Presentation is loading. Please wait.

Presentation is loading. Please wait.

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.

Published bySheila Randall Modified over 8 years ago

Similar presentations

Presentation on theme: "MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources."— Presentation transcript:

1 MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources

2 Guide to MCDST 70-2712 Objectives Understand the basic Windows XP security model Understand the characteristics of the Windows XP file systems Manage NTFS permissions Use file compression Use file encryption

3 Guide to MCDST 70-2713 Objectives (continued) Manage simple and classic file sharing Manage shared folders Troubleshoot resource access problems Understand security auditing

4 Guide to MCDST 70-2714 The Windows XP Security Model Windows XP Professional –Can establish local security when used as a standalone system or in a workgroup –Can participate in domain security Access token –Includes information about: User’s identity Permissions List of groups to which user belongs

5 Guide to MCDST 70-2715 The Windows XP Security Model (continued) Access control list (ACL) –Contains a list of permissions associated with a resource Domain controller –Authenticates domain logons –Maintains the security policies and the account database for a domain

6 Guide to MCDST 70-2716 The Windows XP Security Model (continued) All objects are logically subdivided into three parts –A type identifier –A list of services or functions –A list of named attributes that may or may not have associated data items, called values

7 Guide to MCDST 70-2717 File Systems Windows XP supports –The File Allocation Table (FAT, also called FAT16) –FAT32 file systems –The New Technology File System (NTFS) –File-level security, encryption, compression, auditing, and more

8 Guide to MCDST 70-2718 FAT and FAT32 Important features of FAT –Supports volumes up to 4 GB in size –Most efficient on volumes smaller than 256 MB –A root directory that can contain only 512 entries –Has no file-level compression –Has no file-level security –A maximum file size of 2 GB

9 Guide to MCDST 70-2719 NTFS Important features –Supports volumes up to 2 TB in size –Is most efficient on volumes larger than 10 MB –Has a root directory that can contain unlimited entries –Has file-level compression –Has file-level security –Has file-level encryption

10 Guide to MCDST 70-27110 Converting File Systems FAT and FAT32 volumes on a system –Can be migrated to the NTFS format without losing data To convert an NTFS volume to FAT or FAT32, you must: –Back up your data –Reformat the volume –Restore your data

11 Guide to MCDST 70-27111 Managing NTFS Permissions NTFS –The only file system supported by Windows XP that offers file-level security –File and folder permissions are nearly identical NTFS file and folder permissions –Read –Write (folders) –Write (files)

12 Guide to MCDST 70-27112 Managing NTFS Permissions (continued) NTFS file and folder permissions (continued) –List Folder Contents (folders only) –Read & Execute (folders) –Read & Execute (files) –Modify (folders) –Modify (files) –Full Control (folders) –Full Control (files) –Special Permissions

13 Guide to MCDST 70-27113 Managing NTFS Permissions (continued)

14 Guide to MCDST 70-27114 Managing NTFS Permissions (continued)

15 Guide to MCDST 70-27115 Managing NTFS Permissions (continued)

16 Guide to MCDST 70-27116 Rules for Working with NTFS Permissions NTFS object permissions always apply NTFS object permissions are cumulative NTFS file permissions override any contradictory settings on the parent or container folder Deny overrides all other specific Allows

17 Guide to MCDST 70-27117 Rules for Working with NTFS Permissions (continued) When disabling inheritance for an NTFS object, select to: –Copy the parent object’s permissions to the current object –Remove permissions assigned from the parent and retain only object-specific settings

18 Guide to MCDST 70-27118 Inheritance of Permissions Situations in which inheritance comes into play –Moving an object within the same volume or partition –Copying an object within the same volume or partition –Moving an object from one volume or partition to another –Copying an object from one volume or partition to another

19 Guide to MCDST 70-27119 File Compression The ability to compress data on the basis of single files, folders, or entire volumes Offers the benefit of being able to store more data in the same space, but performance suffers Configuring and managing file compression –Involves enabling or disabling the file compression attribute on one or more files or folders

20 Guide to MCDST 70-27120 File Compression (continued)

21 Guide to MCDST 70-27121 Encrypting File System Allows you to encrypt data stored on an NTFS drive Uses a public and private key encryption method Does not function without a Recovery Agent Windows XP automatically designates the local Administrator as the Recovery Agent

22 Guide to MCDST 70-27122 Encrypting File System (continued) Primary benefit –If your computer is either physically accessed or stolen, the data is protected Primary drawback –The increased processing power required to encrypt all writes and decrypt all reads on the fly

23 Guide to MCDST 70-27123 Encrypting File System (continued) Each generation of operating systems uses a different default cryptography algorithm for EFS –Windows 2000 EFS uses DESX –Windows XP Professional EFS uses 3DES –Windows Server 2003 and Windows XP Professional with Service Pack 1 EFS use: AES by default Support 3DES and DESX

24 Guide to MCDST 70-27124 Simple File Sharing Used when quick and easy file sharing is needed from a Windows XP Professional system Offers a limited range of configuration options for shared resources Effective only when Windows XP is a member of a workgroup

25 Guide to MCDST 70-27125 Managing Shared Folders The Sharing tab, found on both FAT/FAT32 and NTFS folder Properties dialog boxes, offers the following controls: –Do not share this folder –Share this folder –Share name –User limit –Permissions

26 Guide to MCDST 70-27126 Managing Shared Folders (continued) Issues when working with shares –Permission levels are the only way to impose security on shared FAT volumes –Shares are folders, not individual files –Share permissions apply only to the network access point where the folder resides –Default permission for a new share is Full Control for the Everyone group

27 Guide to MCDST 70-27127 Managing Shared Folders (continued) Issues when working with shares –Multiple share permission levels caused by group memberships are cumulative –Deny always overrides any other specifics allowed –The most restrictive permissions of cumulative share or cumulative NTFS apply –Share permissions only restrict access for network users, not local users

28 Guide to MCDST 70-27128 Troubleshooting Access and Permission Problems To resolve permission or access problems: –Determine what valid access the user should have –Inspect the resource object’s permissions based on: Groups and the specific user What actions are set to Allow or Deny –Inspect the share’s permissions based on: Groups and the specific user What actions are set to Allow or Deny

29 Guide to MCDST 70-27129 Troubleshooting Access and Permission Problems (continued) To resolve permission or access problems (continued): –Inspect the user’s group memberships –Attempt to access other resources with the user account from the same computer and a different computer –Attempt to access the problematic resource with the Administrator account from the same computer and a different computer

30 Guide to MCDST 70-27130 Troubleshooting Access and Permission Problems (continued) Guidelines when designing permission levels –Grant permission only as needed –Rely upon NTFS to restrict access –Grant Full Control only when necessary, even on shares –Change permissions on a folder level; allow changes to affect all child elements

31 Guide to MCDST 70-27131 Auditing for Security Auditing –The security process that records the occurrence of specific operating system events –Events Significant occurrences in the system that require users to be notified or a log entry to be added –Can provide valuable information about: Security breaches Resource activity User adeptness

32 Guide to MCDST 70-27132 Auditing for Security (continued)

33 Guide to MCDST 70-27133 Auditing for Security (continued)

34 Guide to MCDST 70-27134 Summary Windows XP –Can participate as a client in workgroup and domain networks –Supports FAT/FAT32 and NTFS file systems Local and network access to NTFS-hosted resources –Controlled through the use of permissions Compression –Reduces the amount of drive space that some files consume

35 Guide to MCDST 70-27135 Summary (continued) File encryption –Used to restrict access to files and folders to a specific user account Sharing file resources can be done through –Simple file sharing for workgroup members or –Classic file sharing for domain members Troubleshooting access and permissions involves verifying that users are members of the correct groups

Download ppt "MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources."

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.

1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Chapter 7: Configuring Disks. 2/24 Objectives Learn about disk and file system configuration in Vista Learn how to manage storage Learn about the additional.

Chapter 7: Configuring Disks. 2/24 Objectives Learn about disk and file system configuration in Vista Learn how to manage storage Learn about the additional.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
70-270: MCSE Guide to Microsoft Windows XP Professional Second Edition, Enhanced Chapter 4: Managing Windows XP File Systems and Storage.

70-270: MCSE Guide to Microsoft Windows XP Professional Second Edition, Enhanced Chapter 4: Managing Windows XP File Systems and Storage.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Similar presentations

Ads by Google