Active Directory: configuring dynamic access control – DAC

Windows Server 2012R2 Windows Server 2016 Windows Server 2019

Publish the central access policy

Now that the central access rules and policies are created and configured, the policies must be published, this operation is done by GPO (group policy).

In the LAB, I used the Default Domain Policy, in production, I advise you to create a group policy dedicated to the publication of central access policies placed at the root of the domain.

Create and / or modify a group policy, to do this right-click on it 1 and click on Modify 2.

Open the Central Access Policy 1 container located in Computer Configuration / Windows Settings / Security Settings / File System.

In the central zone, right-click and click on Manage centralized access policies 1.

Choose the central access policy (s) 1 and click on the Add button 2.

With the strategies selected, click OK 1.

The policy or policies published by the GPO are visible in the central part 1.

Close the group policy management editor. Overview of Group Policy (GPO) settings.

On the file server (s) where you want to use DAC, force an update of the group policies using the gpupdate command.