Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.

Slides:



Advertisements
Similar presentations
Managing User, Computer and Group Accounts
Advertisements

When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Chapter 5 File and Printer Services
Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 6: Windows File and Print Services.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Chapter 7: WORKING WITH GROUPS
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Module 4 Managing Access to Resources in Active Directory ® Domain Services.
Module 3: Configuring Active Directory Objects and Trusts.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Instructor: Michael J. Teske. Agenda  Introductions  Course Requirements  Course Content  Course Goals  Course Overview  Syllabus  Timeline  Brief.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Chapter 10: Rights, User, and Group Administration.
Module 3: Configuring File Access and Printers on Windows 7 Clients
Chapter 8 Configuring and Managing Shared Folder Security.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Page 1 NTFS and Share Permissions Lecture 6 Hassan Shuja 10/26/2004.
Lecture 6 File, Folder and Share Security. Objectives Managing file and folder security.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
1 Chapter Overview Understanding Shared Folders Planning, Sharing, and Connecting to Shared Folders Combining Shared Folder Permissions and NTFS Permissions.
1 Introduction to Shared Folders Shared folders provide network users access to files. Users connect to the shared folder over the network. Users must.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
11/06/ أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 5.
11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.
ITMT Windows 7 Configuration Chapter 6 – Sharing Resource ITMT 1371 – Windows 7 Configuration 1.
Introduction to NTFS Permissions
Lesson 4: Configuring File and Share Access
Module 4: Managing Access to Resources
Active Directory Administration
Chapter 9: Managing Groups, Folders, Files, and Object Security
Creating and Managing Folders
Windows Vista Inside Out
Presentation transcript:

Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions Share Permissions Universal Naming Convention IT:Network:Microsoft Server 1 Copyright 2010

Groups Two kinds: 1. Security Group: Granting access to resource objects 2. Distribution List: used for and organization IT:Network:Microsoft Server 1 Copyright 2010

Groups Local: standalone servers that are not part of a domain. Does not go beyond local server Domain Local: used when there is a single domain or used to manage resources in a particular domain so that global and universal groups can access those resources Global: used to manage group accounts from the same domain so that those accounts can access resources in the same and in other domains. Universal: used to provide access to resources in any domain within a forest. IT:Network:Microsoft Server 1 Copyright 2010

Groups W2K3 comes with predefined domain local, global, and universal groups. Ie: Domain Admins, Domain Users, etc. Default Local Groups: (More on p. 718) Account operators: administer user accounts and groups Administrators: Complete access Backup operators: enables members to back up folders and files on computers Guests Power Users Print Operators Remote Desktop Users Users IT:Network:Microsoft Server 1 Copyright 2010

Groups Built In Global Groups: Domain Admins: Members can administer home domain, workstations of the domain and any other trusted domain. Every system that is “joined” to a domain has the Domain Admins automatically added to the local administrators Group. Domain Users: Every user created in a domain is automatically made a member of the Domain Users group IT:Network:Microsoft Server 1 Copyright 2010

“Special” Built-in Groups INTERACTIVE: anyone using computer locally Network: all users connected over the network to the computer Everyone: All current users, including guests, and users from other domains System: the operating system Creator Owner: the creator/owner of subdirectories, files, and print jobs Authenticated users: any user who has been authenticated to the system. A more secure alternative to Everyone Anonymous Logon: a user who has logged in anonymously, such as an anonymous FTP user Batch: an account that has logged in as a batch job Service: an account that has logged in as a service Dialup: users who are accessing the system via DUN IT:Network:Microsoft Server 1 Copyright 2010

ACCESS CONTROL LISTS IT:Network:Microsoft Server 1 Copyright 2010

SHARING FOLDERS IT:Network:Microsoft Server 1 Copyright 2010 Must have file and printer sharing enabled

File and Printer Sharing for Microsoft Networks IT:Network:Microsoft Server 1 Copyright 2010 Utilizes the SERVER service to provide access to local resources All Microsoft Operating Systems install File and Printer sharing by default. This means even your Windows XP, Vista, etc. come out of the box as “servers”. The WORKSTATION service must be started in order for that client to access resources across the network.

Share Permissions IT:Network:Microsoft Server 1 Copyright 2010 Add Authenticated Users Group Add Administrators Group Delete Everyone Group QUIZ QUESTION!!! Default Permissions for Share

Share Permissions Read - Read files and folders and their attributes, run application files, and change folders that are contained in the shared folder. Change - Create folders and files. Change data and attributes in files and delete files and folders. The Change permission can also perform the same actions as the Read permission Full Control - This permission can allow the same rights as READ and CHANGE. In addtion, it grants the user/group the right to modify the Access Control List(ACL). Modifying the ACL means changing permissions as well as adding or removing groups/users. IT:Network:Microsoft Server 1 Copyright 2010

ADMINISTRATIVE SHARES IT:Network:Microsoft Server 1 Copyright 2010 To disable the creation of administrative shares, browse to:

CREATING A FILE SYSTEM SHARE USING WINDOWS EXPLORER IT:Network:Microsoft Server 1 Copyright 2010

SHARING A VOLUME USING WINDOWS EXPLORER IT:Network:Microsoft Server 1 Copyright 2010

CREATING A FILE SYSTEM SHARE USING THE SHARED FOLDERS SNAP-IN IT:Network:Microsoft Server 1 Copyright 2010

CREATING A FILE SYSTEM SHARE USING NET.EXE Allows shares to be created from a command line Lets you configure permissions during creation Lets you configure offline settings for the share IT:Network:Microsoft Server 1 Copyright 2010

Net.exe IT:Network:Microsoft Server 1 Copyright 2010

Net.exe Can map logical drives using net.exe Net use : \\computername\sharename /persistent:no\\computername\sharename Net use x: \\server01\public /persistent:no\\server01\public Creates a non-persistent logical x drive to the share public on server01 A persistent drive is similar to the Reconnect at Logon check box when mapping a network drive in Windows Explorer. A non-persistent drive is flushed from memory when the system reboots. Universal naming convention is represented as \\computername\sharename\folder\folder\...\... \\computername\sharename IT:Network:Microsoft Server 1 Copyright 2010

MANAGING SHARE PERMISSIONS IT:Network:Microsoft Server 1 Copyright 2010

CREATING A FILE SYSTEM SHARING STRATEGY Create logically named shares. Use nesting where necessary to reduce users’ need to navigate the directory structure. Makes navigation easier for end user Reduces the possibility of an accidental click/drag of folders Share removable drives from the root to keep the share available when media are removed and reconnected or changed. IT:Network:Microsoft Server 1 Copyright 2010

What Shares can do A share can be created with a share which is referred to as nesting. A share can be created on any folder in the file system. Multiple shares on the same folder can have different permissions. Permissions are applied at the share entry point. IT:Network:Microsoft Server 1 Copyright 2010

SHARE PERMISSION CHARACTERISTICS Limited scope. Can be applied only to folders and only when connecting to the share. Lack of flexibility. Permissions applied to the share apply to all levels below. No replication. Share permissions are not replicated. No resiliency. Share permissions cannot be backed up or restored. IT:Network:Microsoft Server 1 Copyright 2010

SHARE PERMISSION CHARACTERISTICS (continued) Fragility Shares (and therefore share permissions) are lost when a folder is moved or renamed. No auditing Share permissions do not facilitate auditing. IT:Network:Microsoft Server 1 Copyright 2010

USING NTFS PERMISSIONS Scope NTFS permissions apply no matter how the file is accessed. Flexibility Wide range of permissions allows assignments to be tailored. Replication NTFS permissions are included when a file is replicated. Resilience NTFS permissions are retained when objects are backed up. Less fragile NTFS permissions are not lost if a file is moved or renamed. Auditing NTFS permissions support auditing. IT:Network:Microsoft Server 1 Copyright 2010

Folder and File Security Best Practices Try not to manage by file, but rather by folder if possible Assign permissions by group rather than by user. If a single user needs access to ANY resource, create a group, add that user to the group and assign permissions to the group. Reduces the possibility of “forgetting” that user assignment Allows you to grant access to resource by just adding future users to group. IT:Network:Microsoft Server 1 Copyright 2010

NTFS Permissions The drive must be formatted using NTFS to be able to use NTFS permissions (Quiz!!!) Non-NTFS (FAT32) will not have the Security tab (right) IT:Network:Microsoft Server 1 Copyright 2010

NTFS Permissions The permission levels in NTFS are narrower than the Share permissions, with 6 levels for folders and 5 levels for files. The file levels are as follows: Read - Read the file and its ownership and attributes Write - In addition to the Read permissions, the user can overwrite the file and change its attributes. Read & Execute - In addition to the Read permissions, the user can run applications. In the folder permissions, this level can also traverse folders and list the folder contents. Modify - In addition to the Read & Execute and Write permissions, the user can delete the file or folder. Full Control - This permission is inclusive of previous rights. In addtion, it grants the user/group the right to modify the Access Control List(ACL). This right also allows a user/group to take ownership of files/folders. List Folder Contents -allows the user to list the folder and subfolder contents. IT:Network:Microsoft Server 1 Copyright 2010

RESOURCE OWNERSHIP Each file and folder is assigned an owner. Ownership of a file makes the security principle a member of the Creator/Owner special identity. Files/folders that are owned go toward disk quota calculations. IT:Network:Microsoft Server 1 Copyright 2010

MANAGING STANDARD NTFS PERMISSIONS IT:Network:Microsoft Server 1 Copyright 2010

NTFS Permissions IT:Network:Microsoft Server 1 Copyright 2010

USING ADVANCED SECURITY SETTINGS IT:Network:Microsoft Server 1 Copyright 2010

MANAGING SPECIAL PERMISSIONS IT:Network:Microsoft Server 1 Copyright 2010

INHERITANCE Allows permissions assigned at one folder to flow down to subsequent files and folders Can be overridden by explicit permission assignment or inheritance blocking Useful in reducing the number of permission assignments required A file permissions will always override its folders' permissions IT:Network:Microsoft Server 1 Copyright 2010

Inherited Permissions IT:Network:Microsoft Server 1 Copyright 2010

Inherited Permissions By unchecking the Inherited permissions option, you have the choice to copy or remove any inherited permissions. IT:Network:Microsoft Server 1 Copyright 2010

EFFECTIVE PERMISSIONS Allowed permissions are cumulative. Denied permissions override allowed permissions. Explicit permissions take precedence over inherited permissions. IT:Network:Microsoft Server 1 Copyright 2010

VIEWING EFFECTIVE PERMISSIONS IT:Network:Microsoft Server 1 Copyright 2010

Summary: Share v. NTFS When applied to the same resource, the most restrictive permissions apply. UserA has a share permission of Read UserA has an NTFS permission of Full Control UserA’s effective permission is Read because Read is the most restrictive between Share and NTFS IT:Network:Microsoft Server 1 Copyright 2010

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.