Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 Configuring and Managing Shared Folder Security.

Published byRolf Bruce Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 8 Configuring and Managing Shared Folder Security."— Presentation transcript:

1 Chapter 8 Configuring and Managing Shared Folder Security

2 Shared Folder Sharing allowing other users to access the information in in folders and files you have created This sharing can be done on a network. A shared folder can contain application data user documents even software

3 Shared Folder Permissions To control user access to a shared folder, shared folder permissions are assigned Each type of data requires different shared folder permissions.

4 The shared folder permissions are; Read - Display folder names, file names, file data, and attributes; run program files; and change folders within the shared folder. Change - Create folders, add files to folders, change data in files, append data to files, change file attributes, delete folders and files; also allows the user to perform actions permitted by the Read permission.

5 Full Control - Change file permissions, take ownership of files, and perform all tasks permitted by the Change permission.

6 you can allow or deny shared folder permissions it is best to allow permissions and to assign permissions to a group rather than to individual users.

7 Characteristics of Shared Folder Permissions: Shared folder permissions apply to folders, not individual files. Because you can apply shared folder permissions only to the entire shared folder and not to individual files or subfolders in the shared folder, they provide less detailed security than NTFS permissions

8 Shared folder permissions don’t restrict access to users who gain access to the folder at the computer where the folder is stored. Shared folder permissions are the only way to secure network resources on a FAT volume. The default shared folder permission is Read, and it is assigned to the Everyone group when you share the folder.

9 General Guidelines for Shared Folder Permissions: Determine which groups need access to each resource and the level of access that they require. Document the groups and their permissions for each resource. Assign permissions to groups instead of user accounts to simplify access administration. Assign to a resource the most restrictive permissions that still allow users to perform required tasks.

10 Organize resources so that folders with the same security requirements are located within a folder. Use intuitive share names so users can easily recognize and locate resources. Do not deny access to the Everyone group. Instead, completely remove the Everyone group from the permissions. Denying access to Everyone denies access even to administrators.

11 How Shared Folder Permissions are applied Multiple permissions - A user can be a member of multiple groups, each with different permissions that provide different levels of access to a shared folder. The user’s effective permissions are a combination of the user and group permissions.

12 Denied permissions take precedence over any permissions that you otherwise allow for user accounts and groups. If you deny a shared folder permission to a user, the user won’t have that permission, even if you allow the permission for a group the user belongs to.

13 NTFS permissions - Shared folder permissions are sufficient to gain access across the network to files and folders on a FAT volume but not on an NTFS volume. When users gain access to a shared folder on an NTFS volume, they need the shared folder permission and also the appropriate NTFS permissions for each file and folder to which they gain access.

14 A user’s effective permission for a shared folder on an NTFS volume is the more restrictive of the shared and NTFS permissions

15 When you copy a shared folder, the original folder is still shared but the copy is not. When you rename or move a shared folder, it is no longer shared. When a folder is deleted, the folder share is deleted as well.

16 Planning Shared Folders When you plan shared folders, you can reduce administrative overhead and ease user access by putting resources into folders according to common access requirements. Shared folders can contain applications and data. By consolidating data and applications into shared folders according to function, you gain the following benefits:

17 Ease of use - By centralizing files in just a few shared folders, you make them easier for users to find. Simpler configuration - When files are consolidated into common folders, it is easier to apply permissions. Centralized administration - If data folders are centralized, you can back them up more easily and you can upgrade application software more easily.

18 Requirements for Shared Folders In Windows XP Professional, members of the built-in Administrators and Power Users groups can share folders. By default, in a Windows Server domain, members of the Domain Admins and Server Operators groups can share folders on any machine in the domain.

19 Shared Application Folders Shared application folders are used for applications that are installed on a network server and that can be used from client computers. The main advantage of sharing applications is that you don’t need to install and maintain most components of the applications on each computer

20 Although program files for applications can be stored on a server, configuration information for most network applications is often stored on each client computer. When you share application folders, consider the following points:

21 Create one shared folder for applications, and organize all of your applications under this folder. This designates one location for installing and upgrading software. Assign the Administrators group Full Control permission for the applications folder so members of this group can manage the application software and control user permissions.

22 Assign Change permission to groups that are responsible for upgrading and troubleshooting applications. Remove any permissions for the Everyone group, and assign Read permission to the Users group. Create a separate shared folder outside your application folder hierarchy for any application for which you need to assign different permissions. Then assign the appropriate permissions to that folder.

23 Shared Data Folders Shared folder data is divided into two types Public data - Public data folders are used by larger groups of users who all need access to common data. Working data – Working data folders are used by members of a team who need access to shared files

24 Public Data When you share a common public data folder, do the following: Use centralized data folders so data can be backed up easily. Assign Change permission to the Users group for the common data folder

25 Working Data When you share working data shared folders Assign Full Control permission to the Administrators group for a central data folder so administrators can perform maintenance. Share lower-level data folders below the central folder by assigning Change permission to the appropriate groups when you need to restrict access to those folders.

26 Administrative Shared Folders Windows XP Professional automatically shares folders for administrative purposes. These shares are marked with a dollar sign ($), which hides them from users who view shared resources in My Network Places. The root of each lettered volume, the system root folder, the connection point for interprocess communication (IPC), and the location of the printer drivers are hidden shared folders

27 Combining Shared Folder and NTFS Permissions You share folders to provide network users with access to resources. If you are using a FAT volume, which has no security of its own, the shared folder permissions are the only resource available to provide security If you are using an NTFS volume, you can assign NTFS permissions to individual users and groups to better control access to the files and subfolders in each shared folder.

28 When you use shared folder permissions on an NTFS volume, the following rules apply: You can apply NTFS permissions to files and subfolders in the shared folder. You can even apply different NTFS permissions to each file and each subfolder in a shared folder. In addition to shared folder permissions, users must have NTFS permissions to the files and subfolders in shared folders to access those files and subfolders.

29 When you combine shared folder permissions and NTFS permissions, the more restrictive permission is always the overriding permission.

Download ppt "Chapter 8 Configuring and Managing Shared Folder Security."

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.

When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.

11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.

1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Similar presentations

Ads by Google