Presentation is loading. Please wait.

Presentation is loading. Please wait.

NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.

Published byApril Alberta Parsons Modified over 8 years ago

Similar presentations

Presentation on theme: "NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account."— Presentation transcript:

1 NTFS

2 Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.

3 Authorization What an authenticated user can, and can not, do on a system. Authorization for Windows files and folders is controlled by the NTFS file system NTFS assigns permissions to users, groups or both

4 Principle of least privilege Give a user only as much permissions as are required for the tasks they do and no more. To many privileges invites trouble

5 Local User Account Each Windows computer keeps an encrypted list of user names and passwords You don’t get to use a computer unless you know a valid user name and password (even if it is blank) User also belongs to a group (at least the Everyone group) To create/manage users and groups you need administrator privileges

6 Passwords Ultimate key to protecting your computer For a hacker, this is half the battle Protect passwords; make them complex; no Post-It notes on the monitor Make passwords strong: at least eight characters including letters, numbers and punctuation symbols You should change passwords at regular intervals Password reset disk had to be a floppy – little value; now can be USB stick in Windows 7; can’t use it if you are on a domain

7 Groups Groups are collection(s) of accounts with similar needs/permissions Add a person/account to a group rather than set permissions for the single account Home editions: Administrators, Users and Guest Administrators, Power Users, Users and Guest

8 Vista Users Three accounts when you set up Vista: guest, administrator and a local account that’s a member of Administrator group User Accounts and Family Safety in Home User Accounts applet in Business, Ultimate

9 Add a User - Vista Open the User Accounts applet Click Manage Another Account and select Create a New Account Click Create Account At least one account must be Administrator

10 Parental Controls Administrator account can monitor and limit the activities of any standard user Can be used for employees also Web sites, applications, files downloaded, amount of time logged on, access to types of games and specific applications can be controlled

11 Administrator Approval Mode Introduced with Vista (and UAC) Half-user, half-admin token So, Vista treats you mostly like a Standard User – until UAC comes along and changes that Programs get copy of your token when they start up – before they could do any damage

12 Users in 7 User Accounts Control Panel applet Open User Accounts and select Manage Another Account; Create a New Account Almost the same as Vista Windows knows you need Admin token so asks you (UAC) to use it

13 Local Users and Groups Control Panel | Administrative Tools | Computer Management or Right-click Computer and select Manage | Users and Groups Can add Users, Groups or Computers Can add group membership of a user’s properties or add a user to a group’s properties

14 Authorization Through NTFS After creating account, need to specify permissions for files, folders applications, etc.) File or folder Properties window then Security tab Permissions can be assigned to both user and groups; best practice: groups Whoever creates file/folder has complete control over it (ownership) Administrators do not automatically have control over every file and folder, but they can take ownership and thus complete control

15 Ownership If you created it, you own it and have full control over it Can remove Administrator access…

16 Take Ownership Permission With this, you can take ownership of any file or folder and then set permissions as you want Administrator accounts have Take Ownership for all files and folders Leaves a “trail” behind Administrator – the file or folder owner has been changed

17 Change Permission Able to take away or give permission(s) to file or folder (i.e. change group’s access) Different from file/folder permissions

18 Folder Permissions Full Control: do anything you want including take ownership Modify: Anything except delete, change permissions and take ownership Read and Execute: Allows you to see the contents of folder and any subfolders, run any executable file and traverse a folder (open a subfolder) List Folder Contents: See contents of folder and any subfolders Read: enables you to view a folder’s contents and open any file in the folder Write: Write to files and create new files/folders; append data to a file

19 File Permissions Full Control: do anything you want Modify: Anything except Take Ownership or Change Permissions Read and Execute: Open folders and run application(s) Read: Open files; not applications Write: Open and write to file

20 The Rule Permissions are cumulative. The highest permission is the rule. Except Deny. Full Control on folder means full control on files in folder (usually – if inheritance is on) Users and groups can be denied access to a file or a folder simply by NOT granting the user or group any permissions for it

21 Permission Propagation Inheritance: Folder gets permissions of parent folder; turned on by default Deny trumps anything

22 Copy/Move Copy within partition. Original retains original; copy inherits new permissions Moving within partition. Retains permissions unchanged Copying across partitions. Original retains original; copy inherits new permissions Move across partitions. Inherits permissions from new location Copying to FAT partition. New copy has no permissions Moving to FAT partition. No permissions (FAT partitions are on flash drives)

23 Techs and Permissions Major pain; have to have Administrative permissions to do most work Try to get new admin account for duration of work if it will be a while Make sure admin deletes account when you are done

24 Linux and OS X Three groups of permissions: owner, group and everyone Three letters: r: read contents (4) W write or modify a file or folder (2) X execute a file or list the folder contents (1) Chown filename or : filename Chmod uses numbers

25 Simple File Sharing One option: put it in Shared/Public Documents Over a network have to give everyone full access Pro allows turning off SFS: folder | Tools | Folder Options |View tab. Last option is SFS

26

27

28 Sharing in Vista Targeted sharing: select user account, then permission level – – Reader, read-only – Contributor, read and write, delete user-created objects – Co-owner, do anything Public folders: share with anyone on the network; full access by default

29 Sharing in 7 Add homegroup to share libraries; accessible by everyone, need password Finding shares: Computer Management | Shared Folders

30 Administrative Shares C$ Allow administrators access local or remote Have to have administrator password (not blank) to get access to these shares

31

32 Encryption This is for the really paranoid Home editions don’t do it XP uses Encrypting File System to encrypt files Vista/7 add encryption system that can encrypt entire hard drive Tied to password and system ID so if you loose password, file(s) are gone

33

34 BitLocker Drive Encryption Again, for the really paranoid or defense contractors Select Security in Control Panel Home view Must have Trusted Platform Module (TPM) chip on motherboard

35

36 Security Policy It’s what limits what you can do on OE-3’s computers Local Security Policy Secpol.msc from command line or search box

37

38 User Account Control What helped bury Vista The vast majority of users had no idea how risky their computing behavior was Long list of dangerous actions XP had Power User to handle most of the list; few people used it Vista actually has four UAC prompts: – Red for blocked programs – Yellow for unverified programs – Blue/gray for verified programs – Teal for published by Vista programs

39 Turn Off UAC UAC Control Panel applet; uncheck the box MSCONFIG and select Disable UAC on Tools tab This is not a very good idea, but you can do it

40 UAC in 7 Made UAC less aggressive Introduced four levels to UAC: – Always notify is same as Vista – Don’t notify me when I make changes (default) – Notify me only when programs try to make changes – Never notify Mike votes for turning UAC back on

Download ppt "NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account."

Similar presentations

Setting up File sharing, Personal and Network Printers Brent Murphy Matt Griffin Edwin Edwards Chris Wyatt.

Setting up File sharing, Personal and Network Printers Brent Murphy Matt Griffin Edwin Edwards Chris Wyatt.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.

1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.

Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Similar presentations

Ads by Google