Windows 2012 Dynamic Access Control, What comptuer claim type supports domain membership?

I like to limit access to share by AD domain membership so that only AD domain computer can access the share. What claim type is usually used for this ?

I was trying to use 'objectSID'  which contains domain SID, but in Clain Type to select, it doesn't exist.
Who is Participating?
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
Device claims are supported in Windows 8+ clients only.
Open Group Policy Management and navigate to Domain.
Right-click the Default Domain Controllers Policy and select Edit.
In the Group Policy Management Editor window, navigate to Computer Configuration, > Administrative Templates, System, and Kerberos.
Select Enable KDC support for claims, compound authentication, and Kerberos armoring.
Click OK. Close Group Policy Management.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.