Active Directory: configuring dynamic access control – DAC

Windows Server 2012R2 Windows Server 2016 Windows Server 2019

Dynamic access control: customize the error message

The customization of the error message is done using a group policy by activating two settings, as for the publication of the central access policy, I used the Default Domain Policy, in production it is advised to dedicate a Group Policy (GPO) for these settings.

From a control, create or modify a group policy at the domain root level, right-click on it 1 and click on Modify 2.

Go to the Assistance in the event of access denied 1 folder located in Computer Configuration / Policies / Administrative Templates / System.

Open the Enable access denied assistance for all file types 1 setting by double-clicking on it.

Activate 1 the parameter then click on Apply 2 and OK 3.

Open the Customize access denied error message 1 parameter by double-clicking on it.

Activate 1 the parameter then configure the options 2. To finish click on Apply 3 and OK 4.

The settings are enabled.

Refresh group policies on the file server and clients.

You should receive a customize error message when accessing a denied file.