70-272 Chapter09

555
-1

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
555
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

70-272 Chapter09

  1. 1. SECURITY AND SECURITY PERMISSIONS Chapter 9
  2. 2. CHAPTER OVERVIEW AND OBJECTIVES <ul><li>Simple File Sharing </li></ul><ul><li>Share-level permissions </li></ul><ul><li>NTFS permissions </li></ul><ul><li>Combined permissions </li></ul><ul><li>Security and group policies </li></ul>
  3. 3. SIMPLE FILE SHARING
  4. 4. RUNNING THE NETWORK SETUP WIZARD
  5. 5. SHARING A FOLDER ON THE NETWORK
  6. 6. ENABLING SHARE-LEVEL PERMISSIONS
  7. 7. SHARE-LEVEL PERMISSIONS Read Allows users to view files and folders, view the contents of files and subfolders, and execute programs.* Change Full Control Share Permission Description Allows the user to change NTFS permissions on files and folders (including the shared folder). Administrators must configure share permissions locally or using the Computer Management console. Allows users to add and remove files and subfolders and edit files. *Programs requiring the ability to write to configuration files will not run properly without the Change permission.
  8. 8. SETTING SHARE-LEVEL PERMISSIONS
  9. 9. CALCULATING EFFECTIVE PERMISSIONS <ul><li>Evaluate all group memberships </li></ul><ul><li>Effective permission is the least restrictive </li></ul>
  10. 10. TROUBLESHOOTING SHARE-LEVEL PERMISSIONS <ul><li>Evaluate all group memberships </li></ul><ul><li>Ensure permissions are appropriate to requirements </li></ul><ul><li>Consider Deny permissions </li></ul>
  11. 11. NTFS PERMISSIONS
  12. 12. STANDARD NTFS PERMISSIONS Read Open files and subfolders Open files List Folder Contents Read and Execute Write Modify Full Control NTFS Permission Folders Files Not applicable List contents of folder, traverse folder to open subfolders Create subfolders and add files Not applicable Open files, execute programs All the above + delete All the above + change permissions and take ownership, delete subfolders All the above Modify files All the above + change permissions and take ownership
  13. 13. EFFECTIVE NTFS PERMISSIONS <ul><li>Evaluate all group memberships </li></ul><ul><li>Effective permission is the least restrictive </li></ul><ul><li>Deny overrides all others </li></ul>
  14. 14. TROUBLESHOOTING NTFS PERMISSIONS <ul><li>Evaluate all group memberships </li></ul><ul><li>Ensure permissions are appropriate to requirements </li></ul><ul><li>Consider Deny permissions </li></ul>
  15. 15. COMBINING SHARE-LEVEL AND NTFS PERMISSIONS
  16. 16. DISCUSSION SCENARIO Finance Bob W., Renee K., Jason G. Manufacturing Ron C., Jerome J. Managers Ron C., Renee K. Reports Finance (Change) Finance (Full Control) Manufacturing (Full Control) Manufacturing (Read + Write) Managers (Read) Managers (Read) Graphics Managers (Change) Managers (Modify) Manufacturing (Deny Read) Group Users in Group Folder Share Permissions NTFS Permissions
  17. 17. BUILT-IN GROUPS <ul><li>Administrators </li></ul><ul><li>Power Users </li></ul><ul><li>Backup Operators </li></ul><ul><li>Users </li></ul>
  18. 18. CHANGING USER GROUP MEMBERSHIPS <ul><li>User gets access token at logon based on group membership </li></ul><ul><li>Group membership is changed </li></ul><ul><li>User needs to log on again to receive new access token </li></ul>
  19. 19. LOCAL SECURITY SETTINGS
  20. 20. ACCOUNT POLICIES
  21. 21. ACCOUNT POLICIES (CONT.)
  22. 22. LOCAL POLICIES
  23. 23. GROUP POLICIES
  24. 24. CONFIGURING GROUP POLICY SETTINGS
  25. 25. TROUBLESHOOTING GROUP POLICIES <ul><li>Help and Support </li></ul><ul><li>Gpresult.exe </li></ul><ul><li>Rsoc.exe </li></ul>
  26. 26. SUMMARY <ul><li>Simple File Sharing is used in small and home offices </li></ul><ul><ul><li>No permission restriction for locally shared files </li></ul></ul><ul><ul><li>Network shared files can be marked read-only </li></ul></ul><ul><li>Standard share-level permissions are used in larger organizations </li></ul><ul><ul><li>Ability to control access to Read, Change, Full Control </li></ul></ul><ul><ul><li>Effective permission is the least restrictive </li></ul></ul>
  27. 27. SUMMARY (CONT.) <ul><li>NTFS permissions </li></ul><ul><ul><li>Incorporated into the file system </li></ul></ul><ul><ul><li>More granular than share-level permissions </li></ul></ul><ul><ul><li>Effective permission is the least restrictive </li></ul></ul><ul><li>Combined permissions </li></ul><ul><ul><li>The more restrictive of either share-level or NTFS </li></ul></ul>
  28. 28. SUMMARY (CONT.) <ul><li>Local security policy </li></ul><ul><ul><li>Controls password strength </li></ul></ul><ul><ul><li>Controls account lockout policy </li></ul></ul><ul><ul><li>Assigns user rights and other security-related settings </li></ul></ul><ul><li>Group policy </li></ul><ul><ul><li>Controls desktop and application configuration </li></ul></ul><ul><ul><li>Is tiered so site, domain, and organizational unit override local settings </li></ul></ul>

×