Module 4 Managing Access to Resources in Active Directory ® Domain Services.

Slides:



Advertisements
Similar presentations
When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.
Advertisements

1 Module 6 Securing Network Resources with NTFS Permissions.
 Overview User Accounts Groups User Rights Permissions.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Chapter 5 File and Printer Services
Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Week 9 Objectives Securing Files and Folders Protecting Shared Files and Folders by Using Shadow Copies Configuring Network Printing.
Implementing File and Print Services
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
File Access. Windows File Systems Three main file systemsThree main file systems File Allocation Table (FAT)File Allocation Table (FAT) FAT32FAT32 NTFSNTFS.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
Configuring Active Directory Objects and Trusts
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Permissions and User Rights
Module 3: Configuring File Access and Printers on Windows 7 Clients
Chapter 8 Configuring and Managing Shared Folder Security.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Page 1 NTFS and Share Permissions Lecture 6 Hassan Shuja 10/26/2004.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Access Control  privilege How does your code manage who has access to what?  authorization  permission Two OS models: Unix Windows.
Module 5: Managing Access to Objects in Organizational Units.
Lecture 6 File, Folder and Share Security. Objectives Managing file and folder security.
1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
Managing Data by Using NTFS. Overview Introduction to NTFS Permissions How Windows 2000 Applies NTFS Permissions Using NTFS Permissions Using Special.
Securing Network Resources with NTFS Permissions.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
Configuring and Managing Resource Access Lecture 5.
1 Chapter Overview Understanding Shared Folders Planning, Sharing, and Connecting to Shared Folders Combining Shared Folder Permissions and NTFS Permissions.
Windows Server 2003 檔案分享管理 林寶森
1 Introduction to Shared Folders Shared folders provide network users access to files. Users connect to the shared folder over the network. Users must.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
11/06/ أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 5.
11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.
ITMT Windows 7 Configuration Chapter 6 – Sharing Resource ITMT 1371 – Windows 7 Configuration 1.
Introduction to NTFS Permissions
Lesson 4: Configuring File and Share Access
Module 4: Managing Access to Resources
Module 7: Managing Access to Objects in Organizational Units
Managing Data by Using NTFS
Managing Data by Using NTFS
Creating and Managing Folders
Windows Vista Inside Out
Presentation transcript:

Module 4 Managing Access to Resources in Active Directory ® Domain Services

Module Overview Managing Access Overview Managing NTFS File and Folder Permissions Assigning Permissions to Shared Resources Determining Effective Permission

What Are Security Principals? Security Principal - A user, group, or computer object that can be used for authentication and to assign access to resources. Relative ID (RID) - The part of a security ID (SID) that uniquely identifies an account or group within a domain. Security ID (SID) - A unique value assigned when a user, computer or security group is created. Internal processes in Windows refer to an account’s SID instead of the account's user or group name. Security Principal S SID RID DomainID

What Are Access Tokens? User’s Access Token Subject Other access information List of user rights Group SID User SID

What Are Permissions? How are permissions assigned? Allow or deny permissions can be assigned to a resource (folder, printer, file) Permissions: Are rules to grant or deny access to an object Used to control access Permissions: Are rules to grant or deny access to an object Used to control access Permissions can be assigned to accounts from the local computer or from AD DS Permissions can be explicitly applied, inherited, or implicitly applied

How Access Control Works Discretionary Access Control List (DACL) DACL contains a list of users and groups that can access or have been denied access to the resource Every file and folder on a NTFS volume has an associated DACL Discretionary Access Control List (DACL) DACL contains a list of users and groups that can access or have been denied access to the resource Every file and folder on a NTFS volume has an associated DACL System Access Control List (SACL) SACL controls auditing of access to the resource System Access Control List (SACL) SACL controls auditing of access to the resource Access Control Entry (ACE) Defines each entry in a DACL or SACL Specifies the set of SIDs that are to be allowed, denied or audited If no ACE is specified within a DACL, access to the resource is denied Access Control Entry (ACE) Defines each entry in a DACL or SACL Specifies the set of SIDs that are to be allowed, denied or audited If no ACE is specified within a DACL, access to the resource is denied

What Are Standard and Special Permissions? Special Permissions Traverse Folder/ Execute File Create Folders/Append DataRead Permissions List Folder/ Read DataWrite AttributesChange Permissions Read AttributesWrite Extended AttributesTake Ownership Read Extended AttributesDelete Subfolders and FilesSynchronize Create Files/Write DataDelete Standard Permissions ReadList Folder ContentsModify WriteRead & ExecuteFull Control

What Is NTFS Permissions Inheritance? Blocking Permission Inheritance can be blocked Inheritance is used to manage access to resources without assigning explicit permissions to each object By default, NTFS permissions are inherited in a parent/child relationship Inheritance is used to manage access to resources without assigning explicit permissions to each object By default, NTFS permissions are inherited in a parent/child relationship Blocking can be performed at the file or folder level Blocking on a folder can be set to propagate the new permissions to child objects

Effects on NTFS Permissions When Copying and Moving Files and Folders When you copy files and folders, they inherit the permissions of the destination folder When you move files and folders within the same partition, they keep their permissions When you move files and folders to a different partition, they inherit the permissions of the destination folder NTFS Partition C:\ NTFS Partition E:\ NTFS Partition D:\ Move Copy or Move Copy

What Are Shared Folders? Folders can be shared, but individual files cannot Shared Folders are folders that allow network access to their contents By default the shared folders permission is Full Control for the user that shared the folder Shared folders can be identified: Through the MMC Console Share and Storage Management In Windows Explorer by the two user icon under the folder Through the command line through Net Share Through Computer Manager under Shared Files

What Are Administrative Shared Folders? Administrative Shares: Are hidden shares Are not displayed when using Net View or in the Network view Administrative Shares: Are hidden shares Are not displayed when using Net View or in the Network view Administrators have full permissions Share permissions cannot be changed

Shared Folder Permissions Permission Level Access Read Allows for viewing of data in files Allows for subfolder browsing Programs in the shared folder can be executed By default, applied to the Everyone group Change All the permissions in the Read category New files and subfolders can be created Data in existing files can be modified or removed Files and subfolders can be deleted Full Control Full permissions included in the Read and Change categories plus permission to change security settings

Considerations for Using Shared Folders When creating shared folders: Use the most restrictive permissions possible Avoid assigning permissions to individual users, use groups whenever possible Remember Full Control lets users modify NTFS permissions. Add groups to the Full Control permission group with caution Add the Authenticated Users group and remove the Everyone group from the share’s permissions

What Are Effective NTFS Permissions? NTFS Permissions are cumulative Modify Execute Write Read Deny takes precedence Permissions can be applied to a user or a group File permissions override folder permissions Creators of file and folders are the owners

Effects of Combining Shared Folder and NTFS Permissions When combining shared folder and NTFS permissions, the most restrictive permission is applied Both the share and the NTFS File and Folder permissions must have the correct permissions, otherwise the user or group will be implicitly denied access to the resource Example: If a user or group is given the Share permission of Read and the NTFS permission of Write, the user or group will only be able to read the file because it is the more restrictive permission

Considerations for Implementing NTFS and Shared Folder Permissions Grant permissions to groups instead of users Use Deny permissions only when necessary Never deny the Everyone group access to an object Grant permissions as high in the folder structure as possible Use NTFS permissions instead of shared permissions for fine-grained access

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.