Create and Configure Resource Properties and Lists

We can create and configure resource properties and lists to specify extra properties that can be used on files and folders. A resource list simply contains one or more resource properties, both are created through Active Directory Administrative Center as we’ll see in the examples.

These are needed as part of a Dynamic Access Control (DAC) solution to create and configure central access rules.

Additional properties can be set on a file or folder using resource properties. This is similar to file classification but instead works at the domain level rather than only on the file server. We can use these resource properties to configure access to the file that they are applied to.


This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.


Create and Configure Resource Properties and Lists

First open Active Directory Administrative Center. This can be done through Server Manager > Tools > Active Directory Administrative Center, or by simply typing ‘dsac’ into PowerShell. Select Dynamic Access Control from the menu on the left, followed by Resource Properties.

Dynamic Access Control

Double click resource properties to enter it, we can see that there are many default Resource Properties already configured. These are all disabled by default, however we can enable them if needed by simply right clicking them and selecting enable.

Resource Properties

We can edit these existing resource properties or create new ones. To create a new Resource Property, select New from the menu on the right, followed by Resource Property. This will open the Create Resource Property window, as shown below.

Create Resource Property

In this instance we name our resource property City and fill in an optional description. We then define some suggested values that can be used for this resource property. Our new resource property shows up in the list with all of the others.

New Resource Properties

Now that we have a resource property, we can add it to a resource property list. Basically the list can contain one or more resource properties. By default the custom resource properties that we create are automatically added into the global resource property list, this is sent to all servers through group policy. We can view resource property lists by selecting Dynamic Access Control > Resource Property Lists, as shown below.

Resource Property List

After double clicking Resource Property Lists to enter it, we can select New from the menu on the right, followed by resource property list to create a new one. In this example we create a simple list called “Test List” which contains our “City” resource property that we just created.

Create Resource Property List

Once complete click OK to create the list, we should now see our newly created list along with the default global resource property list.

Resource Property List

Now if we run the below PowerShell cmdlet on the file server with FSRM installed, we can deploy the newly created resource property list to that file server.

Update-FSRMClassificationPropertyDefinition

If we open FSRM and view Classification Management > Classification Properties, we can see the City resource property that we created is shown. The scope is listed as global as it’s coming from AD rather than the local file server.

Classification Properties

This allows us to use the resource property to classify files and folders on all file servers throughout the domain. Creating a classification property in FSRM itself only applies to the local file server.

Summary

We have shown you how to create and configure resource properties and lists as part of Dynamic Access Control through Active Directory Administrative Center in Windows Server 2016. First create a resource property, then add this into a resource list which can be deployed to a file server.


This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>