Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work."— Presentation transcript:

1 11 SHARING FILE SYSTEM RESOURCES Chapter 9

2 Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions  Use NTFS file system permissions to control access to files  Manage file sharing using Internet Information Services (IIS)  Create and manage file system shares and work with share permissions  Use NTFS file system permissions to control access to files  Manage file sharing using Internet Information Services (IIS)

3 Chapter 9: SHARING FILE SYSTEM RESOURCES3 UNDERSTANDING PERMISSIONS  File system permissions  Share permissions  Active Directory permissions  Registry permissions  File system permissions  Share permissions  Active Directory permissions  Registry permissions

4 Chapter 9: SHARING FILE SYSTEM RESOURCES4 ACCESS CONTROL LISTS

5 Chapter 9: SHARING FILE SYSTEM RESOURCES5 PERMISSIONS

6 Chapter 9: SHARING FILE SYSTEM RESOURCES6 INHERITANCE  Allows permissions assigned at one folder to flow down to subsequent files and folders  Can be overridden by explicit permission assignment or inheritance blocking  Useful in reducing the number of permission assignments required  Allows permissions assigned at one folder to flow down to subsequent files and folders  Can be overridden by explicit permission assignment or inheritance blocking  Useful in reducing the number of permission assignments required

7 Chapter 9: SHARING FILE SYSTEM RESOURCES7 EFFECTIVE PERMISSIONS  Allowed permissions are cumulative.  Denied permissions override allowed permissions.  Explicit permissions take precedence over inherited permissions.  Allowed permissions are cumulative.  Denied permissions override allowed permissions.  Explicit permissions take precedence over inherited permissions.

8 Chapter 9: SHARING FILE SYSTEM RESOURCES8 SHARING FOLDERS

9 Chapter 9: SHARING FILE SYSTEM RESOURCES9 ADMINISTRATIVE SHARES

10 Chapter 9: SHARING FILE SYSTEM RESOURCES10 RESTRICTIONS ON CREATING FILE SYSTEM SHARES  On a domain controller: Administrators, Server Operators, Enterprise Admins, Domain Admins groups only  On a domain member server or workstation: Administrators, Server Operators, or Power Users groups only  On a workgroup or standalone computer: Administrators or Power Users groups only  On a domain controller: Administrators, Server Operators, Enterprise Admins, Domain Admins groups only  On a domain member server or workstation: Administrators, Server Operators, or Power Users groups only  On a workgroup or standalone computer: Administrators or Power Users groups only

11 Chapter 9: SHARING FILE SYSTEM RESOURCES11 CREATING A FILE SYSTEM SHARE USING WINDOWS EXPLORER

12 Chapter 9: SHARING FILE SYSTEM RESOURCES12 SHARING A VOLUME USING WINDOWS EXPLORER

13 Chapter 9: SHARING FILE SYSTEM RESOURCES13 CREATING A FILE SYSTEM SHARE USING THE SHARED FOLDERS SNAP-IN

14 Chapter 9: SHARING FILE SYSTEM RESOURCES14 CREATING A FILE SYSTEM SHARE USING NET.EXE  Allows shares to be created from a command line  Lets you configure permissions during creation  Lets you configure offline settings for the share  Allows shares to be created from a command line  Lets you configure permissions during creation  Lets you configure offline settings for the share

15 Chapter 9: SHARING FILE SYSTEM RESOURCES15 MANAGING SHARED FOLDERS

16 Chapter 9: SHARING FILE SYSTEM RESOURCES16 CONTROLLING OFFLINE STORAGE

17 Chapter 9: SHARING FILE SYSTEM RESOURCES17 PUBLISHING FILE SYSTEM SHARES IN ACTIVE DIRECTORY

18 Chapter 9: SHARING FILE SYSTEM RESOURCES18 MANAGING SHARE PERMISSIONS

19 Chapter 9: SHARING FILE SYSTEM RESOURCES19 USING SHARE PERMISSIONS  Limited scope Can be applied only to folders and only when connecting to the share.  Lack of flexibility Permissions applied to the share apply to all levels below.  No replication Share permissions are not replicated.  No resiliency Share permissions cannot be backed up or restored.  Limited scope Can be applied only to folders and only when connecting to the share.  Lack of flexibility Permissions applied to the share apply to all levels below.  No replication Share permissions are not replicated.  No resiliency Share permissions cannot be backed up or restored.

20 Chapter 9: SHARING FILE SYSTEM RESOURCES20 USING SHARE PERMISSIONS (continued)  Fragility Shares (and therefore share permissions) are lost when a folder is moved or renamed.  No auditing Share permissions do not facilitate auditing.  Fragility Shares (and therefore share permissions) are lost when a folder is moved or renamed.  No auditing Share permissions do not facilitate auditing.

21 Chapter 9: SHARING FILE SYSTEM RESOURCES21 SHARE PERMISSION DEFAULTS  When a new share is created, the following permissions are granted:  Everyone special identity: Read  Administrators: Full Control  When a new share is created, the following permissions are granted:  Everyone special identity: Read  Administrators: Full Control

22 Chapter 9: SHARING FILE SYSTEM RESOURCES22 CREATING A FILE SYSTEM SHARING STRATEGY  Create logically named shares.  Use nesting where necessary to reduce users’ need to navigate the directory structure.  Share removable drives from the root to keep the share available when media are removed and reconnected or changed.  Create logically named shares.  Use nesting where necessary to reduce users’ need to navigate the directory structure.  Share removable drives from the root to keep the share available when media are removed and reconnected or changed.

23 Chapter 9: SHARING FILE SYSTEM RESOURCES23 NESTING SHARES  A share can be created on any folder in the file system.  Multiple shares on the same folder can have different permissions.  Permissions are applied at the share entry point.  A share can be created on any folder in the file system.  Multiple shares on the same folder can have different permissions.  Permissions are applied at the share entry point.

24 Chapter 9: SHARING FILE SYSTEM RESOURCES24 USING NTFS PERMISSIONS  Scope NTFS permissions apply no matter how the file is accessed.  Flexibility Wide range of permissions allows assignments to be tailored.  Replication NTFS permissions are included when a file is replicated.  Resilience NTFS permissions are retained when objects are backed up.  Less fragile NTFS permissions are not lost if a file is moved or renamed.  Auditing NTFS permissions support auditing.  Scope NTFS permissions apply no matter how the file is accessed.  Flexibility Wide range of permissions allows assignments to be tailored.  Replication NTFS permissions are included when a file is replicated.  Resilience NTFS permissions are retained when objects are backed up.  Less fragile NTFS permissions are not lost if a file is moved or renamed.  Auditing NTFS permissions support auditing.

25 Chapter 9: SHARING FILE SYSTEM RESOURCES25 MANAGING STANDARD PERMISSIONS

26 Chapter 9: SHARING FILE SYSTEM RESOURCES26 USING ADVANCED SECURITY SETTINGS

27 Chapter 9: SHARING FILE SYSTEM RESOURCES27 MANAGING SPECIAL PERMISSIONS

28 Chapter 9: SHARING FILE SYSTEM RESOURCES28 VIEWING EFFECTIVE PERMISSIONS

29 Chapter 9: SHARING FILE SYSTEM RESOURCES29 RESOURCE OWNERSHIP  Each file and folder is assigned an owner.  Ownership of a file makes the security principle a member of the Creator/Owner special identity.  Files that are owned go toward disk quota calculations.  Each file and folder is assigned an owner.  Ownership of a file makes the security principle a member of the Creator/Owner special identity.  Files that are owned go toward disk quota calculations.

30 Chapter 9: SHARING FILE SYSTEM RESOURCES30 ADMINISTERING IIS  Web server platform included with all editions of Windows Server 2003.  Version 6 has improved security over previous versions.  Allows files to be published through a browser interface.  Supports HTTP and FTP.  Web server platform included with all editions of Windows Server 2003.  Version 6 has improved security over previous versions.  Allows files to be published through a browser interface.  Supports HTTP and FTP.

31 Chapter 9: SHARING FILE SYSTEM RESOURCES31 INSTALLING IIS  Not installed during operating system installation  Installed through the Windows Components Wizard (select Add Or Remove Programs in Control Panel, and click Add/Remove Windows Components) or through the Manage Your Server wizard  Not installed during operating system installation  Installed through the Windows Components Wizard (select Add Or Remove Programs in Control Panel, and click Add/Remove Windows Components) or through the Manage Your Server wizard

32 Chapter 9: SHARING FILE SYSTEM RESOURCES32 MANAGING AN IIS WEB SITE

33 Chapter 9: SHARING FILE SYSTEM RESOURCES33 USING THE WEB SITE TAB

34 Chapter 9: SHARING FILE SYSTEM RESOURCES34 USING THE HOME DIRECTORY TAB

35 Chapter 9: SHARING FILE SYSTEM RESOURCES35 USING THE DOCUMENTS TAB

36 Chapter 9: SHARING FILE SYSTEM RESOURCES36 USING THE PERFORMANCE TAB

37 Chapter 9: SHARING FILE SYSTEM RESOURCES37 CREATING VIRTUAL DIRECTORIES  Allows you to include a folder from anywhere on the network in your Web site  Appears to the Web site user as if it is a sub- directory of the main Web site folder  Allows management of Web content to be distributed between departments.  Allows you to include a folder from anywhere on the network in your Web site  Appears to the Web site user as if it is a sub- directory of the main Web site folder  Allows management of Web content to be distributed between departments.

38 Chapter 9: SHARING FILE SYSTEM RESOURCES38 CONFIGURING IIS SECURITY

39 Chapter 9: SHARING FILE SYSTEM RESOURCES39 CONFIGURING IIS AUTHENTICATION

40 Chapter 9: SHARING FILE SYSTEM RESOURCES40 CONFIGURING IP ADDRESS AND DOMAIN NAME RESTRICTIONS

41 Chapter 9: SHARING FILE SYSTEM RESOURCES41 CONFIGURING SECURE COMMUNICATIONS

42 Chapter 9: SHARING FILE SYSTEM RESOURCES42 SUMMARY  Windows Server 2003 controls access to resources using a number of mechanisms, including share permissions and NTFS permissions.  Every object protected by permissions has an ACL, which is a list of ACEs assigned to that object. Each ACE contains a security principal and indicates the level of access they are permitted or denied to the object.  File system shares enable network users to access files and folders on other computers.  Windows Server 2003 controls access to resources using a number of mechanisms, including share permissions and NTFS permissions.  Every object protected by permissions has an ACL, which is a list of ACEs assigned to that object. Each ACE contains a security principal and indicates the level of access they are permitted or denied to the object.  File system shares enable network users to access files and folders on other computers.

43 Chapter 9: SHARING FILE SYSTEM RESOURCES43 SUMMARY (continued)  Share permissions provide basic protection for file system shares, but they lack the granularity and flexibility of NTFS permissions.  NTFS permissions can be allowed or denied, and explicit or inherited. A Deny permission takes precedence over an Allow permission, and an explicit permission takes precedence over an inherited permission.  Share permissions provide basic protection for file system shares, but they lack the granularity and flexibility of NTFS permissions.  NTFS permissions can be allowed or denied, and explicit or inherited. A Deny permission takes precedence over an Allow permission, and an explicit permission takes precedence over an inherited permission.

44 Chapter 9: SHARING FILE SYSTEM RESOURCES44 SUMMARY (continued)  Access granted by NTFS permissions can be restricted by share permissions and other factors, such as IIS permissions on Web sites.  Whenever two permission types are assigned to a resource, you must evaluate each set of permissions and then determine which of the two is more restrictive.  Every NTFS file and folder has an owner. The owner of a file or folder is always permitted to modify the file or folder’s ACL.  Access granted by NTFS permissions can be restricted by share permissions and other factors, such as IIS permissions on Web sites.  Whenever two permission types are assigned to a resource, you must evaluate each set of permissions and then determine which of the two is more restrictive.  Every NTFS file and folder has an owner. The owner of a file or folder is always permitted to modify the file or folder’s ACL.

45 Chapter 9: SHARING FILE SYSTEM RESOURCES45 SUMMARY (continued)  Any user with the Allow Take Ownership permission or the Take Ownership Of Files Or Other Objects user right can take ownership of an object.  IIS is a Windows Server 2003 application that allows you to share files and folders using Web and FTP server services.  Any user with the Allow Take Ownership permission or the Take Ownership Of Files Or Other Objects user right can take ownership of an object.  IIS is a Windows Server 2003 application that allows you to share files and folders using Web and FTP server services.

Download ppt "11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work."

Similar presentations

Windows 2003 Server. Windows 2003 Server Contents Fitur Windows 2003 Server Installation And Configuration Windows Management Resource  User Management.

Windows 2003 Server. Windows 2003 Server Contents Fitur Windows 2003 Server Installation And Configuration Windows Management Resource  User Management.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.

11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Similar presentations

Ads by Google