G Mac Chapter05


Published on

Published in: Education, Sports, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

G Mac Chapter05

  1. 1. Managing File Access Chapter 5 70-290
  2. 2. Objectives <ul><li>Identify and understand the differences between the various file systems supported in Windows Server 2003 </li></ul><ul><li>Create and manage shared folders </li></ul><ul><li>Understand and configure the shared folder permissions available in Windows Server 2003 </li></ul><ul><li>Understand and configure the NTFS permissions available in Windows Server 2003 </li></ul>
  3. 3. Objectives (continued) <ul><li>Determine the impact of combining shared folder and NTFS permissions </li></ul><ul><li>Convert partitions and volumes from FAT to NTFS </li></ul>
  4. 4. Windows Server 2003 File Systems <ul><li>Three main file systems </li></ul><ul><ul><li>File Allocation Table (FAT) </li></ul></ul><ul><ul><li>FAT32 </li></ul></ul><ul><ul><li>NTFS </li></ul></ul><ul><li>Final choice of file system depends on </li></ul><ul><ul><li>How system will be used </li></ul></ul><ul><ul><li>Whether there are multiple operating systems </li></ul></ul><ul><ul><li>Security requirements </li></ul></ul><ul><li>NTFS is most highly recommended </li></ul>
  5. 5. FAT <ul><li>Used by MS-DOS </li></ul><ul><li>Supported by all versions of Windows since </li></ul><ul><li>Traditionally limited to partitions up to 2 GB </li></ul><ul><ul><li>Windows Server 2003 version supports partitions up to 4 GB </li></ul></ul><ul><li>Limitations </li></ul><ul><ul><li>Small partition sizes </li></ul></ul><ul><ul><li>No file system security features </li></ul></ul><ul><ul><li>Disk space usage is poor </li></ul></ul>
  6. 6. FAT32 <ul><li>A derivative of the FAT file system </li></ul><ul><li>Supports partition sizes up to 2 TB </li></ul><ul><li>Still does not provide advanced security features </li></ul><ul><ul><li>Cannot configure permissions on file and folder resources </li></ul></ul>
  7. 7. NTFS <ul><li>Introduced with Windows NT operating system </li></ul><ul><li>Current version (version 5) </li></ul><ul><ul><li>Windows NT 4.0 </li></ul></ul><ul><ul><li>Windows 2000 </li></ul></ul><ul><ul><li>Windows XP </li></ul></ul><ul><ul><li>Windows Server 2003 </li></ul></ul><ul><li>Theoretically supports partition sizes of up to 16 Exabytes (EB) </li></ul><ul><ul><li>Practically supports maximum partition sizes from 2 TB to 16 TB </li></ul></ul>
  8. 8. NTFS (continued) <ul><li>Advantages of NTFS </li></ul><ul><ul><li>Greater scalability and performance on larger partitions </li></ul></ul><ul><ul><li>Support for Active Directory on systems configured as domain controllers </li></ul></ul><ul><ul><li>Ability to configure security permissions on individual files and folders </li></ul></ul><ul><ul><li>Built-in support for compression and encryption </li></ul></ul><ul><ul><li>Ability to configure disk quotas for individual users </li></ul></ul><ul><ul><li>Support for Remote Storage </li></ul></ul><ul><ul><li>Recovery logging of disk activities </li></ul></ul>
  9. 9. Creating and Managing Shared Folders <ul><li>Shared folder </li></ul><ul><ul><li>A data resource made available over a network to authorized network clients </li></ul></ul><ul><ul><li>Specific permissions required for creating, reading, modifying </li></ul></ul><ul><li>Groups that can create shared folders: </li></ul><ul><ul><li>Administrators </li></ul></ul><ul><ul><li>Server Operators </li></ul></ul><ul><ul><li>Power Users (only on member servers) </li></ul></ul>
  10. 10. Creating and Managing Shared Folders… <ul><li>Several ways to create shared folders </li></ul><ul><li>Two important methods </li></ul><ul><ul><li>Windows Explorer Interface </li></ul></ul><ul><ul><li>Computer Management console </li></ul></ul><ul><ul><ul><li>Also allows shared folders to be monitored </li></ul></ul></ul>
  11. 11. Using Windows Explorer <ul><li>Used since Windows 95 </li></ul><ul><li>Can create, maintain, and share folders </li></ul><ul><li>Folders can be on any drive connected to the computer </li></ul><ul><li>Folders are shared in Windows Explorer by accessing the Sharing tab of folder’s properties </li></ul>
  12. 12. Using Windows Explorer (continued)
  13. 13. Activity 5-1 Creating a Shared Folder Using Windows Explorer
  14. 14. Creating a Shared Folder Using Windows Explorer <ul><li>Objective is to create a shared folder using Windows Explorer </li></ul><ul><li>Open Explorer from Start menu </li></ul><ul><li>Use Explorer to create and configure a new folder </li></ul><ul><li>Verify folder using net view command </li></ul><ul><li>Open Explorer from command line for alternative verification </li></ul>
  15. 15. Activity 5-1 (continued)
  16. 16. Using Windows Explorer (continued) <ul><li>Shared name of folder does not have to be the actual file name </li></ul><ul><li>Hand icon used to indicate shared status </li></ul><ul><li>Shared folders can be hidden from My Network Places and Network Neighborhood </li></ul><ul><ul><li>Place dollar sign ($) after name, e.g., Salary$ </li></ul></ul><ul><ul><li>Number of hidden administrative shares created automatically at installation </li></ul></ul>
  17. 17. Using Windows Explorer (continued)
  18. 18. Using Windows Explorer (continued)
  19. 19. Using Computer Management <ul><li>Computer Management console is a pre-defined Microsoft Management Console (MMC) </li></ul><ul><ul><li>Allows you to share and monitor folders for local and remote computers </li></ul></ul><ul><ul><li>Allows you to stop sharing if desired </li></ul></ul>
  20. 20. Using Computer Management (continued) <ul><li>Share a Folder Wizard </li></ul><ul><ul><li>Used to create folders in Shared Folders section of Computer Management </li></ul></ul><ul><ul><li>Used to provide preconfigured or manual permissions </li></ul></ul><ul><ul><ul><li>All users have read-only access </li></ul></ul></ul><ul><ul><ul><li>Administrators have full access; others have read-only access </li></ul></ul></ul><ul><ul><ul><li>Administrators have full access; others have read and write access </li></ul></ul></ul><ul><ul><ul><li>Custom share and folder permissions </li></ul></ul></ul>
  21. 21. Activity 5-2 Creating and Viewing Shared Folders Using Computer Management
  22. 22. Creating and Viewing Shared Folders Using Computer Management <ul><li>Objective is to create and view shared folders using Computer Management </li></ul><ul><li>Open Computer Management and the Shared Folders node </li></ul><ul><li>Open Shares folder and note hidden files and other file types </li></ul>
  23. 23. Activity 5-2 (continued)
  24. 24. Activity 5-2 (continued) <ul><li>Open the Share a Folder Wizard </li></ul><ul><li>Configure the folder attributes </li></ul><ul><li>Configure the folder permissions </li></ul><ul><li>Verify folder accessibility from command line </li></ul>
  25. 25. Activity 5-2 (continued)
  26. 26. Monitoring Access to Shared Folders <ul><li>Monitoring involves </li></ul><ul><ul><li>Who is using shared files </li></ul></ul><ul><ul><li>What shared files are open at any given time </li></ul></ul><ul><li>Other functions </li></ul><ul><ul><li>Disconnect users from a share </li></ul></ul><ul><ul><li>Send network alert messages </li></ul></ul><ul><li>Primary monitoring tool is Computer Management </li></ul>
  27. 27. Monitoring Access to Shared Folders…
  28. 28. Managing Shared Folder Permissions <ul><li>A shared folder has a discretionary access control list (DACL) </li></ul><ul><ul><li>Contains a list of user or group references that have been allowed or denied permissions </li></ul></ul><ul><ul><li>Each reference is an access control entry (ACE) </li></ul></ul><ul><ul><li>Accessed from Permissions button on Sharing tab of folder’s properties </li></ul></ul><ul><li>Permissions only apply to network users, not those logged on directly to local machine </li></ul>
  29. 29. Managing Shared Folder Permissions (continued)
  30. 30. Managing Shared Folder Permissions… <ul><li>To deny access to a user or group </li></ul><ul><ul><li>Windows Server 2003 does not include No Access share permission </li></ul></ul><ul><ul><li>Must explicitly deny access to each individually </li></ul></ul><ul><li>Default permission is read access for Everyone group </li></ul><ul><ul><li>Should be immediately addressed when a share is created </li></ul></ul><ul><li>Folder permissions are inherited by all contained objects </li></ul>
  31. 31. Activity 5-3 Implementing Shared Folder Permissions
  32. 32. Implementing Shared Folder Permissions <ul><li>Objective is to use shared folder permissions to control access to resources </li></ul><ul><li>In this exercise, you configure permissions on a shared folder to implement specific requirements: </li></ul><ul><ul><li>Domain Admins group has Full Control permission </li></ul></ul><ul><ul><li>Marketing Users group has Change permission </li></ul></ul><ul><ul><li>Other users have no access </li></ul></ul>
  33. 33. NTFS Permissions <ul><li>Resources located on an NTFS partition or volume can be given NTFS permissions </li></ul><ul><li>An administrator must </li></ul><ul><ul><li>Know how permissions are applied </li></ul></ul><ul><ul><li>Standard and special NTFS permissions available </li></ul></ul><ul><ul><li>How effective permissions are determined </li></ul></ul>
  34. 34. NTFS Permission Concepts <ul><li>NTFS permissions are configured via the Security tab </li></ul><ul><li>NTFS permissions are cumulative </li></ul><ul><li>Access denial always overrides permitted access </li></ul><ul><li>NTFS folder permissions are inherited unless otherwise specified </li></ul><ul><li>NTFS permissions can be set at file or folder level </li></ul>
  35. 35. NTFS Permission Concepts… <ul><li>A new ACE has default permission </li></ul><ul><ul><li>Read and Read and Execute for files </li></ul></ul><ul><ul><li>List Folder Contents for folders </li></ul></ul><ul><li>Windows Server 2003 has set of standard permissions plus special permissions </li></ul>
  36. 36. NTFS Permission Concepts…
  37. 37. Activity 5-4 Implementing Standard NTFS Permissions
  38. 38. Implementing Standard NTFS Permissions <ul><li>Objective is to configure and test NTFS permissions on a local folder </li></ul><ul><li>Implement standard NTFS permissions on a folder </li></ul><ul><li>Review default permissions </li></ul><ul><li>Explore behavior of permission inheritance </li></ul>
  39. 39. Special NTFS Permissions <ul><li>Can provide more or less access than standard permissions </li></ul><ul><li>Special permissions accessed from Advanced button in the Security tab on Properties dialog box for resource </li></ul><ul><li>Permission Entry dialog box enables assignment of permissions and control of inheritance settings </li></ul>
  40. 40. Special NTFS Permissions…
  41. 41. Special NTFS Permissions… <ul><li>Inheritance settings </li></ul><ul><ul><li>This folder only </li></ul></ul><ul><ul><li>This folder, subfolders, and files (default) </li></ul></ul><ul><ul><li>This folder and subfolders </li></ul></ul><ul><ul><li>This folder and files </li></ul></ul><ul><ul><li>Subfolders and files only </li></ul></ul><ul><ul><li>Subfolders only </li></ul></ul><ul><ul><li>Files only </li></ul></ul>
  42. 42. Special NTFS Permissions…
  43. 43. Special NTFS Permissions…
  44. 44. Activity 5-5 Configuring Special NTFS Permissions
  45. 45. Configuring Special NTFS Permissions <ul><li>Objective is to view, configure, and test special NTFS permissions </li></ul><ul><ul><li>Deny a group the ability to read the NTFS permissions associated with a folder </li></ul></ul><ul><ul><li>Verify that access has been denied </li></ul></ul>
  46. 46. Determining Effective Permissions <ul><li>Permissions that actually apply to a user can be the result of membership in multiple groups </li></ul><ul><li>Prior to Windows Server 2003, determining effective permissions was done manually </li></ul><ul><li>In Windows Server 2003, there is an Effective Permissions tab in Advanced Security Settings dialog box for resource </li></ul><ul><ul><li>Shows specific permissions for a user or group </li></ul></ul>
  47. 47. Determining Effective Permissions…
  48. 48. Activity 5-6 Determining Effective NTFS Permissions
  49. 49. Determining Effective NTFS Permissions <ul><li>Objective is to view effective permissions for a user on an NTFS folder </li></ul><ul><li>Open the Effective Permissions tab for a test folder </li></ul><ul><li>Enter the name of the user </li></ul><ul><li>Review the permissions specifically granted to that user for that folder </li></ul><ul><li>Repeat with a group </li></ul>
  50. 50. Combining Shared Folder and NTFS Permissions <ul><li>NTFS permissions can be combined with share permissions </li></ul><ul><ul><li>When accessing a share across a network, if both apply, use most restrictive </li></ul></ul><ul><ul><li>When accessing a file locally, only NTFS permissions apply </li></ul></ul>
  51. 51. Activity 5-7 Exploring the Impact of Combined Shared Folder and NTFS Permissions
  52. 52. Exploring the Impact of Combined Shared Folder and NTFS Permissions <ul><li>Objective is to determine effective permissions when combining shared folder and NTFS permissions </li></ul><ul><li>Create a folder with both permissions </li></ul><ul><li>Attempt to create a new folder locally and over the network </li></ul>
  53. 53. Converting a FAT Partition to NTFS <ul><li>For highest security, partitions and volumes should be configured to use NTFS </li></ul><ul><li>Command-line utility, CONVERT, will convert FAT or FAT32 partitions and volumes to NTFS </li></ul><ul><li>All existing files and folders are retained </li></ul><ul><li>CONVERT cannot convert NTFS to FAT or FAT32 </li></ul>
  54. 54. Activity 5-8 Converting a FAT32 Partition to NTFS
  55. 55. Converting a FAT32 Partition to NTFS <ul><li>Objective is to convert a FAT32 partition to NTFS file system </li></ul><ul><li>Create a small FAT32 partition on server (using New Partition Wizard) </li></ul><ul><li>Create new file and folder on the partition </li></ul><ul><li>Use CONVERT to convert the partition to NTFS </li></ul><ul><li>Review permissions on the converted folder </li></ul>
  56. 56. Summary <ul><li>Windows Server 2003 supports 3 file systems </li></ul><ul><ul><li>FAT </li></ul></ul><ul><ul><li>FAT32 </li></ul></ul><ul><ul><li>NTFS (preferred) </li></ul></ul><ul><li>Two types of permissions </li></ul><ul><ul><li>Shared folder (network only) </li></ul></ul><ul><ul><ul><li>Tools are Windows Explorer, Computer Management, and NET SHARE command </li></ul></ul></ul><ul><ul><li>NTFS (local and network) </li></ul></ul><ul><ul><ul><li>NTFS partitions only </li></ul></ul></ul>
  57. 57. Summary… <ul><li>Permissions </li></ul><ul><ul><li>Shared folders, 3 standard permissions </li></ul></ul><ul><ul><li>NTFS, 6 standard and 14 special permissions </li></ul></ul><ul><ul><ul><li>Permissions are cumulative </li></ul></ul></ul><ul><ul><ul><li>Effective permissions can be determined from Advanced Security Settings of a resource </li></ul></ul></ul><ul><ul><li>Shared folder and NTFS permissions can be combined </li></ul></ul><ul><li>CONVERT utility can convert a FAT or FAT32 partition to the NTFS file system </li></ul>