Shown at CeBIT 2016 Hall 11 booth F59/6

Better Access Control & Rights Management

by Dynamic Access Control (DAC)
in Windows Server 2012

File servers have remained unchanged for many years - clients accessed protected directories (shares and NTFS permissions), and that was it. From the perspective of IT risk management, the importance of controlling user access has increased hugely in recent times. Today it has become important to understand who is accessing files from where and with what kind of equipment. And it is equally important to assign differentiated rights to users and devices not only at the directory level, but also at the file level.

Opportunity makes the thief: It is not simply that files are accidentally placed in unprotected directories or those with flawed permissions. No, often it is "the enemy within" at work in the company.

- Bank employees copy confidential files for others,
- Mature industrial patent information finds its way to the competitor,
- Contractual information escapes into the wild

and the possible consequences of cloud computing can make manager’s hair stand on end.

As an example, the theft of tax data from Credit Suisse demonstrates that either users had higher access privileges than necessary or privileged users could perform activities should have been prevented (Source: KuppingerCole).

Lack of Opportunity prevents thievery: There is a common saying: "Trust is good but Control is better." In other words, that which is inaccessible has never seduced anyone and doesn’t cause undue remorse.

The need for better control of access privileges on file servers has now been addressed in Windows Server 2012 with the introduction of DAC (Dynamic Access Control) and FCI (File Classification Infrastructure).

Classification specifications can now be attached automatically to any file, thus enabling individual access privileges to be generated on a file-by-file basis according to a Central Access Policy (CAP).

But what about the classification of existing files? Who fills the gap in their metadata?

next step here or contact info(at)