Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.

Published byMyra King Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system."— Presentation transcript:

1 Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system permissions to control access to files.  Manage file sharing using Internet Information Services (IIS).  Create and manage file system shares and work with share permissions.  Use NTFS file system permissions to control access to files.  Manage file sharing using Internet Information Services (IIS).

2 Chapter 9: SHARING FILE SYSTEM RESOURCES2 UNDERSTANDING PERMISSIONS  File system permissions ***  Share permissions ***  Active Directory permissions users, groups computers, may delegate for more effective management  Registry permissions may require admin permissions to modify  File system permissions ***  Share permissions ***  Active Directory permissions users, groups computers, may delegate for more effective management  Registry permissions may require admin permissions to modify

3 Chapter 9: SHARING FILE SYSTEM RESOURCES3 ACCESS CONTROL LISTS Used to set permissions on most Windows elements such as files, shares, Active Directory objects, and registry keys. The ACL is always stored/found with the element being controlled. You set permissions on security principals like users, groups, and computers. You can view the STANDARD permissions given to a security principal for an object.

4 Chapter 9: SHARING FILE SYSTEM RESOURCES4 PERMISSIONS The advanced tab allows you to see the STANDARD permissions set on a security principal, as well as set SPECIAL permissions. This is a very “granular” method of setting permissions.

5 Chapter 9: SHARING FILE SYSTEM RESOURCES5 INHERITANCE  Allows permissions assigned at one folder to flow down to subsequent files and folders  Can be overridden by explicit permission assignment or inheritance blocking  Useful in reducing the number of permission assignments required  A DENY permission will ALWAYS override an inherited permission.  Allows permissions assigned at one folder to flow down to subsequent files and folders  Can be overridden by explicit permission assignment or inheritance blocking  Useful in reducing the number of permission assignments required  A DENY permission will ALWAYS override an inherited permission.

6 Chapter 9: SHARING FILE SYSTEM RESOURCES6 EFFECTIVE PERMISSIONS  Allowed permissions are cumulative.  Denied permissions override allowed INHERITED permissions. In other words, explicitly allowed permissions do not override inherited DENIED permissions  Explicit permissions take precedence over inherited permissions.  Remember, a security principal can receive permissions from multiple sources, either individually, by inheritance, and by group membership. The combination of these cumulative permissions is known as the EFFECTIVE PERMISSIONS.  Allowed permissions are cumulative.  Denied permissions override allowed INHERITED permissions. In other words, explicitly allowed permissions do not override inherited DENIED permissions  Explicit permissions take precedence over inherited permissions.  Remember, a security principal can receive permissions from multiple sources, either individually, by inheritance, and by group membership. The combination of these cumulative permissions is known as the EFFECTIVE PERMISSIONS.

7 Chapter 9: SHARING FILE SYSTEM RESOURCES7 SHARING FOLDERS WHY SHARE ??? You can access files and folders by sitting at the machine, provided you have the proper permissions. You can make the files or folder available to users on the network by SHARING. The Workstation service and the Server service make sharing and accessing the resources possible. The SERVER service makes the shared resource available on the network, and the WORKSTATION service enables other computers to access the shared resources. These services are implemented when you select Client for Microsoft networks (workstation service) and File and Printer Sharing (server service)

8 Chapter 9: SHARING FILE SYSTEM RESOURCES8 ADMINISTRATIVE SHARES ADMIN$ is the System Root folder. C:\Windows by default is shared with the name Admin$. This is a Hidden share that enables members of the Administrators group to have full control over the system Root folder without having to know exactly where it is. IPC$ Used for remote administration of computers, it allows dedicated portions of one computer’s Memory (named pipe) to communicate with another computer’s named pipe to pass information From one process to another. Remember, when you use a “$” sign AFTER the share name, you will effectively hide the share from users on the network

9 Chapter 9: SHARING FILE SYSTEM RESOURCES9 RESTRICTIONS ON CREATING FILE SYSTEM SHARES  On a domain controller: Administrators, Server Operators, Enterprise Admins, Domain Admins groups only  On a domain member server or workstation: Administrators, Server Operators, or Power Users groups only  On a workgroup or standalone computer: Administrators or Power Users groups only  On a domain controller: Administrators, Server Operators, Enterprise Admins, Domain Admins groups only  On a domain member server or workstation: Administrators, Server Operators, or Power Users groups only  On a workgroup or standalone computer: Administrators or Power Users groups only

10 Chapter 9: SHARING FILE SYSTEM RESOURCES10 CREATING A FILE SYSTEM SHARE USING WINDOWS EXPLORER

11 Chapter 9: SHARING FILE SYSTEM RESOURCES11 SHARING A VOLUME USING WINDOWS EXPLORER

12 Chapter 9: SHARING FILE SYSTEM RESOURCES12 CREATING A FILE SYSTEM SHARE USING THE SHARED FOLDERS SNAP-IN

13 Chapter 9: SHARING FILE SYSTEM RESOURCES13 CREATING A FILE SYSTEM SHARE USING NET.EXE  Allows shares to be created from a command line  Lets you configure permissions during creation  Lets you configure offline settings for the share  Allows shares to be created from a command line  Lets you configure permissions during creation  Lets you configure offline settings for the share Example: net share documents=c:\docs /grant:users,read where documents is the share name you want to use and docs is the name of the folder you want to share

14 Chapter 9: SHARING FILE SYSTEM RESOURCES14 MANAGING SHARED FOLDERS You will see this by going to Computer Management, Shared Folders. Right click any shared folder then select the properties option for the shared folder. Offline settings allows the Administrator to specify whether network users are permitted to cache the shared folder contents on their computers.

15 Chapter 9: SHARING FILE SYSTEM RESOURCES15 CONTROLLING OFFLINE STORAGE

16 Chapter 9: SHARING FILE SYSTEM RESOURCES16 PUBLISHING FILE SYSTEM SHARES IN ACTIVE DIRECTORY A valuable option which creates a Shared folder object in AD which will “POINT” to the actual location of a shared folder. Users can search for this PUBLISHED SHARED FOLDER object in Active Directory without actually having to know the exact location of a shared folder. VIEW THIS IN COMPUTER MANAGEMENT

17 Chapter 9: SHARING FILE SYSTEM RESOURCES17 MANAGING SHARE PERMISSIONS Default share permissions Use Explorer or the Shared Folders option in the Computer Management snap- in to manage shared folders.

18 Chapter 9: SHARING FILE SYSTEM RESOURCES18 USING SHARE PERMISSIONS  Limited scope Can be applied only to folders and only when connecting to the share.  Lack of flexibility Permissions applied to the share apply to all levels below.  No replication Share permissions are not replicated.  No resiliency Share permissions cannot be backed up or restored.  Limited scope Can be applied only to folders and only when connecting to the share.  Lack of flexibility Permissions applied to the share apply to all levels below.  No replication Share permissions are not replicated.  No resiliency Share permissions cannot be backed up or restored.

19 Chapter 9: SHARING FILE SYSTEM RESOURCES19 USING SHARE PERMISSIONS (continued)  Fragility Shares (and therefore share permissions) are lost when a folder is moved or renamed.  No auditing Share permissions do not facilitate auditing.  Fragility Shares (and therefore share permissions) are lost when a folder is moved or renamed.  No auditing Share permissions do not facilitate auditing.

20 Chapter 9: SHARING FILE SYSTEM RESOURCES20 SHARE PERMISSION DEFAULTS  When a new share is created, the following permissions are granted:  Everyone special identity: Read Don’t forget that the Administrator can set whatever share permissions are necessary to allow appropriate access by users, over the network.  When a new share is created, the following permissions are granted:  Everyone special identity: Read Don’t forget that the Administrator can set whatever share permissions are necessary to allow appropriate access by users, over the network.

21 Chapter 9: SHARING FILE SYSTEM RESOURCES21 CREATING A FILE SYSTEM SHARING STRATEGY  Create logically named shares.  Use nesting where necessary to reduce users’ need to navigate the directory structure.  Share removable drives from the root to keep the share available when media are removed and reconnected or changed. For example, when you share out the CDROM drive  Create logically named shares.  Use nesting where necessary to reduce users’ need to navigate the directory structure.  Share removable drives from the root to keep the share available when media are removed and reconnected or changed. For example, when you share out the CDROM drive

22 Chapter 9: SHARING FILE SYSTEM RESOURCES22 NESTING SHARES  A share can be created on any folder in the file system.  Multiple shares on the same folder can have different permissions.  Permissions are applied at the share entry point.  A share can be created on any folder in the file system.  Multiple shares on the same folder can have different permissions.  Permissions are applied at the share entry point.

23 Chapter 9: SHARING FILE SYSTEM RESOURCES23 USING NTFS PERMISSIONS  Scope NTFS permissions apply no matter how the file is accessed.  Flexibility Wide range of permissions allows assignments to be tailored.  Replication NTFS permissions are included when a file is replicated.  Resilience NTFS permissions are retained when objects are backed up.  Less fragile NTFS permissions are not lost if a file is moved (but they may change) or renamed.  Auditing NTFS permissions support auditing.  Scope NTFS permissions apply no matter how the file is accessed.  Flexibility Wide range of permissions allows assignments to be tailored.  Replication NTFS permissions are included when a file is replicated.  Resilience NTFS permissions are retained when objects are backed up.  Less fragile NTFS permissions are not lost if a file is moved (but they may change) or renamed.  Auditing NTFS permissions support auditing.

24 Chapter 9: SHARING FILE SYSTEM RESOURCES24 MANAGING STANDARD PERMISSIONS

25 Chapter 9: SHARING FILE SYSTEM RESOURCES25 USING ADVANCED SECURITY SETTINGS

26 Chapter 9: SHARING FILE SYSTEM RESOURCES26 MANAGING SPECIAL PERMISSIONS

27 Chapter 9: SHARING FILE SYSTEM RESOURCES27 VIEWING EFFECTIVE PERMISSIONS

28 Chapter 9: SHARING FILE SYSTEM RESOURCES28 RESOURCE OWNERSHIP  Each file and folder is assigned an owner.  Ownership of a file makes the security principle a member of the Creator/Owner special identity.  Files that are owned go toward disk quota calculations.  Each file and folder is assigned an owner.  Ownership of a file makes the security principle a member of the Creator/Owner special identity.  Files that are owned go toward disk quota calculations.

29 Chapter 9: SHARING FILE SYSTEM RESOURCES29 Multiple NTFS Permissions user 1 has READ for folder A, and is a member of both groups. Group B has WRITE for folder A, Group A has been DENIED WRITE for file 2. What are user 1’s effective permissions to File 2 ??  NTFS Permissions Are Cumulative  File Permissions Override Folder Permissions  Deny Overrides Other Permissions NTFS Partition C:\ File1 File2 FolderA GroupB GroupA Deny Write to File2 WriteWrite Read / Write Read User1 ReadRead

30 Chapter 9: SHARING FILE SYSTEM RESOURCES30 Class Discussion: Applying NTFS Permissions Users Group Write to Folder1 Sales Group Read to Folder1 User 1 to folder 1 ?? Users Group Write to Folder1 Sales Group Read to Folder1 User 1 to folder 1 ?? Users Group Read to Folder1 Sales Group Write to Folder2 User 1 to Doc2 ?? Users Group Read to Folder1 Sales Group Write to Folder2 User 1 to Doc2 ?? Users Group Modify to Folder1 Doc2 Should Only Be Accessible to Sales Group, and Only for Read Access Users Group Modify to Folder1 Doc2 Should Only Be Accessible to Sales Group, and Only for Read Access NTFS Partition C:\ Doc2 Folder1 Folder2 Doc1 Users Group Sales Group User1

31 Chapter 9: SHARING FILE SYSTEM RESOURCES31 Copying and Moving Files and Folders  Copying Files and Folders  Moving Files and Folders  Class Discussion: Copying and Moving Files

32 Chapter 9: SHARING FILE SYSTEM RESOURCES32 Copying Files and Folders NTFS Partition C:\ Permissions = Destination Folder Permissions = Destination Folder Permissions = Full Control Permissions = Full Control NTFS Partition C:\ Permissions = Full Control Permissions = Full Control Non-NTFS Partition CopyCopy Lose NTFS Permissions NTFS Partition C:\ Permissions = Full Control Permissions = Full Control NTFS Partition D:\CopyCopy Permissions = Destination Folder Permissions = Destination Folder Read, Write Permission CopyCopy

33 Chapter 9: SHARING FILE SYSTEM RESOURCES33 Moving Files and Folders NTFS Partition C:\ Permissions = Full Control Permissions = Full Control Permissions = Full Control Permissions = Full Control Move NTFS Partition D:\ Permissions = Destination Folder Permissions = Destination Folder NTFS Partition C:\ Permissions = Full Control Permissions = Full Control Move Non-NTFS Partition Lose NTFS Permissions NTFS Partition C:\ Permissions = Full Control Permissions = Full Control Move Write, Modify Permissions

34 Chapter 9: SHARING FILE SYSTEM RESOURCES34 Class Discussion: Copying and Moving Files NTFS Partition (D:) Data FC FileA NTFS Partition (C:) Users Mary None FileA Public M CopyCopy FileA MoveMove MoveMove Group 1

35 Chapter 9: SHARING FILE SYSTEM RESOURCES35 ADMINISTERING IIS  Web server platform included with all editions of Windows Server 2003.  Version 6 has improved security over previous versions.  Allows files to be published through a browser interface.  Supports HTTP and FTP.  Web server platform included with all editions of Windows Server 2003.  Version 6 has improved security over previous versions.  Allows files to be published through a browser interface.  Supports HTTP and FTP.

36 Chapter 9: SHARING FILE SYSTEM RESOURCES36 INSTALLING IIS  Not installed during operating system installation  Installed through the Windows Components Wizard (select Add Or Remove Programs in Control Panel, and click Add/Remove Windows Components) or through the Manage Your Server Wizard  Not installed during operating system installation  Installed through the Windows Components Wizard (select Add Or Remove Programs in Control Panel, and click Add/Remove Windows Components) or through the Manage Your Server Wizard

37 Chapter 9: SHARING FILE SYSTEM RESOURCES37 MANAGING AN IIS WEB SITE

38 Chapter 9: SHARING FILE SYSTEM RESOURCES38 USING THE WEB SITE TAB

39 Chapter 9: SHARING FILE SYSTEM RESOURCES39 USING THE HOME DIRECTORY TAB

40 Chapter 9: SHARING FILE SYSTEM RESOURCES40 USING THE DOCUMENTS TAB

41 Chapter 9: SHARING FILE SYSTEM RESOURCES41 USING THE PERFORMANCE TAB

42 Chapter 9: SHARING FILE SYSTEM RESOURCES42 CREATING VIRTUAL DIRECTORIES  Allows you to include a folder from anywhere on the network in your Web site  Appears to the Web site user as if it is a subdirectory of the main Web site folder  Allows management of Web content to be distributed between departments  Allows you to include a folder from anywhere on the network in your Web site  Appears to the Web site user as if it is a subdirectory of the main Web site folder  Allows management of Web content to be distributed between departments

43 Chapter 9: SHARING FILE SYSTEM RESOURCES43 CONFIGURING IIS SECURITY

44 Chapter 9: SHARING FILE SYSTEM RESOURCES44 CONFIGURING IIS AUTHENTICATION

45 Chapter 9: SHARING FILE SYSTEM RESOURCES45 CONFIGURING IP ADDRESS AND DOMAIN NAME RESTRICTIONS

46 Chapter 9: SHARING FILE SYSTEM RESOURCES46 CONFIGURING SECURE COMMUNICATIONS

47 Chapter 9: SHARING FILE SYSTEM RESOURCES47 SUMMARY  Windows Server 2003 controls access to resources using a number of mechanisms, including share permissions and NTFS permissions.  Every object protected by permissions has an ACL, which is a list of ACEs assigned to that object. Each ACE contains a security principal and indicates the level of access they are permitted or denied to the object.  File system shares enable network users to access files and folders on other computers.  Windows Server 2003 controls access to resources using a number of mechanisms, including share permissions and NTFS permissions.  Every object protected by permissions has an ACL, which is a list of ACEs assigned to that object. Each ACE contains a security principal and indicates the level of access they are permitted or denied to the object.  File system shares enable network users to access files and folders on other computers.

48 Chapter 9: SHARING FILE SYSTEM RESOURCES48 SUMMARY (continued)  Share permissions provide basic protection for file system shares, but they lack the granularity and flexibility of NTFS permissions.  NTFS permissions can be allowed or denied, and explicit or inherited. A Deny permission takes precedence over an Allow permission, and an Explicit permission takes precedence over an Inherited permission.  Share permissions provide basic protection for file system shares, but they lack the granularity and flexibility of NTFS permissions.  NTFS permissions can be allowed or denied, and explicit or inherited. A Deny permission takes precedence over an Allow permission, and an Explicit permission takes precedence over an Inherited permission.

49 Chapter 9: SHARING FILE SYSTEM RESOURCES49 SUMMARY (continued)  Access granted by NTFS permissions can be restricted by share permissions and other factors, such as IIS permissions on Web sites.  Whenever two permission types are assigned to a resource, you must evaluate each set of permissions and then determine which of the two is more restrictive.  Every NTFS file and folder has an owner. The owner of a file or folder is always permitted to modify the file or folder’s ACL.  Access granted by NTFS permissions can be restricted by share permissions and other factors, such as IIS permissions on Web sites.  Whenever two permission types are assigned to a resource, you must evaluate each set of permissions and then determine which of the two is more restrictive.  Every NTFS file and folder has an owner. The owner of a file or folder is always permitted to modify the file or folder’s ACL.

50 Chapter 9: SHARING FILE SYSTEM RESOURCES50 SUMMARY (continued)  Any user with the Allow Take Ownership permission or the Take Ownership Of Files Or Other Objects user right can take ownership of an object.  IIS is a Windows Server 2003 application that allows you to share files and folders using Web and FTP server services.  Any user with the Allow Take Ownership permission or the Take Ownership Of Files Or Other Objects user right can take ownership of an object.  IIS is a Windows Server 2003 application that allows you to share files and folders using Web and FTP server services.

Download ppt "Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system."

Similar presentations

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.

11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Similar presentations

Ads by Google