Your SlideShare is downloading. ×
0
Managing a Microsoft Windows Server 2003 Environment Chapter 5:  Managing File Access
Objectives <ul><li>Identify and understand the differences between the various file systems supported in Windows Server 20...
Objectives (continued) <ul><li>Determine the impact of combining shared folder and NTFS permissions </li></ul><ul><li>Conv...
Windows Server 2003 File Systems <ul><li>Three main file systems </li></ul><ul><ul><li>File Allocation Table (FAT) </li></...
FAT <ul><li>Used by MS-DOS </li></ul><ul><li>Supported by all versions of Windows since </li></ul><ul><li>Traditionally li...
FAT32 <ul><li>A derivative of the FAT file system </li></ul><ul><li>Supports partition sizes up to 2 TB </li></ul><ul><li>...
NTFS <ul><li>Introduced with Windows NT operating system </li></ul><ul><li>Current version (version 5) </li></ul><ul><ul><...
NTFS (continued) <ul><li>Advantages of NTFS </li></ul><ul><ul><li>Greater scalability and performance on larger partitions...
Creating and Managing Shared Folders <ul><li>Shared folder </li></ul><ul><ul><li>A data resource made available over a net...
Creating and Managing Shared Folders (continued) <ul><li>Several ways to create shared folders </li></ul><ul><li>Two impor...
Using Windows Explorer <ul><li>Used since Windows 95  </li></ul><ul><li>Can create, maintain, and share folders </li></ul>...
Using Windows Explorer (continued)
Activity 5-1: Creating a Shared Folder Using Windows Explorer <ul><li>Objective is to create a shared folder using Windows...
Activity 5-1 (continued)
Using Windows Explorer (continued) <ul><li>Shared name of folder does not have to be the actual file name </li></ul><ul><l...
Using Windows Explorer (continued)
Using Windows Explorer (continued)
Using Computer Management <ul><li>Computer Management console is a pre-defined Microsoft Management Console (MMC) </li></u...
Using Computer Management (continued) <ul><li>Share a Folder Wizard </li></ul><ul><ul><li>Used to create folders in Shared...
Activity 5-2: Creating and Viewing Shared Folders Using Computer Management <ul><li>Objective is to create and view shared...
Activity 5-2 (continued)
Activity 5-2 (continued) <ul><li>Open the Share a Folder Wizard </li></ul><ul><li>Configure the folder attributes </li></u...
Activity 5-2 (continued)
Monitoring Access to Shared Folders <ul><li>Monitoring involves </li></ul><ul><ul><li>Who is using shared files </li></ul>...
Monitoring Access to Shared Folders (continued)
Managing Shared Folder Permissions <ul><li>A shared folder has a discretionary access control list (DACL) </li></ul><ul><u...
Managing Shared Folder Permissions (continued)
Managing Shared Folder Permissions (continued) <ul><li>To deny access to a user or group </li></ul><ul><ul><li>Windows Ser...
Activity 5-3: Implementing Shared Folder Permissions <ul><li>Objective is to use shared folder permissions to control acce...
NTFS Permissions <ul><li>Resources located on an NTFS partition or volume can be given NTFS permissions </li></ul><ul><li>...
NTFS Permission Concepts <ul><li>NTFS permissions are configured via the Security tab </li></ul><ul><li>NTFS permissions a...
NTFS Permission Concepts (continued) <ul><li>A new ACE has default permission  </li></ul><ul><ul><li>Read and Read and Exe...
NTFS Permission Concepts (continued)
Activity 5-4: Implementing Standard NTFS Permissions <ul><li>Objective is to configure and test NTFS permissions on a loca...
Special NTFS Permissions <ul><li>Can provide more or less access than standard permissions </li></ul><ul><li>Special permi...
Special NTFS Permissions (continued)
Special NTFS Permissions (continued) <ul><li>Inheritance settings </li></ul><ul><ul><li>This folder only </li></ul></ul><u...
Special NTFS Permissions (continued)
Special NTFS Permissions (continued)
Activity 5-5: Configuring Special NTFS Permissions <ul><li>Objective is to view, configure, and test special NTFS permissi...
Determining Effective Permissions <ul><li>Permissions that actually apply to a user can be the result of membership in mul...
Determining Effective Permissions (continued)
Activity 5-6: Determining Effective NTFS Permissions <ul><li>Objective is to view effective permissions for a user on an N...
Combining Shared Folder and NTFS Permissions <ul><li>NTFS permissions can be combined with share permissions  </li></ul><u...
Activity 5-7: Exploring the Impact of Combined Shared Folder and NTFS Permissions <ul><li>Objective is to determine effect...
Converting a FAT Partition to NTFS <ul><li>For highest security, partitions and volumes should be configured to use NTFS <...
Activity 5-8: Converting a FAT32 Partition to NTFS <ul><li>Objective is to convert a FAT32 partition to NTFS file system <...
Summary <ul><li>Windows Server 2003 supports 3 file systems </li></ul><ul><ul><li>FAT </li></ul></ul><ul><ul><li>FAT32 </l...
Summary (continued) <ul><li>Permissions </li></ul><ul><ul><li>Shared folders, 3 standard permissions </li></ul></ul><ul><u...
Upcoming SlideShare
Loading in...5
×

Chapter05 Managing File Access

2,389

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,389
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
163
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Chapter05 Managing File Access"

  1. 1. Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access
  2. 2. Objectives <ul><li>Identify and understand the differences between the various file systems supported in Windows Server 2003 </li></ul><ul><li>Create and manage shared folders </li></ul><ul><li>Understand and configure the shared folder permissions available in Windows Server 2003 </li></ul><ul><li>Understand and configure the NTFS permissions available in Windows Server 2003 </li></ul>
  3. 3. Objectives (continued) <ul><li>Determine the impact of combining shared folder and NTFS permissions </li></ul><ul><li>Convert partitions and volumes from FAT to NTFS </li></ul>
  4. 4. Windows Server 2003 File Systems <ul><li>Three main file systems </li></ul><ul><ul><li>File Allocation Table (FAT) </li></ul></ul><ul><ul><li>FAT32 </li></ul></ul><ul><ul><li>NTFS </li></ul></ul><ul><li>Final choice of file system depends on </li></ul><ul><ul><li>How system will be used </li></ul></ul><ul><ul><li>Whether there are multiple operating systems </li></ul></ul><ul><ul><li>Security requirements </li></ul></ul><ul><li>NTFS is most highly recommended </li></ul>
  5. 5. FAT <ul><li>Used by MS-DOS </li></ul><ul><li>Supported by all versions of Windows since </li></ul><ul><li>Traditionally limited to partitions up to 2 GB </li></ul><ul><ul><li>Windows Server 2003 version supports partitions up to 4 GB </li></ul></ul><ul><li>Limitations </li></ul><ul><ul><li>Small partition sizes </li></ul></ul><ul><ul><li>No file system security features </li></ul></ul><ul><ul><li>Disk space usage is poor </li></ul></ul>
  6. 6. FAT32 <ul><li>A derivative of the FAT file system </li></ul><ul><li>Supports partition sizes up to 2 TB </li></ul><ul><li>Still does not provide advanced security features </li></ul><ul><ul><li>Cannot configure permissions on file and folder resources </li></ul></ul>
  7. 7. NTFS <ul><li>Introduced with Windows NT operating system </li></ul><ul><li>Current version (version 5) </li></ul><ul><ul><li>Windows NT 4.0 </li></ul></ul><ul><ul><li>Windows 2000 </li></ul></ul><ul><ul><li>Windows XP </li></ul></ul><ul><ul><li>Windows Server 2003 </li></ul></ul><ul><li>Theoretically supports partition sizes of up to 16 Exabytes (EB) </li></ul><ul><ul><li>Practically supports maximum partition sizes from 2 TB to 16 TB </li></ul></ul>
  8. 8. NTFS (continued) <ul><li>Advantages of NTFS </li></ul><ul><ul><li>Greater scalability and performance on larger partitions </li></ul></ul><ul><ul><li>Support for Active Directory on systems configured as domain controllers </li></ul></ul><ul><ul><li>Ability to configure security permissions on individual files and folders </li></ul></ul><ul><ul><li>Built-in support for compression and encryption </li></ul></ul><ul><ul><li>Ability to configure disk quotas for individual users </li></ul></ul><ul><ul><li>Support for Remote Storage </li></ul></ul><ul><ul><li>Recovery logging of disk activities </li></ul></ul>
  9. 9. Creating and Managing Shared Folders <ul><li>Shared folder </li></ul><ul><ul><li>A data resource made available over a network to authorized network clients </li></ul></ul><ul><ul><li>Specific permissions required for creating, reading, modifying </li></ul></ul><ul><li>Groups that can create shared folders: </li></ul><ul><ul><li>Administrators </li></ul></ul><ul><ul><li>Server Operators </li></ul></ul><ul><ul><li>Power Users (only on member servers) </li></ul></ul>
  10. 10. Creating and Managing Shared Folders (continued) <ul><li>Several ways to create shared folders </li></ul><ul><li>Two important methods </li></ul><ul><ul><li>Windows Explorer Interface </li></ul></ul><ul><ul><li>Computer Management console </li></ul></ul><ul><ul><ul><li>Also allows shared folders to be monitored </li></ul></ul></ul>
  11. 11. Using Windows Explorer <ul><li>Used since Windows 95 </li></ul><ul><li>Can create, maintain, and share folders </li></ul><ul><li>Folders can be on any drive connected to the computer </li></ul><ul><li>Folders are shared in Windows Explorer by accessing the Sharing tab of folder’s properties </li></ul>
  12. 12. Using Windows Explorer (continued)
  13. 13. Activity 5-1: Creating a Shared Folder Using Windows Explorer <ul><li>Objective is to create a shared folder using Windows Explorer </li></ul><ul><li>Open Explorer from Start menu </li></ul><ul><li>Use Explorer to create and configure a new folder </li></ul><ul><li>Verify folder using net view command </li></ul><ul><li>Open Explorer from command line for alternative verification </li></ul>
  14. 14. Activity 5-1 (continued)
  15. 15. Using Windows Explorer (continued) <ul><li>Shared name of folder does not have to be the actual file name </li></ul><ul><li>Hand icon used to indicate shared status </li></ul><ul><li>Shared folders can be hidden from My Network Places and Network Neighborhood </li></ul><ul><ul><li>Place dollar sign ($) after name, e.g., Salary$ </li></ul></ul><ul><ul><li>Number of hidden administrative shares created automatically at installation </li></ul></ul>
  16. 16. Using Windows Explorer (continued)
  17. 17. Using Windows Explorer (continued)
  18. 18. Using Computer Management <ul><li>Computer Management console is a pre-defined Microsoft Management Console (MMC) </li></ul><ul><ul><li>Allows you to share and monitor folders for local and remote computers </li></ul></ul><ul><ul><li>Allows you to stop sharing if desired </li></ul></ul>
  19. 19. Using Computer Management (continued) <ul><li>Share a Folder Wizard </li></ul><ul><ul><li>Used to create folders in Shared Folders section of Computer Management </li></ul></ul><ul><ul><li>Used to provide preconfigured or manual permissions </li></ul></ul><ul><ul><ul><li>All users have read-only access </li></ul></ul></ul><ul><ul><ul><li>Administrators have full access; others have read-only access </li></ul></ul></ul><ul><ul><ul><li>Administrators have full access; others have read and write access </li></ul></ul></ul><ul><ul><ul><li>Custom share and folder permissions </li></ul></ul></ul>
  20. 20. Activity 5-2: Creating and Viewing Shared Folders Using Computer Management <ul><li>Objective is to create and view shared folders using Computer Management </li></ul><ul><li>Open Computer Management and the Shared Folders node </li></ul><ul><li>Open Shares folder and note hidden files and other file types </li></ul>
  21. 21. Activity 5-2 (continued)
  22. 22. Activity 5-2 (continued) <ul><li>Open the Share a Folder Wizard </li></ul><ul><li>Configure the folder attributes </li></ul><ul><li>Configure the folder permissions </li></ul><ul><li>Verify folder accessibility from command line </li></ul>
  23. 23. Activity 5-2 (continued)
  24. 24. Monitoring Access to Shared Folders <ul><li>Monitoring involves </li></ul><ul><ul><li>Who is using shared files </li></ul></ul><ul><ul><li>What shared files are open at any given time </li></ul></ul><ul><li>Other functions </li></ul><ul><ul><li>Disconnect users from a share </li></ul></ul><ul><ul><li>Send network alert messages </li></ul></ul><ul><li>Primary monitoring tool is Computer Management </li></ul>
  25. 25. Monitoring Access to Shared Folders (continued)
  26. 26. Managing Shared Folder Permissions <ul><li>A shared folder has a discretionary access control list (DACL) </li></ul><ul><ul><li>Contains a list of user or group references that have been allowed or denied permissions </li></ul></ul><ul><ul><li>Each reference is an access control entry (ACE) </li></ul></ul><ul><ul><li>Accessed from Permissions button on Sharing tab of folder’s properties </li></ul></ul><ul><li>Permissions only apply to network users, not those logged on directly to local machine </li></ul>
  27. 27. Managing Shared Folder Permissions (continued)
  28. 28. Managing Shared Folder Permissions (continued) <ul><li>To deny access to a user or group </li></ul><ul><ul><li>Windows Server 2003 does not include No Access share permission </li></ul></ul><ul><ul><li>Must explicitly deny access to each individually </li></ul></ul><ul><li>Default permission is read access for Everyone group </li></ul><ul><ul><li>Should be immediately addressed when a share is created </li></ul></ul><ul><li>Folder permissions are inherited by all contained objects </li></ul>
  29. 29. Activity 5-3: Implementing Shared Folder Permissions <ul><li>Objective is to use shared folder permissions to control access to resources </li></ul><ul><li>In this exercise, you configure permissions on a shared folder to implement specific requirements: </li></ul><ul><ul><li>Domain Admins group has Full Control permission </li></ul></ul><ul><ul><li>Marketing Users group has Change permission </li></ul></ul><ul><ul><li>Other users have no access </li></ul></ul>
  30. 30. NTFS Permissions <ul><li>Resources located on an NTFS partition or volume can be given NTFS permissions </li></ul><ul><li>An administrator must </li></ul><ul><ul><li>Know how permissions are applied </li></ul></ul><ul><ul><li>Standard and special NTFS permissions available </li></ul></ul><ul><ul><li>How effective permissions are determined </li></ul></ul>
  31. 31. NTFS Permission Concepts <ul><li>NTFS permissions are configured via the Security tab </li></ul><ul><li>NTFS permissions are cumulative </li></ul><ul><li>Access denial always overrides permitted access </li></ul><ul><li>NTFS folder permissions are inherited unless otherwise specified </li></ul><ul><li>NTFS permissions can be set at file or folder level </li></ul>
  32. 32. NTFS Permission Concepts (continued) <ul><li>A new ACE has default permission </li></ul><ul><ul><li>Read and Read and Execute for files </li></ul></ul><ul><ul><li>List Folder Contents for folders </li></ul></ul><ul><li>Windows Server 2003 has set of standard permissions plus special permissions </li></ul>
  33. 33. NTFS Permission Concepts (continued)
  34. 34. Activity 5-4: Implementing Standard NTFS Permissions <ul><li>Objective is to configure and test NTFS permissions on a local folder </li></ul><ul><li>Implement standard NTFS permissions on a folder </li></ul><ul><li>Review default permissions </li></ul><ul><li>Explore behavior of permission inheritance </li></ul>
  35. 35. Special NTFS Permissions <ul><li>Can provide more or less access than standard permissions </li></ul><ul><li>Special permissions accessed from Advanced button in the Security tab on Properties dialog box for resource </li></ul><ul><li>Permission Entry dialog box enables assignment of permissions and control of inheritance settings </li></ul>
  36. 36. Special NTFS Permissions (continued)
  37. 37. Special NTFS Permissions (continued) <ul><li>Inheritance settings </li></ul><ul><ul><li>This folder only </li></ul></ul><ul><ul><li>This folder, subfolders, and files (default) </li></ul></ul><ul><ul><li>This folder and subfolders </li></ul></ul><ul><ul><li>This folder and files </li></ul></ul><ul><ul><li>Subfolders and files only </li></ul></ul><ul><ul><li>Subfolders only </li></ul></ul><ul><ul><li>Files only </li></ul></ul>
  38. 38. Special NTFS Permissions (continued)
  39. 39. Special NTFS Permissions (continued)
  40. 40. Activity 5-5: Configuring Special NTFS Permissions <ul><li>Objective is to view, configure, and test special NTFS permissions </li></ul><ul><ul><li>Deny a group the ability to read the NTFS permissions associated with a folder </li></ul></ul><ul><ul><li>Verify that access has been denied </li></ul></ul>
  41. 41. Determining Effective Permissions <ul><li>Permissions that actually apply to a user can be the result of membership in multiple groups </li></ul><ul><li>Prior to Windows Server 2003, determining effective permissions was done manually </li></ul><ul><li>In Windows Server 2003, there is an Effective Permissions tab in Advanced Security Settings dialog box for resource </li></ul><ul><ul><li>Shows specific permissions for a user or group </li></ul></ul>
  42. 42. Determining Effective Permissions (continued)
  43. 43. Activity 5-6: Determining Effective NTFS Permissions <ul><li>Objective is to view effective permissions for a user on an NTFS folder </li></ul><ul><li>Open the Effective Permissions tab for a test folder </li></ul><ul><li>Enter the name of the user </li></ul><ul><li>Review the permissions specifically granted to that user for that folder </li></ul><ul><li>Repeat with a group </li></ul>
  44. 44. Combining Shared Folder and NTFS Permissions <ul><li>NTFS permissions can be combined with share permissions </li></ul><ul><ul><li>When accessing a share across a network, if both apply, use most restrictive </li></ul></ul><ul><ul><li>When accessing a file locally, only NTFS permissions apply </li></ul></ul>
  45. 45. Activity 5-7: Exploring the Impact of Combined Shared Folder and NTFS Permissions <ul><li>Objective is to determine effective permissions when combining shared folder and NTFS permissions </li></ul><ul><li>Create a folder with both permissions </li></ul><ul><li>Attempt to create a new folder locally and over the network </li></ul>
  46. 46. Converting a FAT Partition to NTFS <ul><li>For highest security, partitions and volumes should be configured to use NTFS </li></ul><ul><li>Command-line utility, CONVERT, will convert FAT or FAT32 partitions and volumes to NTFS </li></ul><ul><li>All existing files and folders are retained </li></ul><ul><li>CONVERT cannot convert NTFS to FAT or FAT32 </li></ul>
  47. 47. Activity 5-8: Converting a FAT32 Partition to NTFS <ul><li>Objective is to convert a FAT32 partition to NTFS file system </li></ul><ul><li>Create a small FAT32 partition on server (using New Partition Wizard) </li></ul><ul><li>Create new file and folder on the partition </li></ul><ul><li>Use CONVERT to convert the partition to NTFS </li></ul><ul><li>Review permissions on the converted folder </li></ul>
  48. 48. Summary <ul><li>Windows Server 2003 supports 3 file systems </li></ul><ul><ul><li>FAT </li></ul></ul><ul><ul><li>FAT32 </li></ul></ul><ul><ul><li>NTFS (preferred) </li></ul></ul><ul><li>Two types of permissions </li></ul><ul><ul><li>Shared folder (network only) </li></ul></ul><ul><ul><ul><li>Tools are Windows Explorer, Computer Management, and NET SHARE command </li></ul></ul></ul><ul><ul><li>NTFS (local and network) </li></ul></ul><ul><ul><ul><li>NTFS partitions only </li></ul></ul></ul>
  49. 49. Summary (continued) <ul><li>Permissions </li></ul><ul><ul><li>Shared folders, 3 standard permissions </li></ul></ul><ul><ul><li>NTFS, 6 standard and 14 special permissions </li></ul></ul><ul><ul><ul><li>Permissions are cumulative </li></ul></ul></ul><ul><ul><ul><li>Effective permissions can be determined from Advanced Security Settings of a resource </li></ul></ul></ul><ul><ul><li>Shared folder and NTFS permissions can be combined </li></ul></ul><ul><li>CONVERT utility can convert a FAT or FAT32 partition to the NTFS file system </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×