Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Server 2003 檔案分享管理 林寶森

Published byEdwina Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "Windows Server 2003 檔案分享管理 林寶森"— Presentation transcript:

1 Windows Server 2003 檔案分享管理 林寶森 jeffl@ms11.hinet.net

2 Introduction to Shared Folders Shared Folders Give Users Centralized Access to Network Files A Folder Must Be Shared Before a User Can Connect to It Permission to Use a Shared Folder Is Assigned to Users and Groups Users User1 User2 User3 User4 User1 User2 User3 User4 Server Shared Folders Data

3 Who Can Access Shared Folders? Windows Server 2003 Domain Controller –Administrators Group –Server Operators Group A Member Server or Stand-Alone Server Running Windows Server 2003 –Administrators Group –Power Users Group

4 Sharing a Folder Applications Properties GeneralWeb SharingSharingSecurity You can share this folder among other users on your network. To enable sharing for this folder, click Share this folder. Do not share this folder Share this folder Share name: Comment: User Limit:Maximum allowed AllowUsers To set permissions for how users access this folder over the network, click Permissions. To configure settings for offline access to this shared folder, click Caching. Caching Permissions OKCancelApply Applications Application files Required Optional

5 Shared Folder Permissions Data Shared Folder Permissions Read Change Full Control User Shared Folder Permissions Are Cumulative Deny: – Overrides all other permissions – Is granted only if necessary

6 Granting Permissions and Modifying Shared Folder Settings When You Grant Shared Folder Permissions: –A shared folder can reside on an hard disk formatted to NTFS, FAT, or FAT32 file system –Users also need the appropriate NTFS permission on an NTFS volume You Can Modify Shared Folder Settings to: –Stop sharing a folder –Modify permissions –Create multiple shares for a shared folder –Remove a share

7 What Are Published Shared Folders? A published shared folder is a shared folder object in Active Directory Clients can search Active Directory for shared folders that are published Clients do not need to know the name of the server to connect to a shared folder Publish shared folders that are relatively static and change infrequently Users can easily find shared folders even if the physical location of the folders changes You can publish any shared folders that are accessible by a UNC name

8 How to Publish a Shared Folder

9 Administrative Shared Folders Administrators Use Administrative Shared Folders to Perform Administrative Tasks Administrative Shared Folders Are Hidden From Normal Users Only Administrators Have the Full Control PermissionShareSharePurposePurpose C$, D$, E$ The root of each partition is automatically shared Admin$ The C:\Windows folder is shared as Admin$ Print$ The folder containing the printer driver files is shared as Print$ (created when the first printer is created)

10 Hide a Shared Folder Include a $ after the name of the shared folder Users can only access a hidden shared folder by typing the UNC, for example, \\server\secrets$

11 Connecting to a Network Resource Windows 2003- Based Server My Network Places My Network Places Search on Start Menu Search on Start Menu Internet Explorer Run Command Run Command Map Network Drive Map Network Drive Methods to Use to Connect: Windows XP Professional

12 Guidelines for Assigning Permissions Determine Which Groups Need Access to a Resource Assign Permissions to Local Groups Instead of Users Assign the Most Restrictive Permissions Change Default Permissions for a New Shared Folder

13 What Are Permissions? Permissions define the type of access granted to a user, group, or computer for an object You apply permissions to objects such as files, folders, shared folders, and printers You assign permissions to users and groups in Active Directory or on a local computer

14 Introduction to NTFS Permissions Available Only on NTFS Volumes Secure Files and Folders Effective When a User Accesses the Resource: –Locally (Interactive) –Remotely (Network) NTFS Volume User1 RR User2 User3 R Suggestions C User1 Server

15 Permissions Can be allowed or denied Can be implicitly or explicitly denied Can be set as standard or special permission Access Control Settings for Domain Controllers PermissionsOwner Permission Entries: TypeNamePermission Allow Authenticated UsersSpecial Domain Admins… SYSTEM Administrators… Enterprise Admins… Special Full Control Special Full Control This permission is defined directly on this object. This permission is not inherited by child objects. Add...RemoveView/Edit... Auditing Apply to This object only This object and all child… Allow inheritable permissions from parent to propagate to this object.

16 Multiple NTFS Permissions NTFS Permissions Are Cumulative File Permissions Override Folder Permissions Deny Overrides Other Permissions File1 File2 Group B Group A Deny Write to File2 Write User1 Read Read/Write Folder A

17 What Are Standard and Special Permissions? Standard PermissionsSpecial Permissions

18 Subsystems Overview

19 Security Components Security Principals – User, security group, service, and computer – Identified by a unique ID Security Identifiers (SIDs) – Uniquely identify security principals – Are never reused Security Descriptors – Security information associated with an object – Contains DACLs and SACLs

20 Discretionary and System Access Control Lists Discretionary Access Control List (DACL) –Identifies the security principals that are allowed or denied access, and the level of access being allowed or denied System Access Control List (SACL) –Controls how object access will be audited Security Descriptor Header Owner SID Group SID DACL SACL ACEs

21 What Is Permissions Inheritance? Access to FolderB FolderA FolderB Inherit permissions Read / Write Prevent inheritance No access to FolderB FolderA FolderB FolderC Read / Write

22 Permissions Inheritance Child containers and their objects inherit permissions set on a parent container Inheritable permissions propagate from a parent object to a child object when: –A child object is created –The permissions on the parent object are modified Parent Container Access User 1 Read Group 1 Full Control User 1 Read Group 1 Full Control Child Container Users Assigned Access Permission for Parent Container Permissions Inherited by Child Containers Permissions

23 Inheritance Eliminates the need to manually apply permissions to child objects Ensures that the permissions applied to a parent object are applied consistently to all child objects Ensures that when permissions on all objects within a container need to be changed, you only need to change the permissions on the parent object Ensures that when ACEs are directly applied to objects, the ACEs override any conflicting inherited ACEs Users Assigned Access Permission for Parent Object Parent Object Parent Object Child Object DACL User 1 Read Group 1 Full Control DACL User 1 Read Group 1 Full Control DACLs Are Inherited by Child Objects

24 Setting Permission Inheritance Folder1 Properties GeneralWeb SharingSharing Security Name Everyone Add... Remove Advanced... OKCancel Apply Allow inheritable permissions from parent to propagate to this object. Full Control Modify Read & Execute List Folder Contents Read Write You are preventing any inheritable permissions from propagating to this object. What do you want to do? -To copy previously inherited permissions to this object, click Copy. -To remove the inherited permissions and keep only the permissions explicitly specified on this object, click Remove. -To abort this operation, click Cancel. CopyRemoveCancel Security Permissions

25 Object Ownership Every Object Has an Owner The Owner Controls How Permissions Are Set on an Object, and to Whom Permissions Are Assigned Object owners can always change permissions If a Member of the Administrators Group Takes Ownership, the Default Owner Is the Group, Not the Individual User Advanced… Allow inheritable permissions from parent to propagate to this object. OKCancel Apply Access Control Settings for System1 Permissions Auditing Owner Current owner of this item: Domain Admins (CONTOSO\Domain\Admins) Change owner to: Administrator (CONTOSO\Administrator) Administrators (CONTOSO\Administrators) Name Owners

26 Changing Object Ownership Access Control Settings for System2 PermissionsAuditingOwner Current owner of this item: Domain Admins (ASIA1\Domain\Admins) Change owner to: Administrator (ASIA1\Administrator) Administrators (ASIA1\Administrators) Ownership Changes When: The current owner assigns the Modify Ownership permission to other users Members of the Domain Admins group take ownership of any object in the domain

27 Copying or Moving Folders and Files Copy File-A=New Permissions File-A=RWX Move

28 Effects on NTFS Permissions When Copying and Moving Files and Folders When you copy files and folders, they inherit permissions of the destination folder When you move files and folders within the same partition, they retain their permissions When you move files and folders to a different partition, they inherit the permissions of the destination folder NTFS Partition C:\ NTFS Partition E:\ NTFS Partition D:\ Move Copy Or Move

29 Combining Shared Folder and NTFS Permissions NTFS Volume File-B R File-A FC Public Shared Folders Public Everyone R User2 \\User2 The Most Restrictive Permission Is the Effective Permission

30 Combined NTFS and Shared Folder Permissions Users Group Engineer Accountant FC NTFS Partition C:\ Accounting Full Control Engineering No Access Engineering Full Control Accounting No Access Users Read Only ACCTPKG ENGPKG FC Applications RO Share Permissions

31 The Logon Process User Logs On Local Security Subsystem Obtains a Ticket for the User Local Security Subsystem Requests a Workstation Ticket Kerberos Service Sends a Workstation Ticket Local Security Subsystem Constructs an Access Token Access Token Is Attached to the User’s Process 11 22 33 44 55 66 Local Security Subsystem Local Security Subsystem Domain Controller Global Catalog TicketTicket Access Token 11 TicketTicket TicketTicket 22 33 44 66 Constructs Access Token 55 Kerberos Service

32 Access Tokens Are created during the logon process and used whenever a user attempts to gain access to an object Contain a SID, a unique identifier used to represent a user or a group Contain Group ID, a list of the groups to which a user belongs Contain user rights, the privileges of a user Access Token Security ID: S-1-5-21-146... Group IDs:Employees EVERYONE LOCAL User Rights: SeChangeNotifyPrivilege - (attributes) 3 SeSecurityPrivilege - (attributes) 0 Security ID: S-1-5-21-146... Group IDs:Employees EVERYONE LOCAL User Rights: SeChangeNotifyPrivilege - (attributes) 3 SeSecurityPrivilege - (attributes) 0

33 How Windows Grants Access to Resources User Application Sends Read Request DACL Security Subsystem Access File Read Allowed Security Subsystem Checks Appropriate ACE in DACL for File ACE Found Server1 Data APP SID User SID Group ACE Access Allowed User 1 Read

34 Using Disk Quotas Usage Calculation Based on File and Folder Ownership Compression Ignored When Calculating Usage Free Space for Applications Based on Quota Limit Disk Quotas Tracked for Each NTFS Volume Disk Quotas Available Only on NTFS Volumes

35 What Is Distributed File System? Users User1 User2 More Users User3 User4 Dfs Share All Users User1 User2 User3 User4 Dfs Root Dfs Links Physical locations of folders: The structure that users see:

36 Types of Dfs Roots A Dfs Root Represents the Highest Level of the Dfs Topology The Types of Dfs Roots Are: Stand-Alone Dfs Root Is stored on a single computer Does not use Active Directory Cannot have root-level Dfs shared folders Can have only a single level of Dfs links Is stored on a single computer Does not use Active Directory Cannot have root-level Dfs shared folders Can have only a single level of Dfs links Domain-Based Dfs Root Hosted on a domain controllers or member server Has its Dfs topology automatically stored in Active Directory Can have root-level Dfs shared folders Can have multiple levels of Dfs links Hosted on a domain controllers or member server Has its Dfs topology automatically stored in Active Directory Can have root-level Dfs shared folders Can have multiple levels of Dfs links

37 Accessing File Resources Through Dfs Client connects to a Dfs server Client receives a referral to the Dfs link Dfs client connects to the Dfs link Sales Data South Sales Data North East Server Hosting Dfs Root Server1 1 1 2 2 3 3

38 Adding Replicas for Fault Tolerance Replicas Provide: Fault Tolerance Load Balancing Server2 Sales Data Sales Data North East Server1 Sales Data Sales Data North East Server3 Sales Data Sales Data North East Dfs Share Sales Data North East

39 Configuring Replication Server1 Hosting Dfs Root (Initial Master) Server2 Hosting Dfs Root Sales Data North East Sales Data North East Active Directory

40 Introduction to Offline Files User Logs On User Logs Off Local files are synchronized with server files User Is Disconnected from the Network User works with the marked local copy of the file Local files are synchronized with server files Log off SynchronizeSynchronize Log on SynchronizeSynchronize

41 How Offline Files Are Synchronized Disconnected from the network –Windows Server 2003 synchronizes the network files with a locally cached copy of the file –The user works with the locally cached copy Logged on to the network –Windows Server 2003 synchronizes offline files that the user has modified with the network version of the files If a file has been modified in both locations –The user is prompted to choose which version of the file to keep or to rename one file and keep both versions

42 Configuring a Server for Offline Files Manual Caching Only Files Specifically Marked by the User Will Be Cached Automatic Caching Files Will Automatically Be Cached When They Are First Opened Program Caching Read-Only Files Will Be Cached Once; Then the Local Copies Will Be Used

43 Offline File Caching Options Automatic Caching Manual Caching Program Caching

44 Configuring a Client Computer for Offline Files Folder Options GeneralViewFile Types Offline Files Set up your computer so that the files stored on the network are available when working offline (disconnected from the network). Enable Offline Files Synchronize all offline files before logging off Enable reminders 60Display reminder balloon everyminutes. Place shortcut to Offline Files folder on the desktop Amount of disk space to use for temporary offline files: 205 MB (10% of drive) Delete Files...View FilesAdvanced CancelOKApply

Download ppt "Windows Server 2003 檔案分享管理 林寶森"

Similar presentations

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.

1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
7.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.

1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

Similar presentations

Ads by Google