Download presentation
Presentation is loading. Please wait.
1
File and Print Services
Module 6
2
Objectives Skills/Concepts Objective Domain Description
Objective Domain Number Introducing NTFS Sharing Drives and Folders Looking at Printers Enabling Auditing Understand file and print services 2.4 This should also be a review for the
3
Types of NTFS Permissions
There are two types of permissions used in NTFS: Explicit permissions: Permissions granted directly to a file or folder. Inherited permissions: Permissions that are granted to a folder (parent object or container) that flow into a child objects (subfolders or files inside the parent folder). Besides granting the Allow permissions, you can also grant the Deny permission. The Deny permission always overrides other permissions that have been granted, including when a user or group has been given Full control.
4
File and Folder Owners The owner of an object controls how permissions are set on the object and to whom permissions are granted. If for some reason you have been denied access to a file or folder, you need to reset the permissions by taking ownership of the file or folder and modifying the permissions. All administrators automatically have the Take ownership permission of all NTFS objects.
5
Using Groups with NTFS Permissions
To simplify administration, you can grant permissions using groups. By assigning NTFS permissions to a group, you are granting permissions to one or more people simultaneously, reducing the number of entries in each access list, as well as the amount of effort required to grant multiple people access to certain files or folders.
6
DEMO: NTFS Permissions
NTFS permissions allow you to control which users and groups can gain access to files and folders on an NTFS volume. The advantage of NTFS permissions is that they affect local users as well as network users.
7
DEMO: Effective Permissions
Because users can be members of several groups, it is possible for them to have several sets of explicit permissions for a particular folder or file. When this occurs, the permissions are combined to form the effective permissions, which are the actual permissions when logging in and accessing a file or folder. These consist of explicit permissions plus any inherited permissions.
8
Copying and Moving Files
When copying and moving files, the following three scenarios can result: If a folder or file is copied, the new folder or file will automatically acquire the permissions of the drive or folder to which it is being copied. If a folder or file is moved within the same volume, the folder or file will retain the same permissions that were already assigned. If a folder or file is moved from one volume to another volume, the folder or file will automatically acquire the permissions of the drive to which it is being moved.
9
Encryption Encryption is the process of converting data into a format that cannot be read by another user. Once a user has encrypted a file, it automatically remains encrypted when stored on disk. Decryption is the process of converting data from an encrypted format back to its original format. Once a user has decrypted a file, the file remains decrypted when stored on disk.
10
Encrypting File System (EFS)
Encrypting File System (EFS) is a core file encryption technology used to store encrypted files on NTFS file system volumes. Encrypted files cannot be used unless a user has access to the keys required to decrypt the information. After a file has been encrypted, you do not have to manually decrypt that file before you can use it. Rather, once you encrypt a file or folder, you can work with that file or folder just as you would with any other file or folder.
11
DEMO: Encrypting File System (EFS)
12
Sharing Folders Most users are not going to log onto a server directly to access their data files. Instead, a drive or folder will be shared (known as a shared folder), and they will access the data files over a network. To help protect against unauthorized drive or folder access, you should use share permissions along with NTFS permissions (assuming the shared folder is on an NTFS volume). When a user needs to access a network share, he or she will use the UNC, which is \\servername\sharename.
13
DEMO: Sharing Folders
14
Share Permissions The share permissions that are available are as follows: Full control Change Read Because users can be members of several groups, it is possible for them to have several sets of explicit permissions for a particular folder or file. When this occurs, the permissions are combined to form the effective permissions, which are the actual permissions when logging in and accessing a file or folder.
15
DEMO: Network Discovery and Browsing
In Windows Server 2003, you need only two services to provide and access shared folders. The Workstation service allows you to access shared folders and printers. The Server service allows you to provide shared folders and printers. Starting with Windows Server 2008, you also have to enable network services under the Advanced Sharing setting in the Network and Sharing Center.
16
Administrative Shares
An administrative share is a shared folder typically used for administrative purposes and usually hidden. To make any shared folder or drive hidden, the share name must have a $ at the end of it. Because the share folder or drive cannot be seen during browsing, you have to use a UNC name to find the folder or drive, which includes the share name (including the $). By default, all hard drive volumes with drive letters automatically have administrative shares (C$, D$, E$, and so on). Other hidden shares can be created as needed for individual folders.
17
Network Printing Multiple users can share the same printer This is a cost-effective solution when you have multiple employees in different locations As an administrator, you can install two types of printers: local and network.
18
Printing in Windows When you install a physical printer, which Microsoft refers to as a print device, you must first connect the printer and turn it on. Next, you need to create a logical printer (Microsoft refers to this as the printer), which will provide a software interface between the print device and the applications. When you create the printer, you also load a print driver that acts as a translator for Windows and the programs running on Windows so that they do not have to worry about the specifics of the printer’s hardware and printer language.
19
Installing Printers If you have the correct permissions to add a local printer or a remote shared printer, you can use the Add Printer Wizard to install the printer. After the printer is installed, it will appear in the Devices and Printers folder as well as in the Device Manager.
20
DEMO: Adding Printers
21
DEMO: Adding Printer Drivers
Windows Servers can provide a driver to the clients if the driver is loaded on the server. However, most computers used within organizations today will most likely be 32-bit clients that need to use 32-bit print drivers. Therefore, you would load both 64-bit and 32-bit print drivers on the server so that it can hand out either driver as needed.
22
Printer Pools Network printers are usually used by more than one user.
If you have a high volume of print jobs, the printer can become congested and users will have to wait for the documents to print. Either you can purchase a faster printer or you can create a group of printers called a printer pool that acts as a single virtual printer with a single print queue. Users print to a single printer, and the print jobs are distributed among the printers within the pool.
23
Printer Properties With most printers, you have a wide range of options. Although these options vary from printer to printer, they are easily accessible by right-clicking the printer in the Devices and Printers folder and selecting Printer Properties.
24
Printer Permissions Printers are considered objects.
Therefore, you can assign permissions to a printer so that you can specify who can use the printer, who can manage the printer, and who can manage the print jobs. By default, the Print permission is assigned to the Everyone group. If you need to restrict who can print to the printer, you will need to remove the Everyone group and add another group or user and assign the Allow print permission to the user or group. It is still recommended that you use groups instead of users. As with file permissions, you can also deny print permissions.
25
DEMO: Managing Print Jobs
The print spooler is an executable file that manages the printing process, which includes retrieving the location of the correct print driver, loading the driver, creating the individual print jobs, and scheduling the print jobs for printing. On occasion, a print job may have been sent that was not intended, or you may decide it is not necessary to print a job. Therefore, you need to delete the print job from the print queue.
26
Print Spooler Folder When the print device is available, the spooler retrieves the next print job and sends it to the print device. By default, the spool folder is located at C:\Windows\System32\Spool\Printers. If you have a server that handles a large number of print jobs or several large print jobs, make sure the drive where the spool folder is has sufficient disk space. On occasion, the print spooler may freeze or become unresponsive. You can restart the print spooler by following these steps: Open the Services console located in Administrative Tools. Right-click Print Spooler, and select Restart. You can also stop and start the service.
27
Internet Printing To enable Internet Printing on a computer running Windows Server 2008, you just need to install the Internet Printing role service. To install the Internet Printing Client in Windows Server 2008, click Add Features in Server Manager, select the Internet Printing Client check box, and then click OK. To manage a server by using the Web site created by Internet Printing, open a web browser and navigate to
28
Auditing Security can be divided into three areas. Authentication is used to prove the identity of a user. Authorization gives access to the user that was authenticated. To complete the security picture, you need to enable auditing so that you can have a record of the users who have logged in and what the user accessed or tried to access.
29
Auditing NTFS Files and Folders
To audit NTFS files, NTFS folders, and printers is a two-step process. You must first enable Object Access using Group Policy. Then you must specify which objects you want to audit.
30
DEMO: Auditing Auditing is not enabled by default. To enable auditing, you specify what types of system events to audit using Group Policy or the local security policy (Security Settings\Local Policies\Audit Policy). Windows Server 2008 has additional options for more granular control. After you enable logging, you then open the Event Viewer security logs to view the security events.
31
Auditing
32
Additional Resources & Next Steps
Instructor-Led Courses 40033A: Windows Operating System and Windows Server Fundamentals: Training 2-Pack for MTA Exams and (5 Days) 40349A: Windows Operating System Fundamentals: MTA Exam (3 Days) 40032A: Networking and Security Fundamentals: Training 2-Pack for MTA Exams and (5 Days) 40366A: Networking Fundamentals: MTA Exam Books Exam : MTA Windows Server Administration Fundamentals (Microsoft Official Academic Course) Exams & Certifications Exam : Windows Server Administration Fundamentals
33
4/27/2018 7:14 PM © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.