Just Works• Active Directory works equally well in physical, virtual or mixed environments Simplified Deployment of Active Directory• Complete integration of environment preparation, role installation and DC promotion into a single UI• DCs can be deployed rapidly to ease disaster recovery and workload balancing• DCs can be deployed remotely on multiple machines from a single Windows 8 machine• Consistent command-line experience through Windows PowerShell to enable automation of deployment tasks Simplified Management of Active Directory• GUI that simplifies complex tasks such as recovering a deleted object or managing password policies• Active Directory Windows PowerShell viewer shows the commands for actions performed in the GUI• Active Directory Windows PowerShell support for managing replication and topology data
  3. 3. Demo
  4. 4. Demo
  5. 5. Site SiteLink SiteLinkBridge SubnetConnection
  6. 6. Demo
  7. 7. Demo
  8. 8. Growth of users Budget and data Constraints Distributed Regulatory and computing Business Compliance ? ?
  9. 9. CSO/CIO Infrastructure Content Owner IW department Support “Is my important “I don’t know data “I don’t know if I“I need to have what data is in appropriately am complying the right my repositories protected and with my compliance and how to compliant with organization’scontrols to keep control it” regulations – how polices” me out of jail” do I audit this”
  10. 10. Plumb claims into the core Authentication platform via Kerberos with Active Directory Enhance Authorization platform for files to author and manage richer access policies with claims Enhance audit platform for files to drive efficient Audit controls across the Enterprise Project User & Device Claims for consumption by .NET appsImprove File Management infrastructure for Files in Win8
  11. 11. User claims Device claims Resource properties User.Department = Finance Device.Department = Finance Resource.Department = Finance User.Clearance = High Device.Managed = True Resource.Impact = High ACCESS POLICY Applies to: @Resource.Impact == “High”Allow | Read, Write | if (@User.Clearance == “High”) AND (@Device.Managed == True)
  12. 12. Windows 8 Token Owner GroupUser Groups ClaimsDevice Groups Claims
  13. 13. Windows 7 New in Windows 8 Example• No expressions in ACL Support for Expression User.memberOf (USA-Employees) AND User.memberOf (Finance-Division)• Led to group bloat with ‘AND’/’OR ’ primitives AND User.memberOf (Authorization-Project)• ACLs only based on groups User.Division = ‘Finance’ Support for User Claims from AD• Led to group bloat AND User.CostCenter = 20000• No ability to control access Support for Static Device Claims User.Division = ‘Finance’ based on device state from AD AND Device.ITManaged = True• No way to target policy Target Policy based on IF (Resource.Impact = ‘HBI’) based on Resource Type Resource Type ALLOW AU Read User.EmployeeType = ‘FTE’ • Claims support in ACEs managed as SDDL strings • Added / removed from SDDL strings via standard string manipulation functions
  14. 14. Windows 8 Active Directory Resource Property DefinitionsContent ownerApplications Windows 8 File Server
  15. 15. Claim Windows 8 Definitions Active Directory Resource Property Definitions Access policy AllowEnd User / Deny Windows 8 File Server
  16. 16. Demo
  17. 17. Claim Windows 8 Definitions Active Directory Resource Property Definitions Audit Policy AuditEnd User / No Audit Windows 8 File Server
  18. 18. http://be-id.blogspot.com

×