MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Published byModified over 4 years ago
Presentation on theme: "MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006."— Presentation transcript:
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006
MIS 431 - Chapter 52 Permissions!! The main reason for implementing a network is to allow users to access shared resources. Resources such as files, folders, and printers are secured in WS03 via use of permissions. WS03 handles both FAT and NTFS volumes, but NTFS is assumed – a richer permission environment.
MIS 431 - Chapter 53 WS03 File Systems FAT – up to 4 GB; limitations are small partition size and no file security features FAT32 – up to 2 TB partitions but no file security features NTFS – version 5 in WS03 Supports up to 16 TB (terabytes) Greater scalability over FAT and better performance Support for WS03 AD – DC must have an NTFS partition Built-in encryption and compression Configure disk quotas for users Support for remote storage and removable media Recovery logging of disk activities for faster recovery after a failure
MIS 431 - Chapter 54 Creating & Managing Shared Folders A shared folder is a data resource that is made available over network to auth. Users Users must have proper rights to create a shared folder Be in the Administrators or Server Operators groups Be in the Power Users group on WS03 servers that are not domain controllers
MIS 431 - Chapter 55 To Create a Shared Folder Using Windows Explorer (Activity 5-1) Rt click on folder and click Sharing Tab - see figure 5-2 on p. 185 Choose Share this folder, give share name, and specify Permissions Folder has shared icon (hand underneath) Administrative share name: Admin$ Has dollar sign at end and is hidden Only Administrators can see and access root of the drive with C$ or D$
MIS 431 - Chapter 56 To Create a Shared Folder, contd. Using Computer Management (Act. 5-2) MMC Use the Share a Folder Wizard in Shared Folders section: expand and click Shares The wizard also lets you configure permissions All users have read-only access (Everyone group has Read permission) Administrators have full access; others read-only Administrators have full access; others read and write Custom share permissions – Allows both share and NTFS permissions to be defined manually by group and/or user Using net share command from command line.
MIS 431 - Chapter 57 Monitoring Access to Shared Folders Keep track of the number of users connected to specific resources Use Computer Management MMC – examine Sessions and Open Files lines Can Rt-click Computer Management (Local) and choose Connect to manage a different server in the domain. Can disconnect a user or open file connection: rt-click the entry in the Details pane and choose Close Open File or Close Session – takes place immediately.
MIS 431 - Chapter 58 Shared Folder Permissions DACL – discretionary access control list Part of the security descriptor with list of users that have been Allowed access to that resource Disallowed access to that resource Applies to network only, not users logged in locally to that computer
MIS 431 - Chapter 59 More WS03 Permissions… Permissions in WS03 Read – browse file and folder names, read contents, execute programs Change – same as Read plus ability to add or delete files in the folder; also can read and edit contents of existing files Full Control – same as Read and Change plus ability to change permissions for the folder
MIS 431 - Chapter 510 Implementing WS03 Permissions See Act. 5-3 Click Sharing tab and then Permissions button Within Group or user names list box Click Add Enter a group name or a user name, click OK In Allow column, select Full, Change, or Read In Deny column, select Full, Change, or Read DENY trumps Allow: don’t deny and allow same thing!
MIS 431 - Chapter 511 NTFS Permissions These add to the WS03 permissions and give finer control NTFS Permission Concepts: Configure with Security tab Permissions are cumulative: they add based on individual and group permissions Denied permissions always override Folder permissions are inherited by child folders and files unless otherwise specified Can be set at a file level as well as folder level Default is Read; Read & Execute; List Folder Contents
MIS 431 - Chapter 512 Standard NTFS (Fig 5-12 p. 198) Full Control – make any changes Modify – Full except permission to delete subfolders and files, change permissions, or take ownership Read & Execute – Can traverse folders, list folders, read attributes & permissions; inherited by folders and files List Folder Contents – Same as Read & Execute but inherited only by folders Read – Same as Read & Execute except without permission to traverse folders Write – Create files and folders, write attributes, read permissions, synchronize Special – can choose custom combination (see Table 5-3) See Activity 5-5
MIS 431 - Chapter 513 Determine Effective Permissions Much better technique in WS03 Rt-click a folder Click Effective Permissions tab in Advanced Security Settings dialog box (Act. 5-6) Select a user or group, and read the effective permissions for that folder by that user/group
MIS 431 - Chapter 514 Combining Shared Folder and NTFS Permissions (Act. 5-7) When combining WS03 and NTFS: When a user access a share across the network, the permissions combine Most restrictive of the two becomes the effective permission When a user accesses a file locally, only NTFS permissions apply.
MIS 431 - Chapter 515 Convert FAT Partition to NTFS Use command line utility called CONVERT to convert a FAT or FAT32 partition to NTFS 5. In Activity 5-8, you will use Disk Management to create a new partition Requires that you have space available. Specify FAT32 for this partition and size Give name and drive letter (in this case, F:) Then create a folder and examine properties Do Start | Run | Convert f:/fs:ntfs