1. 1 Module 6 Securing Network Resources with NTFS Permissions

2. 2  Overview Introduction to NTFS Permissions NTFS Permissions Securing Network Resources with Permissions Guidelines for Assigning NTFS Permissions Assigning NTFS Permissions Taking Ownership of Folders or Files Copying or Moving Folders or Files Identifying Permission Problems Best Practices

3. 3  Introduction to NTFS Permissions NTFS Volume User1 R R User2 User3 R Suggestions C User1 Server Available Only on NTFS Volumes Secure Folders and Files Effective When a User Accesses the Resource: Locally Remotely

4. 4  NTFS Permissions Read Write Execute Delete Take Ownership Change Permission Execute Delete Write ReadRead

5. 5 How NTFS Permissions Are Applied Like Shared Folder Permissions A user’s effective permissions are the combination of both the user and group permissions. The No Access permission overrides all other permissions File Permissions Override the Permission for the Folder

6. 6  Combining Shared Folder and NTFS Permissions NTFS Volume User2 User3 R R User1 R Suggestions Windows NT Workstation Windows NT Workstation Shared Folders C Public User1 FC FC User2 Server

7. 7 Examples of Combining NTFS and Shared Folder Permissions 11 NTFS Volume Users UserA UserB UserC Domain Users Group Domain Users Group User1 FC FC FC User2 User3 FC 22 NTFS Volume Data Sales Data HR Pub Sales Group FC FC

8. 8 Assign Administrators Full Control to Application and Data Folders  Guidelines for Assigning NTFS Permissions Remove the Default Permissions Educate Users to Assign NTFS Permissions to Their Files Assign Creator Owner Full Control to Data Folders User the Username Variable to Create Home Folders

9. 9 Home Folders Create a Central Folder Named Users Share the Users Folder Assign Domain Users Full Control to Shared Folder 11 22 33 44 Use the %Username% Variable to: Create the users home folders Assign only the user Full Control to their home folder Use the %Username% Variable to: Create the users home folders Assign only the user Full Control to their home folder

10. 10  Assigning NTFS Permissions Requirements to Assign NTFS Permissions Owner Full Control Special Access: Change Permissions or Take Ownership Default NTFS Permissions The Everyone Group is Automatically assigned Full Control New files inherit the permissions of the folder where they are created.

11. 11 Assigning NTFS File and Folder Permissions Directory Permissions Directory:D:\Folder Owner:Administrators Replace Permissions on Subdirectories Type of Access: Full Control Replace Permissions on ExistingFiles Name: Server OperatorsChange (RWXD) (RWXD) AdministratorsFull Control (All) (All) EveryoneList (RX) Not Specified SYSTEMFull Control (All) (All) CREATOR OWNERFull Control (All) (All) CancelAdd...RemoveHelpOK Add Users and Groups Names: List Names From: CancelOKHelp Type of Access: ShowUsers Add A Members... M Search... Add Names: NTSADOM2* Read AdministratorsMembers can fully adminster the comput Backup OperatorsMembers can bypass file security to bac Domain AdminsDesignated administrators fo the domain Domain GuestsAll domains guests EveryoneAll Users Account OperatorsMembers can administer domain user an GuestsUsers granted guest access to the comp

12. 12 Customizing Permissions Special Access Permissions Are Identical for Files and Folders Special Directory Access Directory:D:\Data Read (R) Write (W) Name:Administrators OK Cancel Help Other Full Control (All) Execut (X) Delete (D) Change Permissions (P) Take Ownership (O)

13. 13  Taking Ownership of Folders and Files OwnerUser OwnerAdministrator Takes Ownership Assigns Permission (O)

14. 14  Copying or Moving Folders and Files Copy FILE1=New Permissions FILE1=RWX Move

15. 15  Troubleshooting Permission Problems Incorrect Permissions A File with No Access Can Be Deleted Changed Permissions Do Not Take Effect Err or

16. 16 Best Practices Use the %USERNAME% Variable to Create Users Home Folders Assign the Creator Owner Account Full Control to Data Folders Use Long Names Only If the Resource Is Accessed Locally Assign NTFS Permission Before Sharing the Resource Make Application Executable Files Read-Only for All Users

17. 17 Review Introduction to NTFS Permissions NTFS Permissions Securing Network Resources with Permissions Guidelines for Assigning NTFS Permissions Assigning NTFS Permissions Taking Ownership of Folders or Files Copying or Moving Folders or Files Identifying Permission Problems Best Practices