compdigit44
asked on
Windows 2012 - Central Access Policy Manual Classification
In my lab environment I and practicing using Windows 2012 Central Access Policies.
I am able to get automatic classification to work but not manual.
Here is what I have done.
-The claim type : country is enabled
-Resource Property for County is set and suggested values of US and Canada
On my lab server when I right click on a folder and select classification I get the following message:
"There are no properties defined in the system an no properties were found in the selected files"...
I am able to get automatic classification to work but not manual.
Here is what I have done.
-The claim type : country is enabled
-Resource Property for County is set and suggested values of US and Canada
On my lab server when I right click on a folder and select classification I get the following message:
"There are no properties defined in the system an no properties were found in the selected files"...
ASKER
Thanks!!!!
For the suggested values for a claim, should the suggested value be listed under the Claims-Type or Resource-Property?
For the suggested values for a claim, should the suggested value be listed under the Claims-Type or Resource-Property?
It can be in either, if using it for a file server like you are doing it would be under resource property.
For those not working in 2012 for this comp added US and Canada under suggest values for resource properties.
Thanks
Mike
For those not working in 2012 for this comp added US and Canada under suggest values for resource properties.
Thanks
Mike
ASKER
Thanks..
I just find it a bit of confusing that you can list Suggest Value under the claim-type and resource properties. But if I am understanding you correctly, if you want to use DAC for file shares you should place the suggest values under the resource properties. When would you place suggested values under claim type? Maybe when using AD FS??
I just find it a bit of confusing that you can list Suggest Value under the claim-type and resource properties. But if I am understanding you correctly, if you want to use DAC for file shares you should place the suggest values under the resource properties. When would you place suggested values under claim type? Maybe when using AD FS??
I think the confusing aspect is why the adoption rate hasn't been higher and people are just used to NTFS permissions as we have used these for so long.
You could use claim type if you want the claims for the users. For example if you type
whoami /claims it will not be populated without claim types being defined
You also have to set the GP for "Support for CBAC and Kerberos armoring"
Do you mind if I use this question for a few blog entries...you are one of the first learning about DAC so nice work!
Thanks
Mike
You could use claim type if you want the claims for the users. For example if you type
whoami /claims it will not be populated without claim types being defined
You also have to set the GP for "Support for CBAC and Kerberos armoring"
Do you mind if I use this question for a few blog entries...you are one of the first learning about DAC so nice work!
Thanks
Mike
ASKER
Thanks for your reply. I am actually studying for my MCSE 2012 upgrade exam and have setup a Lab environment so I can actually work hands-on on what i am studying.
I am still bit confused of when you would apply the "suggest values" to resource properties vs. Claim-type..
Would you mind explains this further.
Feel free to post this question on your blog!!!! ;-)
I am still bit confused of when you would apply the "suggest values" to resource properties vs. Claim-type..
Would you mind explains this further.
Feel free to post this question on your blog!!!! ;-)
They are for different things, the resource property is for the folders/files, claims are for the user objects for example.
ASKER
For example you would specific suggested values in claims-type for: ADFS????
That I'm not sure for ADFS...don't want to blow smoke and make up an answer. I look at it more of using it inside DAC not in conjunction with ADFS.
Thanks
Mike
Thanks
Mike
ASKER
Still confused on this but i believe you are trying to convey the following:
If you want to use a DAC to control file share access they added Suggest Values to the Resourse Property list.
What is the difference between the different resource property typesin DAC?
If you want to use a DAC to control file share access they added Suggest Values to the Resourse Property list.
What is the difference between the different resource property typesin DAC?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So a Reference Resource Property object, pulls it's suggest values from the Claim-type directly so the Reference Resource Property object could be used for DAC on file share or any other type of claims aware app then correct???????
Update-FsrmClassificationP
http://technet.microsoft.com/en-us/library/jj900657.aspx
Thanks
Mike