Microsoft made incremental changes to security auditing in Windows Server 2012. These enhancements include the ability to audit removable drive usage, to create expression-based audit policies, and to retrieve more detailed and meaningful audit log entries.
Access-Denied Assistance is a new feature in Windows Server 2012 that makes it easier for users to get help for “access denied” errors with shared file resources. On the other side of the equation, administrators are given clear information to resolve such permissions problems.
In the last part of this series about Dynamic Access Control (DAC) in Windows Server 2012 we use the Effective Access tool in Windows Server 2012 to test DAC.
In Part 4 of our Dynamic Access Control series we will develop and deploy a DAC Central Access Policy.
In the last post of my Dynamic Access Control (DAC) series I explained how to configure user user claims. Today we classify shared folders for DAC based upon a simple, real-world scenario.