• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
70-272 Chapter09
 

70-272 Chapter09

on

  • 651 views

 

Statistics

Views

Total Views
651
Views on SlideShare
651
Embed Views
0

Actions

Likes
2
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    70-272 Chapter09 70-272 Chapter09 Presentation Transcript

    • SECURITY AND SECURITY PERMISSIONS Chapter 9
    • CHAPTER OVERVIEW AND OBJECTIVES
      • Simple File Sharing
      • Share-level permissions
      • NTFS permissions
      • Combined permissions
      • Security and group policies
    • SIMPLE FILE SHARING
    • RUNNING THE NETWORK SETUP WIZARD
    • SHARING A FOLDER ON THE NETWORK
    • ENABLING SHARE-LEVEL PERMISSIONS
    • SHARE-LEVEL PERMISSIONS Read Allows users to view files and folders, view the contents of files and subfolders, and execute programs.* Change Full Control Share Permission Description Allows the user to change NTFS permissions on files and folders (including the shared folder). Administrators must configure share permissions locally or using the Computer Management console. Allows users to add and remove files and subfolders and edit files. *Programs requiring the ability to write to configuration files will not run properly without the Change permission.
    • SETTING SHARE-LEVEL PERMISSIONS
    • CALCULATING EFFECTIVE PERMISSIONS
      • Evaluate all group memberships
      • Effective permission is the least restrictive
    • TROUBLESHOOTING SHARE-LEVEL PERMISSIONS
      • Evaluate all group memberships
      • Ensure permissions are appropriate to requirements
      • Consider Deny permissions
    • NTFS PERMISSIONS
    • STANDARD NTFS PERMISSIONS Read Open files and subfolders Open files List Folder Contents Read and Execute Write Modify Full Control NTFS Permission Folders Files Not applicable List contents of folder, traverse folder to open subfolders Create subfolders and add files Not applicable Open files, execute programs All the above + delete All the above + change permissions and take ownership, delete subfolders All the above Modify files All the above + change permissions and take ownership
    • EFFECTIVE NTFS PERMISSIONS
      • Evaluate all group memberships
      • Effective permission is the least restrictive
      • Deny overrides all others
    • TROUBLESHOOTING NTFS PERMISSIONS
      • Evaluate all group memberships
      • Ensure permissions are appropriate to requirements
      • Consider Deny permissions
    • COMBINING SHARE-LEVEL AND NTFS PERMISSIONS
    • DISCUSSION SCENARIO Finance Bob W., Renee K., Jason G. Manufacturing Ron C., Jerome J. Managers Ron C., Renee K. Reports Finance (Change) Finance (Full Control) Manufacturing (Full Control) Manufacturing (Read + Write) Managers (Read) Managers (Read) Graphics Managers (Change) Managers (Modify) Manufacturing (Deny Read) Group Users in Group Folder Share Permissions NTFS Permissions
    • BUILT-IN GROUPS
      • Administrators
      • Power Users
      • Backup Operators
      • Users
    • CHANGING USER GROUP MEMBERSHIPS
      • User gets access token at logon based on group membership
      • Group membership is changed
      • User needs to log on again to receive new access token
    • LOCAL SECURITY SETTINGS
    • ACCOUNT POLICIES
    • ACCOUNT POLICIES (CONT.)
    • LOCAL POLICIES
    • GROUP POLICIES
    • CONFIGURING GROUP POLICY SETTINGS
    • TROUBLESHOOTING GROUP POLICIES
      • Help and Support
      • Gpresult.exe
      • Rsoc.exe
    • SUMMARY
      • Simple File Sharing is used in small and home offices
        • No permission restriction for locally shared files
        • Network shared files can be marked read-only
      • Standard share-level permissions are used in larger organizations
        • Ability to control access to Read, Change, Full Control
        • Effective permission is the least restrictive
    • SUMMARY (CONT.)
      • NTFS permissions
        • Incorporated into the file system
        • More granular than share-level permissions
        • Effective permission is the least restrictive
      • Combined permissions
        • The more restrictive of either share-level or NTFS
    • SUMMARY (CONT.)
      • Local security policy
        • Controls password strength
        • Controls account lockout policy
        • Assigns user rights and other security-related settings
      • Group policy
        • Controls desktop and application configuration
        • Is tiered so site, domain, and organizational unit override local settings