Chapter05      Managing  File  Access
Upcoming SlideShare
Loading in...5

Chapter05 Managing File Access






Total Views
Views on SlideShare
Embed Views



1 Embed 6 6



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Chapter05      Managing  File  Access Chapter05 Managing File Access Presentation Transcript

  • Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access
  • Objectives
    • Identify and understand the differences between the various file systems supported in Windows Server 2003
    • Create and manage shared folders
    • Understand and configure the shared folder permissions available in Windows Server 2003
    • Understand and configure the NTFS permissions available in Windows Server 2003
  • Objectives (continued)
    • Determine the impact of combining shared folder and NTFS permissions
    • Convert partitions and volumes from FAT to NTFS
  • Windows Server 2003 File Systems
    • Three main file systems
      • File Allocation Table (FAT)
      • FAT32
      • NTFS
    • Final choice of file system depends on
      • How system will be used
      • Whether there are multiple operating systems
      • Security requirements
    • NTFS is most highly recommended
  • FAT
    • Used by MS-DOS
    • Supported by all versions of Windows since
    • Traditionally limited to partitions up to 2 GB
      • Windows Server 2003 version supports partitions up to 4 GB
    • Limitations
      • Small partition sizes
      • No file system security features
      • Disk space usage is poor
  • FAT32
    • A derivative of the FAT file system
    • Supports partition sizes up to 2 TB
    • Still does not provide advanced security features
      • Cannot configure permissions on file and folder resources
  • NTFS
    • Introduced with Windows NT operating system
    • Current version (version 5)
      • Windows NT 4.0
      • Windows 2000
      • Windows XP
      • Windows Server 2003
    • Theoretically supports partition sizes of up to 16 Exabytes (EB)
      • Practically supports maximum partition sizes from 2 TB to 16 TB
  • NTFS (continued)
    • Advantages of NTFS
      • Greater scalability and performance on larger partitions
      • Support for Active Directory on systems configured as domain controllers
      • Ability to configure security permissions on individual files and folders
      • Built-in support for compression and encryption
      • Ability to configure disk quotas for individual users
      • Support for Remote Storage
      • Recovery logging of disk activities
  • Creating and Managing Shared Folders
    • Shared folder
      • A data resource made available over a network to authorized network clients
      • Specific permissions required for creating, reading, modifying
    • Groups that can create shared folders:
      • Administrators
      • Server Operators
      • Power Users (only on member servers)
  • Creating and Managing Shared Folders (continued)
    • Several ways to create shared folders
    • Two important methods
      • Windows Explorer Interface
      • Computer Management console
        • Also allows shared folders to be monitored
  • Using Windows Explorer
    • Used since Windows 95
    • Can create, maintain, and share folders
    • Folders can be on any drive connected to the computer
    • Folders are shared in Windows Explorer by accessing the Sharing tab of folder’s properties
  • Using Windows Explorer (continued)
  • Activity 5-1: Creating a Shared Folder Using Windows Explorer
    • Objective is to create a shared folder using Windows Explorer
    • Open Explorer from Start menu
    • Use Explorer to create and configure a new folder
    • Verify folder using net view command
    • Open Explorer from command line for alternative verification
  • Activity 5-1 (continued)
  • Using Windows Explorer (continued)
    • Shared name of folder does not have to be the actual file name
    • Hand icon used to indicate shared status
    • Shared folders can be hidden from My Network Places and Network Neighborhood
      • Place dollar sign ($) after name, e.g., Salary$
      • Number of hidden administrative shares created automatically at installation
  • Using Windows Explorer (continued)
  • Using Windows Explorer (continued)
  • Using Computer Management
    • Computer Management console is a pre-defined Microsoft Management Console (MMC)
      • Allows you to share and monitor folders for local and remote computers
      • Allows you to stop sharing if desired
  • Using Computer Management (continued)
    • Share a Folder Wizard
      • Used to create folders in Shared Folders section of Computer Management
      • Used to provide preconfigured or manual permissions
        • All users have read-only access
        • Administrators have full access; others have read-only access
        • Administrators have full access; others have read and write access
        • Custom share and folder permissions
  • Activity 5-2: Creating and Viewing Shared Folders Using Computer Management
    • Objective is to create and view shared folders using Computer Management
    • Open Computer Management and the Shared Folders node
    • Open Shares folder and note hidden files and other file types
  • Activity 5-2 (continued)
  • Activity 5-2 (continued)
    • Open the Share a Folder Wizard
    • Configure the folder attributes
    • Configure the folder permissions
    • Verify folder accessibility from command line
  • Activity 5-2 (continued)
  • Monitoring Access to Shared Folders
    • Monitoring involves
      • Who is using shared files
      • What shared files are open at any given time
    • Other functions
      • Disconnect users from a share
      • Send network alert messages
    • Primary monitoring tool is Computer Management
  • Monitoring Access to Shared Folders (continued)
  • Managing Shared Folder Permissions
    • A shared folder has a discretionary access control list (DACL)
      • Contains a list of user or group references that have been allowed or denied permissions
      • Each reference is an access control entry (ACE)
      • Accessed from Permissions button on Sharing tab of folder’s properties
    • Permissions only apply to network users, not those logged on directly to local machine
  • Managing Shared Folder Permissions (continued)
  • Managing Shared Folder Permissions (continued)
    • To deny access to a user or group
      • Windows Server 2003 does not include No Access share permission
      • Must explicitly deny access to each individually
    • Default permission is read access for Everyone group
      • Should be immediately addressed when a share is created
    • Folder permissions are inherited by all contained objects
  • Activity 5-3: Implementing Shared Folder Permissions
    • Objective is to use shared folder permissions to control access to resources
    • In this exercise, you configure permissions on a shared folder to implement specific requirements:
      • Domain Admins group has Full Control permission
      • Marketing Users group has Change permission
      • Other users have no access
  • NTFS Permissions
    • Resources located on an NTFS partition or volume can be given NTFS permissions
    • An administrator must
      • Know how permissions are applied
      • Standard and special NTFS permissions available
      • How effective permissions are determined
  • NTFS Permission Concepts
    • NTFS permissions are configured via the Security tab
    • NTFS permissions are cumulative
    • Access denial always overrides permitted access
    • NTFS folder permissions are inherited unless otherwise specified
    • NTFS permissions can be set at file or folder level
  • NTFS Permission Concepts (continued)
    • A new ACE has default permission
      • Read and Read and Execute for files
      • List Folder Contents for folders
    • Windows Server 2003 has set of standard permissions plus special permissions
  • NTFS Permission Concepts (continued)
  • Activity 5-4: Implementing Standard NTFS Permissions
    • Objective is to configure and test NTFS permissions on a local folder
    • Implement standard NTFS permissions on a folder
    • Review default permissions
    • Explore behavior of permission inheritance
  • Special NTFS Permissions
    • Can provide more or less access than standard permissions
    • Special permissions accessed from Advanced button in the Security tab on Properties dialog box for resource
    • Permission Entry dialog box enables assignment of permissions and control of inheritance settings
  • Special NTFS Permissions (continued)
  • Special NTFS Permissions (continued)
    • Inheritance settings
      • This folder only
      • This folder, subfolders, and files (default)
      • This folder and subfolders
      • This folder and files
      • Subfolders and files only
      • Subfolders only
      • Files only
  • Special NTFS Permissions (continued)
  • Special NTFS Permissions (continued)
  • Activity 5-5: Configuring Special NTFS Permissions
    • Objective is to view, configure, and test special NTFS permissions
      • Deny a group the ability to read the NTFS permissions associated with a folder
      • Verify that access has been denied
  • Determining Effective Permissions
    • Permissions that actually apply to a user can be the result of membership in multiple groups
    • Prior to Windows Server 2003, determining effective permissions was done manually
    • In Windows Server 2003, there is an Effective Permissions tab in Advanced Security Settings dialog box for resource
      • Shows specific permissions for a user or group
  • Determining Effective Permissions (continued)
  • Activity 5-6: Determining Effective NTFS Permissions
    • Objective is to view effective permissions for a user on an NTFS folder
    • Open the Effective Permissions tab for a test folder
    • Enter the name of the user
    • Review the permissions specifically granted to that user for that folder
    • Repeat with a group
  • Combining Shared Folder and NTFS Permissions
    • NTFS permissions can be combined with share permissions
      • When accessing a share across a network, if both apply, use most restrictive
      • When accessing a file locally, only NTFS permissions apply
  • Activity 5-7: Exploring the Impact of Combined Shared Folder and NTFS Permissions
    • Objective is to determine effective permissions when combining shared folder and NTFS permissions
    • Create a folder with both permissions
    • Attempt to create a new folder locally and over the network
  • Converting a FAT Partition to NTFS
    • For highest security, partitions and volumes should be configured to use NTFS
    • Command-line utility, CONVERT, will convert FAT or FAT32 partitions and volumes to NTFS
    • All existing files and folders are retained
    • CONVERT cannot convert NTFS to FAT or FAT32
  • Activity 5-8: Converting a FAT32 Partition to NTFS
    • Objective is to convert a FAT32 partition to NTFS file system
    • Create a small FAT32 partition on server (using New Partition Wizard)
    • Create new file and folder on the partition
    • Use CONVERT to convert the partition to NTFS
    • Review permissions on the converted folder
  • Summary
    • Windows Server 2003 supports 3 file systems
      • FAT
      • FAT32
      • NTFS (preferred)
    • Two types of permissions
      • Shared folder (network only)
        • Tools are Windows Explorer, Computer Management, and NET SHARE command
      • NTFS (local and network)
        • NTFS partitions only
  • Summary (continued)
    • Permissions
      • Shared folders, 3 standard permissions
      • NTFS, 6 standard and 14 special permissions
        • Permissions are cumulative
        • Effective permissions can be determined from Advanced Security Settings of a resource
      • Shared folder and NTFS permissions can be combined
    • CONVERT utility can convert a FAT or FAT32 partition to the NTFS file system