{"id":1531,"date":"2014-07-04T09:26:07","date_gmt":"2014-07-04T09:26:07","guid":{"rendered":"https:\/\/modern-workplace.uk\/\/?p=1531"},"modified":"2014-07-04T09:28:38","modified_gmt":"2014-07-04T09:28:38","slug":"published-linkedin-kerberos-windows-2012-favorite-monster-changed","status":"publish","type":"post","link":"https:\/\/modern-workplace.uk\/?p=1531","title":{"rendered":"Published on LinkedIn: Kerberos and Windows 2012: Our Favorite Monster Is Changed (Again)"},"content":{"rendered":"

I have just published an Active Directory \/ Kerberos dedicated post on LinkedIn. https:\/\/www.linkedin.com\/today\/post\/article\/20140704091030-1393501-kerberos-and-windows-2012-our-favorite-monster-is-changed-again<\/a> Here you can read the introductive paragraph<\/p>\n

\n

Kerberos and Windows 2012: Our Favorite Monster Is Changed (Again)<\/strong> Since Windows Server 2000,\u00a0Kerberos<\/strong>\u00a0protocol has been part of our day-to-day job. Its three heads (Key Distribution Center, the client user and the server hosting resources) are the gears that enable the single sign-on (SSO<\/strong>) used to authenticate on the domain and to access resources inside our corporate network. It works also outside our network boundaries, reaching the Cloud with DirSync and other additional features. \"Kerberos_1\"<\/a> Windows Server 2012 and Windows Server 2012 R2 have improved some existing features and have added some completely new scenarios related to security. A short list should include\u00a0Dynamic Access Control<\/strong>(DAC<\/strong>),\u00a0Kerberos Armoring<\/strong>\u00a0\/\u00a0Flexible Authentication Secure Tunneling<\/strong>\u00a0(FAST<\/strong>),\u00a0KDC Proxy Service<\/strong>\u00a0and\u00a0Kerberos Constrainded Delegation<\/strong>. I will use some high level scenarios, to explain what\u2019s new and why you should care about the aforementioned list. The objective here is not to give you the tech details, but just an idea of cool things you could achieve using Windows 2012.<\/p>\n

\n

Going Beyond\u00a0<\/strong>Limitations in\u00a0<\/strong>NTFS<\/strong> Our system to manage files and folders on a server has (basically) not changed since Windows NT 4. We create users and groups, assign permissions to them and manage sharing and exceptions, Meanwhile, we are trying to keep security alligned with organizations that change on a daily base. Windows 2012 has introduced KDC support for\u00a0claims<\/strong>\u00a0and the capability to\u00a0categorize\u00a0<\/strong>resources on our servers. To make an example, it is now possible to:<\/p>\n