Your SlideShare is downloading. ×
IT103Microsoft Windows XP/OS Chap08
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

IT103Microsoft Windows XP/OS Chap08

575
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
575
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • This chapter discusses shared folders and shared folder security. We will examine why shared folders are used, how they are configured, and how security is applied. We will discuss how clients access shared folders and how shared folder permissions combine with NTFS permissions. We will also examine offline files and Web folders and their uses for traveling or remote users.
  • Shared folders make it possible to access files across the network. Server systems make shared folders available to client computers.
  • Shared folders have three basic permissions: Read, Change, and Full Control. It is possible, as with NTFS permissions, to also deny a permission, with the same effect as Deny for NTFS. As with NTFS, it is best to use Deny only to support exception policies, and you should be sure to document use of Deny to prevent later confusion.
  • As you discuss the points on this slide, also mention that access to a file system via shared folders includes the same access to any subfolders. Be sure to discuss the security exposures created by allowing Everyone access to folders and files. As you present this chapter, emphasize the importance of replacing Everyone with Users or Authenticated Users.
  • This slide shows how access to a higher-level shared folder can provide access to lower-level folders. Administrators in this example have Full Control access to all folders when they access the hidden administrative root shares; the other groups have access only to lower-level folders.
  • This slide lists best practices for shared folders. Consolidating data that requires like permissions into folders and assigning permissions to groups of users greatly simplifies the process of assigning permissions. Use of intuitive share names makes is simpler for users to locate the folders they need.
  • When you assign permissions to a folder, consider the effects of multiple permissions. Permissions are the sum of all the permissions assigned to groups that the user belongs to. Deny overrides all other permissions. When share permissions are combined with NTFS permissions, the effective permission is the more restrictive of the two. When a shared folder is renamed or moved, the folder is no longer shared. It must be shared again manually. When a shared folder is copied, the copy is not shared.
  • In Windows XP Professional, only Administrators and Power Users can share folders. In addition, the user who shares a folder must have at least the Read NTFS standard permission to the folder.
  • This slide depicts using the Create Shared Folder Wizard to add a shared folder. This wizard lets you create and set basic permissions on a share all at once. You can access the wizard from the Shared Folders snap-in in Computer Management.
  • This slide shows the Sharing tab of a folder’s Properties dialog box. Note the Permissions button. We will discuss configuring shared folder permissions in a later slide.
  • This slide shows the NET SHARE command in use. If time permits, display the NET SHARE /? command to explore some of its available options. Note how the NET SHARE options map to options in the Create Shared Folder Wizard and the Sharing tab of the Properties dialog box for a folder.
  • This slide depicts the Shared Folders snap-in with the default administrative folders displayed. Show your students how to connect to administrative shares, and describe uses for each share. Explain that the dollar sign ($) “hides” the share.
  • This slide describes the three main ways to stop sharing folders. As you discuss each one, demonstrate the operation in the appropriate application. Remind students to have connected users disconnect from the share before stopping a share, to protect data files in the share.
  • You can create multiple shares for one folder for different types of access. Suppose you have an application folder that you access with Read permission for day-to-day operations. If you need Change permission to carry out maintenance tasks, you can create both shares and use the Read version for normal operations. When you need to perform maintenance, you can connect to the Change share.
  • Universal Naming Convention (UNC) paths consist of the server name followed by the share name and any subfolders. They are used to specify the share for mapped drives or for direct access from applications.
  • You can access shared folders by browsing My Network Places and finding the share, by mapping a drive in Windows Explorer (if you know the share path), or from a command line. You can also open a share by entering the UNC path in the Run dialog box (opened via the Start menu).
  • This slide depicts the result of combining NTFS permissions and shared folder permissions. Discuss this scenario and perhaps run through a few additional examples. Many organizations share folders with Full Control and control all permissions via NTFS. This simplifies control because only one set of permissions is considered.
  • Shared folder monitoring is done in the Shared Folder snap-in in Computer Management or another custom MMC console. Step through some of the operations you can perform in Shared Folders. Demonstrate disconnecting a user, sending a message to a user, and disconnecting all users.
  • To support the discussion in the previous slide, this slide shows Computer Management being used to monitor Shared Folders.
  • You can enable offline files by clicking the Caching button on the Sharing tab of a folder’s Properties dialog box. This allows a client computer to cache files in the folder for offline use. This is a great tool for organizations with mobile users. It allows the documents to be changed from outside the office, with changes being synchronized when the user returns.
  • This slide depicts enabling the client system for offline files. If Fast User Switching is enabled on a system, you are prompted to disable it before you can enable offline files.
  • You configure offline files by selecting Make Available Offline from the shortcut menu for the file. If automatic caching is enabled, each file you access from a configured folder on the server will be cached on the client. By default, 10 percent of the client’s free space is made available for caching offline files.
  • In Windows Explorer or My Computer, click Tools and select Synchronize to display the Items To Synchronize dialog box. You can then click the Setup button to configure synchronization. As you progress through the frames on this slide, discuss Logon/Logoff settings and On Idle settings. The slide ends with a shot of a synchronization event in progress.
  • Web folders use Web Distributed Authoring and Versioning (WebDAV) to allow users to read and write files to a folder served from IIS. WebDAV clients such as Internet Explorer 5 and later and Microsoft Office XP and later can use Web folders as if they were file system folders. In the next few slides, we will discuss setting up this service.
  • If classroom equipment allows, install IIS in the Windows Components section of Add/Remove Programs. As you do, discuss installation of this service from a security perspective. Since our application is using the WWW service, you would naturally forego installing FTP and SMTP services. Also, stress immediate application of Windows Updates to patch any known vulnerabilities in IIS. If the Windows Firewall is enabled on the classroom computer, be sure that firewall exceptions are configured to allow Web serving.
  • This slide shows the Internet Management console for IIS. You can launch it from the Administrative Tools folder or from the Run dialog box (by entering IIS.msc in the Run dialog box and clicking OK ) . This console is nearly identical to that for IIS 6, so users familiar with that interface will find this one familiar. Virtual folders and server settings can be configured in the same ways as in IIS 6. If you have time, consider a short tour of the settings for the default Web site.
  • This slide depicts sharing a Web folder using the Web Sharing tab of a folder’s Properties dialog box. This tab is added when you install IIS. After you apply the change, the Edit Alias dialog box appears, allowing you to apply security settings on the folder. The last frame in the slide shows the Directory Security dialog box in IIS with Integrated Windows authentication enabled. This setting ensures that secure authentication methods are used when allowing access to these folders. As you step through these frames, discuss the various permissions and settings. Explain why Integrated Windows authentication is more secure than basic authentication. Also suggest using SSL if basic authentication is a requirement, to avoid transmitting passwords in the clear.
  • This slide shows Internet Explorer’s Open dialog box opening a Web folder. Explain that failure to select Open As Web Folder will cause the browser to open the folder as a Web site (read-only).
  • This slide and the next summarize this chapter’s slides. As you present these items, ask for details about shared folders and offline files to determine their level of comprehension. Emphasize again the security risk of leaving Everyone:Read in place. Ask if students have any questions about combined NTFS/share permissions.
  • Mention to students that little has been written about IIS in Windows XP. Encourage them to work with IIS to become familiar with how it works.
  • Transcript

    • 1. CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8
    • 2. OVERVIEW
      • Create and remove shared folders
      • Control access to shared folders
      • Analyze and troubleshoot combined permissions
      • Manage and troubleshoot offline files
      • Manage and troubleshoot Web server resources
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 3. SHARED FOLDERS Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 4. Shared folders….
      • Shared folders make it possible to access files across the network.
      • Server systems make shared folders available to client computers.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 5. SHARED FOLDER PERMISSIONS Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 6. Shared folder permissions….
      • Shared folders have three basic permissions:
      • Read, Change, and Full Control.
      • It is possible, as with NTFS permissions, to also deny a permission, with the same effect as Deny for NTFS. As with NTFS, it is best to use Deny only to support exception policies, and you should be sure to document use of Deny to prevent later confusion.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 7. SHARED FOLDER PERMISSIONS (CONTINUED)
      • Apply to folders only (not files).
      • Do not restrict local access to resources.
      • Only permission available for FAT.
      • Default permission is Everyone/Read.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 8. Important Security Note!
      • Please replace the [Everyone] group with
      • [Users or Authenticated Users].
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 9. SHARED FOLDER PERMISSIONS (CONTINUED) Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 10. Detail on the previous slide
      • The previous slide shows how access to a higher-level shared folder can provide access to lower-level folders.
      • Administrators in this example have Full Control access to all folders when they access the hidden administrative root shares.
      • The other groups have access only to lower-level folders.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 11. PLANNING SHARED FOLDERS
      • Consolidate data.
      • Assign permissions to folders.
      • Assign most restrictive permissions possible.
      • Use groups for permission assignment.
      • Use intuitive share names.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 12. PLANNING SHARED FOLDERS (CONTINUED)
      • Multiple permissions.
      • Limit use of Deny permission.
      • Permissions interact with NTFS permissions.
      • Folder no longer shared if moved or renamed.
      • Copies of folders are not shared.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 13. Multiple Permissions
      • When you assign permissions to a folder, consider the effects of multiple permissions.
      • Permissions are the sum of all the permissions assigned to groups that the user belongs to.
      • Deny overrides all other permissions.
      • When share permissions are combined with NTFS permissions, the effective permission is the more restrictive of the two.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 14. Moving shared folders
      • When a shared folder is renamed or moved, the folder is no longer shared.
      • It must be shared again manually. When a shared folder is copied, the copy is not shared.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 15. SHARED FOLDER REQUIREMENTS
      • Administrators or Power Users group
      • Must have NTFS:Read to share folders
      • In Windows XP Professional, only Administrators and Power Users can share folders. In addition, the user who shares a folder must have at least the Read NTFS standard permission to the folder.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 16. SHARING FOLDERS
      • Create Shared Folder Wizard
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 17. SHARING FOLDERS (CONTINUED)
      • Windows Explorer
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 18. SHARING FOLDERS (CONTINUED)
      • NET SHARE
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 19. Net Share command detail
      • Note the NET SHARE options map to options in the Create Shared Folder Wizard and the Sharing tab of the Properties dialog box for a folder.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 20. ADMINISTRATIVE SHARES Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY The dollar sign ($) “hides” the share.
    • 21. STOP SHARING FOLDERS – 3 ways
      • Computer Management: choose Stop Sharing from shortcut menu
      • Windows Explorer: select Do Not Share This Folder
      • NET SHARE: NET SHARE <sharename> /DELETE
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 22. MULTIPLE SHARES Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 23. A little more detail…
      • You can create multiple shares for one folder for different types of access.
      • Suppose you have an application folder that you access with Read permission for day-to-day operations.
      • If you need Change permission to carry out maintenance tasks, you can create both shares and use the Read version for normal operations.
      • When you need to perform maintenance, you can connect to the Change share.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 24. UNC PATHS Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY Universal Naming Convention (UNC) paths consist of the server name followed by the share name and any subfolders. They are used to specify the share for mapped drives or for direct access from applications.
    • 25. CONNECTING TO SHARED FOLDERS
      • My Network Places
      • Mapped drives (Windows Explorer)
      • Mapped drives ( NET USE )
      • Run dialog box
      • Note: You can access shared folders by browsing My Network Places and finding the share, by mapping a drive in Windows Explorer (if you know the share path), or from a command line. You can also open a share by entering the UNC path in the Run dialog box (opened via the Start menu).
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 26. COMBINING NTFS AND SHARE PERMISSIONS Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 27. MONITORING SHARED FOLDERS
      • Shared Folder snap-in
      • Must be Administrator or Power User
      • Monitor connections, open files, and file locks
      • Might also disconnect users
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 28. MONITORING SHARED FOLDERS (CONTINUED) Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 29. ENABLING OFFLINE FILES (SERVER) Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 30. Enable Off-Line Files?
      • You can enable offline files by clicking the Caching button on the Sharing tab of a folder’s Properties dialog box.
      • This allows a client computer to cache files in the folder for offline use.
      • This is a great tool for organizations with mobile users. It allows the documents to be changed from outside the office, with changes being synchronized when the user returns.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 31. ENABLING OFFLINE FILES (CLIENT) Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 32. CONFIGURING OFFLINE FILES Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 33. CONFIGURING SYNCHRONIZATION Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 34. INTERNET FILE SHARING
      • Installing Internet Information Services (IIS)
      • Internet Management console
      • WebDAV and Web folders
      • Web folder authentication
      • Using Web folders
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 35. WebDAV?
      • Web folders use Web Distributed Authoring and Versioning (WebDAV) to allow users to read and write files to a folder served from IIS.
      • WebDAV clients such as Internet Explorer 5 and later and Microsoft Office XP and later can use Web folders as if they were file system folders
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 36. INSTALLING IIS
      • Installed from Add/Remove Programs
      • Apply Windows Updates
      • Note: If the Windows Firewall is enabled on the computer, be sure that firewall exceptions are configured to allow Web serving.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 37. INTERNET MANAGEMENT CONSOLE Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 38. WEB FOLDERS Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 39. CLIENT CONNECTIONS TO WEB FOLDERS Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY Note: This slide shows Internet Explorer’s Open dialog box opening a Web folder. Explain that failure to select Open As Web Folder will cause the browser to open the folder as a Web site (read-only).
    • 40. SUMMARY
      • Share folders to allow remote usage.
      • Share permissions apply only to folders.
      • Default share permission is Everyone:Read .
      • Replace default share permissions to reduce security exposure.
      • Administrators and Power Users can share folders.
      • NTFS and share permissions can be combined.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY
    • 41. SUMMARY (CONTINUED)
      • Offline files must be enabled before use.
      • Synchronization Manager synchronizes offline files.
      • IIS and WebDAV allow Internet file sharing.
      • WebDAV clients can use Web folders.
      Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY