4. Virtualization That Just Works
• Active Directory works equally well in physical, virtual or mixed environments
Simplified Deployment of Active Directory
• Complete integration of environment preparation, role installation and DC promotion into a
single UI
• DCs can be deployed rapidly to ease disaster recovery and workload balancing
• DCs can be deployed remotely on multiple machines from a single Windows 8 machine
• Consistent command-line experience through Windows PowerShell to enable automation of
deployment tasks
Simplified Management of Active Directory
• GUI that simplifies complex tasks such as recovering a deleted object or managing password
policies
• Active Directory Windows PowerShell viewer shows the commands for actions performed in
the GUI
• Active Directory Windows PowerShell support for managing replication and topology data
29. Growth of users Budget
and data Constraints
Distributed Regulatory and
computing Business
Compliance
?
?
30. CSO/CIO Infrastructure Content Owner IW
department Support
“Is my important
“I don’t know data “I don’t know if I
“I need to have what data is in appropriately am complying
the right my repositories protected and with my
compliance and how to compliant with organization’s
controls to keep control it” regulations – how polices”
me out of jail” do I audit this”
31.
32.
33. Plumb claims into the core Authentication platform via Kerberos with Active Directory
Enhance Authorization platform for files to author and manage richer access policies
with claims
Enhance audit platform for files to drive efficient Audit controls across the Enterprise
Project User & Device Claims for consumption by .NET apps
Improve File Management infrastructure for Files in Win8
34. User claims Device claims Resource properties
User.Department = Finance Device.Department = Finance Resource.Department = Finance
User.Clearance = High Device.Managed = True Resource.Impact = High
ACCESS POLICY
Applies to: @Resource.Impact == “High”
Allow | Read, Write | if (@User.Clearance == “High”) AND (@Device.Managed == True)
35. Windows 8 Token
Owner
Group
User Groups
Claims
Device Groups
Claims
36. Windows 7 New in Windows 8 Example
• No expressions in ACL Support for Expression User.memberOf (USA-Employees)
AND User.memberOf (Finance-Division)
• Led to group bloat with ‘AND’/’OR ’ primitives AND User.memberOf (Authorization-Project)
• ACLs only based on groups User.Division = ‘Finance’
Support for User Claims from AD
• Led to group bloat AND User.CostCenter = 20000
• No ability to control access Support for Static Device Claims User.Division = ‘Finance’
based on device state from AD AND Device.ITManaged = True
• No way to target policy Target Policy based on IF (Resource.Impact = ‘HBI’)
based on Resource Type Resource Type ALLOW AU Read User.EmployeeType = ‘FTE’
• Claims support in ACEs managed as SDDL strings
• Added / removed from SDDL strings via standard string manipulation functions
37.
38. Windows 8
Active Directory Resource
Property
Definitions
Content owner
Applications Windows 8
File Server
39. Claim
Windows 8 Definitions
Active Directory Resource
Property
Definitions
Access
policy
Allow
End User /
Deny
Windows 8
File Server