g mac chapter05
DESCRIPTION
TRANSCRIPT
- 1. Managing File Access Chapter 5 70-290
2. Objectives
- Identify and understand the differences between the various file systems supported in Windows Server 2003
- Create and manage shared folders
- Understand and configure the shared folder permissions available in Windows Server 2003
- Understand and configure the NTFS permissions available in Windows Server 2003
3. Objectives (continued)
- Determine the impact of combining shared folder and NTFS permissions
- Convert partitions and volumes from FAT to NTFS
4. Windows Server 2003 File Systems
- Three main file systems
-
- File Allocation Table (FAT)
-
- FAT32
-
- NTFS
- Final choice of file system depends on
-
- How system will be used
-
- Whether there are multiple operating systems
-
- Security requirements
- NTFS is most highly recommended
5. FAT
- Used by MS-DOS
- Supported by all versions of Windows since
- Traditionally limited to partitions up to 2 GB
-
- Windows Server 2003 version supports partitions up to 4 GB
- Limitations
-
- Small partition sizes
-
- No file system security features
-
- Disk space usage is poor
6. FAT32
- A derivative of the FAT file system
- Supports partition sizes up to 2 TB
- Still does not provide advanced security features
-
- Cannot configure permissions on file and folder resources
7. NTFS
- Introduced with Windows NT operating system
- Current version (version 5)
-
- Windows NT 4.0
-
- Windows 2000
-
- Windows XP
-
- Windows Server 2003
- Theoretically supports partition sizes of up to 16 Exabytes (EB)
-
- Practically supports maximum partition sizes from 2 TB to 16 TB
8. NTFS (continued)
- Advantages of NTFS
-
- Greater scalability and performance on larger partitions
-
- Support for Active Directory on systems configured as domain controllers
-
- Ability to configure security permissions on individual files and folders
-
- Built-in support for compression and encryption
-
- Ability to configure disk quotas for individual users
-
- Support for Remote Storage
-
- Recovery logging of disk activities
9. Creating and Managing Shared Folders
- Shared folder
-
- A data resource made available over a network to authorized network clients
-
- Specific permissions required for creating, reading, modifying
- Groups that can create shared folders:
-
- Administrators
-
- Server Operators
-
- Power Users (only on member servers)
10. Creating and Managing Shared Folders
- Several ways to create shared folders
- Two important methods
-
- Windows Explorer Interface
-
- Computer Management console
-
-
- Also allows shared folders to be monitored
-
11. Using Windows Explorer
- Used since Windows 95
- Can create, maintain, and share folders
- Folders can be on any drive connected to the computer
- Folders are shared in Windows Explorer by accessing the Sharing tab of folders properties
12. Using Windows Explorer (continued) 13. Activity 5-1 Creating a Shared Folder Using Windows Explorer 14. Creating a Shared Folder Using Windows Explorer
- Objective is to create a shared folder using Windows Explorer
- Open Explorer from Start menu
- Use Explorer to create and configure a new folder
- Verify folder usingnet viewcommand
- Open Explorer from command line for alternative verification
15. Activity 5-1 (continued) 16. Using Windows Explorer (continued)
- Shared name of folder does not have to be the actual file name
- Hand icon used to indicate shared status
- Shared folders can be hidden from My Network Places and Network Neighborhood
-
- Place dollar sign ($) after name, e.g., Salary$
-
- Number of hidden administrative shares created automatically at installation
17. Using Windows Explorer (continued) 18. Using Windows Explorer (continued) 19. Using Computer Management
- Computer Management console is a pre-defined Microsoft Management Console (MMC)
-
- Allows you to share and monitor folders for local and remote computers
-
- Allows you to stop sharing if desired
20. Using Computer Management (continued)
- Share a Folder Wizard
-
- Used to create folders in Shared Folders section of Computer Management
-
- Used to provide preconfigured or manual permissions
-
-
- All users have read-only access
-
-
-
- Administrators have full access; others have read-only access
-
-
-
- Administrators have full access; others have read and write access
-
-
-
- Custom share and folder permissions
-
21. Activity 5-2 Creating and Viewing Shared Folders Using Computer Management 22. Creating and Viewing Shared Folders Using Computer Management
- Objective is to create and view shared folders using Computer Management
- Open Computer Management and the Shared Folders node
- Open Shares folder and note hidden files and other file types
23. Activity 5-2 (continued) 24. Activity 5-2 (continued)
- Open the Share a Folder Wizard
- Configure the folder attributes
- Configure the folder permissions
- Verify folder accessibility from command line
25. Activity 5-2 (continued) 26. Monitoring Access to Shared Folders
- Monitoring involves
-
- Who is using shared files
-
- What shared files are open at any given time
- Other functions
-
- Disconnect users from a share
-
- Send network alert messages
- Primary monitoring tool is Computer Management
27. Monitoring Access to Shared Folders 28. Managing Shared Folder Permissions
- A shared folder has a discretionary access control list (DACL)
-
- Contains a list of user or group references that have been allowed or denied permissions
-
- Each reference is an access control entry (ACE)
-
- Accessed from Permissions button on Sharing tab of folders properties
- Permissions only apply to network users, not those logged on directly to local machine
29. Managing Shared Folder Permissions (continued) 30. Managing Shared Folder Permissions
- To deny access to a user or group
-
- Windows Server 2003 does not include No Access share permission
-
- Must explicitly deny access to each individually
- Default permission is read access for Everyone group
-
- Should be immediately addressed when a share is created
- Folder permissions are inherited by all contained objects
31. Activity 5-3 Implementing Shared Folder Permissions 32. Implementing Shared Folder Permissions
- Objective is to use shared folder permissions to control access to resources
- In this exercise, you configure permissions on a shared folder to implement specific requirements:
-
- Domain Admins group has Full Control permission
-
- Marketing Users group has Change permission
-
- Other users have no access
33. NTFS Permissions
- Resources located on an NTFS partition or volume can be given NTFS permissions
- An administrator must
-
- Know how permissions are applied
-
- Standard and special NTFS permissions available
-
- How effective permissions are determined
34. NTFS Permission Concepts
- NTFS permissions are configured via the Security tab
- NTFS permissions are cumulative
- Access denial always overrides permitted access
- NTFS folder permissions are inherited unless otherwise specified
- NTFS permissions can be set at file or folder level
35. NTFS Permission Concepts
- A new ACE has default permission
-
- Read and Read and Execute for files
-
- List Folder Contents for folders
- Windows Server 2003 has set of standard permissions plus special permissions
36. NTFS Permission Concepts 37. Activity 5-4 Implementing Standard NTFS Permissions 38. Implementing Standard NTFS Permissions
- Objective is to configure and test NTFS permissions on a local folder
- Implement standard NTFS permissions on a folder
- Review default permissions
- Explore behavior of permission inheritance
39. Special NTFS Permissions
- Can provide more or less access than standard permissions
- Special permissions accessed from Advanced button in the Security tab on Properties dialog box for resource
- Permission Entry dialog box enables assignment of permissions and control of inheritance settings
40. Special NTFS Permissions 41. Special NTFS Permissions
- Inheritance settings
-
- This folder only
-
- This folder, subfolders, and files (default)
-
- This folder and subfolders
-
- This folder and files
-
- Subfolders and files only
-
- Subfolders only
-
- Files only
42. Special NTFS Permissions 43. Special NTFS Permissions 44. Activity 5-5 Configuring Special NTFS Permissions 45. Configuring Special NTFS Permissions
- Objective is to view, configure, and test special NTFS permissions
-
- Deny a group the ability to read the NTFS permissions associated with a folder
-
- Verify that access has been denied
46. Determining Effective Permissions
- Permissions that actually apply to a user can be the result of membership in multiple groups
- Prior to Windows Server 2003, determining effective permissions was done manually
- In Windows Server 2003, there is an Effective Permissions tab in Advanced Security Settings dialog box for resource
-
- Shows specific permissions for a user or group
47. Determining Effective Permissions 48. Activity 5-6 Determining Effective NTFS Permissions 49. Determining Effective NTFS Permissions
- Objective is to view effective permissions for a user on an NTFS folder
- Open the Effective Permissions tab for a test folder
- Enter the name of the user
- Review the permissions specifically granted to that user for that folder
- Repeat with a group
50. Combining Shared Folder and NTFS Permissions
- NTFS permissions can be combined with share permissions
-
- When accessing a share across a network, if both apply, use most restrictive
-
- When accessing a file locally, only NTFS permissions apply
51. Activity 5-7 Exploring the Impact of Combined Shared Folder and NTFS Permissions 52. Exploring the Impact of Combined Shared Folder and NTFS Permissions
- Objective is to determine effective permissions when combining shared folder and NTFS permissions
- Create a folder with both permissions
- Attempt to create a new folder locally and over the network
53. Converting a FAT Partition to NTFS
- For highest security, partitions and volumes should be configured to use NTFS
- Command-line utility, CONVERT, will convert FAT or FAT32 partitions and volumes to NTFS
- All existing files and folders are retained
- CONVERT cannot convert NTFS to FAT or FAT32
54. Activity 5-8 Converting a FAT32 Partition to NTFS 55. Converting a FAT32 Partition to NTFS
- Objective is to convert a FAT32 partition to NTFS file system
- Create a small FAT32 partition on server (using New Partition Wizard)
- Create new file and folder on the partition
- Use CONVERT to convert the partition to NTFS
- Review permissions on the converted folder
56. Summary
- Windows Server 2003 supports 3 file systems
-
- FAT
-
- FAT32
-
- NTFS (preferred)
- Two types of permissions
-
- Shared folder (network only)
-
-
- Tools are Windows Explorer, Computer Management, and NET SHARE command
-
-
- NTFS (local and network)
-
-
- NTFS partitions only
-
57. Summary
- Permissions
-
- Shared folders, 3 standard permissions
-
- NTFS, 6 standard and 14 special permissions
-
-
- Permissions are cumulative
-
-
-
- Effective permissions can be determined from Advanced Security Settings of a resource
-
-
- Shared folder and NTFS permissions can be combined
- CONVERT utility can convert a FAT or FAT32 partition to the NTFS file system
58. 59. 60.