Presentation is loading. Please wait.

Presentation is loading. Please wait.

70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access."— Presentation transcript:

1 70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access and Security

2 Guide to MCSE 70-270, 70-2902 Objectives Create and manage shared folders Configure shared folder permissions in Windows Server 2003 Configure NTFS permissions in Windows Server 2003 Determine the impact of combining shared folder and NTFS permissions

3 Guide to MCSE 70-270, 70-2903 Objectives (continued) Configure and work with offline files and folders Work with the Distributed File System Work with file and folder attributes Configure advanced attributes

4 Guide to MCSE 70-270, 70-2904 Creating and Managing Shared Folders Shared folder: Data resource made available over the network to authorized network clients –Users required to have appropriate rights to create shared folders Using Windows Explorer: Standard method for creating and sharing folders –Simple file sharing mode enabled by default in Windows XP in a Workgroup Disabled if system is member of a Domain Format of file sharing tab will change

5 Guide to MCSE 70-270, 70-2905 Creating and Managing Shared Folders (continued) Figure 9-2: Simple file sharing in XP Professional

6 Guide to MCSE 70-270, 70-2906 Creating and Managing Shared Folders (continued) Figure 9-3: The option for simple file sharing in Folder Options

7 Guide to MCSE 70-270, 70-2907 Creating and Managing Shared Folders (continued) Using Windows Explorer (continued): –Can create two share names –To hide shared folder, place $ after its name Windows XP and Windows Server 2003 create hidden administrative shares by default during installation Activity 9-1: Creating a Shared Folder in Windows Explorer –Objective: Create a shared folder on your Windows Server 2003 system in Windows Explorer

8 Guide to MCSE 70-270, 70-2908 Creating and Managing Shared Folders (continued) Using Computer Management: Can manage shares on multiple servers from single location Activity 9-2: Creating and Viewing Shared Folders in Computer Management –Objective: Create and view shared folders in Computer Management

9 Guide to MCSE 70-270, 70-2909 Creating and Managing Shared Folders (continued) Figure 9-6: Configuring permissions with the Share a Folder Wizard

10 Guide to MCSE 70-270, 70-29010 Creating and Managing Shared Folders (continued) Monitoring Access to Shared Folders: –Use Computer Management console to see who is connected, what files are open, and send messages Figure 9-7: Viewing information in the Sessions node

11 Guide to MCSE 70-270, 70-29011 Managing Shared Folder Permissions Each shared folder has associated discretionary access control list (DACL) –Contains list of Access control entries (ACEs) Table 9-1: Shared folder permissions for Windows XP and Server 2003

12 Guide to MCSE 70-270, 70-29012 Managing Shared Folder Permissions (continued) Figure 9-9: Denying permissions for a shared folder

13 Guide to MCSE 70-270, 70-29013 Managing Shared Folder Permissions (continued) When new share created, default permission grants read access to Everyone group Permissions configured on shared folders inherited by all objects the shared folder contains Activity 9-3: Implementing Shared Folder Permissions –Objective: Control access to resources by using shared folder permissions

14 Guide to MCSE 70-270, 70-29014 Working with NTFS Permissions Files and folders on Windows XP or Windows Server 2003 NTFS partitions or volumes can be secured through via NTFS permissions –Stored in NTFS directory table –Standard and special NTFS permissions –Effective permissions

15 Guide to MCSE 70-270, 70-29015 NTFS Permission Concepts Guidelines to use when setting NTFS permissions: –NTFS permissions are cumulative –Explicitly denied permissions override allowed ones –NTFS folder permissions inherited by child folders and files, unless otherwise specified –NTFS permissions can be set at file or folder level –Default permissions grant the user or group Read and Read & Execute permissions for files and the List Folder Contents permission for folders –Windows Server 2003 has standard and special permissions

16 Guide to MCSE 70-270, 70-29016 NTFS Permission Concepts (continued) Activity 9-4: Using Standard NTFS Permissions –Objective: Configure and test NTFS permissions on a local folder Table 9-2: Standard NTFS permissions

17 Guide to MCSE 70-270, 70-29017 Special NTFS Permissions Figure 9-12: Configuring how special permissions are applied

18 Guide to MCSE 70-270, 70-29018 Special NTFS Permissions (continued) Table 9-3: Special NTFS permissions

19 Guide to MCSE 70-270, 70-29019 Special NTFS Permissions (continued) Table 9-3 (continued): Special NTFS permissions

20 Guide to MCSE 70-270, 70-29020 Special NTFS Permissions (continued) Activity 9-5: Configuring Special NTFS Permissions –Objective: View, configure, and test special NTFS permissions

21 Guide to MCSE 70-270, 70-29021 Determining Effective Permissions Windows Server 2003 and XP include Effective Permissions tab in Advanced Security Settings dialog box for a file or folder Activity 9-6: Determining Effective NTFS Permissions –Objective: View effective permissions for a user on an NTFS folder

22 Guide to MCSE 70-270, 70-29022 Combining Shared Folder and NTFS Permissions Produce combination of local and remote security –When a user accesses a share across a network and both NTFS and share permissions apply, the most restrictive permission of becomes the effective combined permission –When a user accesses files locally, only NTFS permissions apply Activity 9-7: Exploring the Effect of Combined Share and NTFS Permissions –Objective: Determine the effect of combining shared folder and NTFS permissions

23 Guide to MCSE 70-270, 70-29023 Using Offline Files Offline files: Technology allowing files to be accessed in absence of network connection –File designation, data transfer, follow-up synchronization Figure 9-14: The Offline Settings dialog box in Windows Server 2003

24 Guide to MCSE 70-270, 70-29024 Using Offline Files (continued) To manually select shared folder for offline access from client computer: –View list of shared folders or files –Right-click shared item, click Make Available Offline Offline folder and file information automatically transferred to local storage area When system reconnected to network, offline files synchronized with their LAN-based originals

25 Guide to MCSE 70-270, 70-29025 Using Offline Files (continued) Figure 9-17: The Offline Files tab in Folder Options

26 Guide to MCSE 70-270, 70-29026 Using Offline Files (continued) Not all files can be cached –Creator of share can disable caching –Windows prevents caching of *.slm, *.mdb,*.ldb,*.mdw,*.mde,*.pst, and *.db? files Activity 9-8: Accessing Offline Files –Objective: Make files located on the network available while not connected to the network Activity 9-9: Sharing Folders for Automatic Offline Access –Objective: Configure shared folders for automatic caching of offline documents

27 Guide to MCSE 70-270, 70-29027 Working with the Distributed File System Distributed File System (DFS): Allows administrators to simplify access to multiple shared- file resources Figure 9-18: The Distributed File System console

28 Guide to MCSE 70-270, 70-29028 Working with the Distributed File System (continued) Figure 9-19: Shared folders organized using DFS

29 Guide to MCSE 70-270, 70-29029 DFS Models DFS root: Holds links to shared folders DFS link: Pointer to physical location of shared folders Replica set: Shared folders copied to server(s) in domain Table 9-4: Standalone and domain-based DFS models

30 Guide to MCSE 70-270, 70-29030 DFS Models (continued) Activity 9-10: Creating a Domain-Based DFS Root and DFS Links –Objective: Create a new domain-based DFS root and add DFS links Figure 9-20: A DFS link named Marketing Applications

31 Guide to MCSE 70-270, 70-29031 Managing DFS Several tasks involved in managing DFS root: –Deleting a DFS root –Removing a DFS link –Adding root and link replica sets –Checking the status of a root or link Replication enables fault tolerance and load balancing of requests between servers

32 Guide to MCSE 70-270, 70-29032 Managing DFS (continued) Figure 9-21: Viewing the status of a DFS link

33 Guide to MCSE 70-270, 70-29033 Working with File and Folder Attributes The Read-only Attribute: Designates that file’s contents can’t be changed –Level of security depends on file system –Attributes configured for files stored FAT or FAT32 volume are not secure inherently The Archive Attribute: Provides way to determine files and folders that have been created or changed –Particularly important to backup programs

34 Guide to MCSE 70-270, 70-29034 Working with File and Folder Attributes (continued) The System Attribute: Identifies OS files –Files/folders with both hidden and system attributes treated as protected OS files The Hidden Attribute: Protect files and folders from being visible to users in Windows Explorer or via command line –Can configure system to display hidden files/folders Activity 9-11: Viewing and Configuring File and Folder Attributes in Windows Explorer –Objective: Use Windows Explorer to view and configure file and folder attributes

35 Guide to MCSE 70-270, 70-29035 Working with File and Folder Attributes (continued) Figure 9-24: Configuring display settings for hidden files and folders

36 Guide to MCSE 70-270, 70-29036 Working with File and Folder Attributes (continued) The Attrib Command: Command line tool to view or configure attributes for files and folders –Only way to configure system attribute –Supports wildcards Activity 9-12: Changing File Attributes with the Attrib Command –Objective: View and change file attributes from the command line

37 Guide to MCSE 70-270, 70-29037 Configuring Advanced Attributes Figure 9-25: The Advanced Attributes dialog box for a file

38 Guide to MCSE 70-270, 70-29038 File Compression Enable compression to reduce amount of disk space that folders and files take up –After files compressed, automatically uncompressed when accessed Compression attribute can be affected when copying and moving files: –Files copied to another folder within same NTFS volume automatically inherit destination folder’s compression attribute –Files/folders moved within same NTFS volume retain compression attribute

39 Guide to MCSE 70-270, 70-29039 File Compression (continued) Compression attribute can be affected when copying and moving files (continued): –Files/folders copied between NTFS volumes inherit destination folder’s compression attribute –Files/folders moved between NTFS volumes inherit destination folder’s compression attribute Activity 9-13: Configuring Folder Compression Settings –Objective: Configure a folder to compress its contents

40 Guide to MCSE 70-270, 70-29040 File Compression (continued) The Compact Command: Change compression attribute of files/folders from command line –/c option: Compress files and folders –/u option: Uncompress files and folders –Can only be used on NTFS partitions and volumes

41 Guide to MCSE 70-270, 70-29041 File Encryption Encrypted File System (EFS): Uses public key cryptography to encrypt folders and files File and folder encryption implemented via two types of encryption keys –File encryption key (FEK) –Data decryption field (DDF) Encrypted with user’s public key If a user encrypts data and then leaves or loses his or her private key, user designated as the data recovery agent can recover the encrypted data

42 Guide to MCSE 70-270, 70-29042 File Encryption (continued) Points to keep in mind before using EFS: –When encryption attribute set on a folder, only the contents are encrypted –Any data saved, moved or copied into an encrypted folder is encrypted –Encrypted files copied/moved to unencrypted folder retain encryption attribute, if file system is NTFS –Encryption and compression are mutually exclusive

43 Guide to MCSE 70-270, 70-29043 File Encryption (continued) Activity 9-14: Encrypting Files in Windows Explorer –Objective: Implement and test file encryption security in EFS The Cipher Command: Encrypt contents of files stored on NTFS partitions and volume –/e option: Encrypt files and folders –/d option: Decrypt files and folders –Sets encryption attribute only on folders unless /a switch is used –Commonly used to perform bulk encryption

44 Guide to MCSE 70-270, 70-29044 File Encryption (continued) Activity 9-15: Encrypting Files with the Cipher Command –Objective: Encrypt and decrypt files with the Cipher command

45 Guide to MCSE 70-270, 70-29045 Summary Of FAT, FAT32, and NTFS, only NTFS allows configuration of local security permissions To create a shared folder, you are required to have the appropriate rights Windows Server 2003 supports three share permissions: read, change, and full control Windows Server 2003 supports both standard and special NTFS permissions NTFS permissions are cumulative

46 Guide to MCSE 70-270, 70-29046 Summary (continued) When a shared folder and NTFS permissions are combined, the most restrictive permission applies A denied permission always overrides an allowed permission Offline Files is a Microsoft technology that caches network files on the local computer’s hard disk The Distributed File System (DFS) offers a way for shared folders on different servers to appear to be part of a single logical hierarchy

47 Guide to MCSE 70-270, 70-29047 Summary (continued) The four standard file and folder attributes are archive, hidden, read-only, and system Windows Server 2003 supports advanced attributes on NTFS partitions, including archiving, indexing, compression, and encryption settings NTFS includes built-in support for compression NTFS includes support for the Encrypted File System (EFS)

Download ppt "70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access."

Similar presentations

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.

1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.

1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
MIS 431 Chapter 71 Ch. 7: Advanced File Management System MIS 431 Created Spring 2006.

MIS 431 Chapter 71 Ch. 7: Advanced File Management System MIS 431 Created Spring 2006.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.

Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.

1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Similar presentations

Ads by Google