Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Windows Security Enhancements


Published on

Das Bootverhalten von Windows 8 hat bereits für einige Diskussionen gesorgt. Wir schauen die Neuerungen und die Konsequenzen im Detail an und machen uns mit weiteren Security-Neuerungen wie User-Device Affinity für Profiles bekannt. Am Ende dieser Session kennen Sie die Security-Erweiterungen von Windows 8 und können die Vor- und Nachteile für Ihr Unternehmen einschätzen.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Windows Security Enhancements

  1. 1. Drive your life.Windows Security Enhancements Patrick Sommer
  2. 2. Add/remove Graphical Management Server Graphical Shell Desktop Experience Feature Tools and Infrastructure PowerShell Install-WindowsFeature Server-Gui-Mgmt-Infra Server-Gui-Shell Desktop-ExperienceUninstall-WindowsFeature
  3. 3. Compound ID Groups PAC contains a user’s User Claims group and claims information Groups PAC Device + Claims Device informationUser’s group memberships addedto PAC Authorization based on groupAuthorization based on group membership, user and devicemembership claims
  4. 4. Block cross forest delegation by setting netdom trust to “no” for /EnableTGTDelegationProtect backend services by setting services accountparameter – PrincipalsAllowedToDelegateToAccount
  5. 5. Sales UK Sales UK RW UK Sales US Sales US RW US Sales HI UK Sales HI UK RW Sales Managers HI US Sales HI US RW
  6. 6. No way to tag files and apply authorization and auditing based on file type No way to create ACLs based on expressions Requires complex group structures ACLs defined using groups Device state not supported in authorization decisions
  7. 7. Sales UK US
  8. 8.