Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

Published byPeregrine York Modified over 9 years ago

Similar presentations

Presentation on theme: "11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with."— Presentation transcript:

1 11 SHARING FILE SYSTEM RESOURCES Chapter 9

2 Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with share permissions Use NTFS file system permissions to control access to files Manage file sharing using Internet Information Services (IIS) Create and manage file system shares and work with share permissions Use NTFS file system permissions to control access to files Manage file sharing using Internet Information Services (IIS)

3 Chapter 9: SHARING FILE SYSTEM RESOURCES3 UNDERSTANDING PERMISSIONS OVERVIEW File system permissions Share permissions Active Directory permissions Registry permissions – ( REGEDIT ) File system permissions Share permissions Active Directory permissions Registry permissions – ( REGEDIT )

4 Chapter 9: SHARING FILE SYSTEM RESOURCES4 ACCESS CONTROL LISTS (ACL) Lab: Properties for root of a drive Windows Explorer Right-click Properties Lab: Properties for root of a drive Windows Explorer Right-click Properties Access Control Entries ACL has ACEs

5 Chapter 9: SHARING FILE SYSTEM RESOURCES5 PERMISSIONS Permissions are keys to unlock access to resources. Full Control permission is the master key. Permissions are keys to unlock access to resources. Full Control permission is the master key.

6 Chapter 9: SHARING FILE SYSTEM RESOURCES6 INHERITANCE Allows permissions assigned at one folder to flow down to subsequent files and folders Can be overridden by explicit permission assignment or inheritance blocking Useful in reducing the number of permission assignments required Allows permissions assigned at one folder to flow down to subsequent files and folders Can be overridden by explicit permission assignment or inheritance blocking Useful in reducing the number of permission assignments required

7 Chapter 9: SHARING FILE SYSTEM RESOURCES7 INHERITANCE FolderUser Permissions (Grand) Parent Folder Parent Folder 1 Child Folder 1A Child Folder 1B Parent Folder 2 Child Folder 2A Child Folder 2B Parent Folder 3 Child Folder 3A Read Write Delete Folders/Files ???? ????? ?????? Folders/Files

8 Chapter 9: SHARING FILE SYSTEM RESOURCES8 EFFECTIVE PERMISSIONS Allowed permissions are cumulative. Denied permissions override allowed permissions. Explicit permissions take precedence over inherited permissions. Allowed permissions are cumulative. Denied permissions override allowed permissions. Explicit permissions take precedence over inherited permissions.

9 Chapter 9: SHARING FILE SYSTEM RESOURCES9 EFFECTIVE PERMISSIONS FolderUser Permissions (Grand) Parent Folder Parent Folder 1 Child Folder 1A (Grand) Child Child Folder 1B Deny All ???? ????? ?????? Folders/Files Read ????? ?????? Folders/Files ???? ????? ?????? Folders/Files

10 Chapter 9: SHARING FILE SYSTEM RESOURCES10 SHARING FOLDERS Without shares, network clients cannot access folders on a server. Require: Client for Microsoft Networks File and Printer Sharing for Microsoft Networks Without shares, network clients cannot access folders on a server. Require: Client for Microsoft Networks File and Printer Sharing for Microsoft Networks

11 Chapter 9: SHARING FILE SYSTEM RESOURCES11 ADMINISTRATIVE SHARES Administrative shares are hidden. Appending a share with a $ creates a hidden share.

12 Chapter 9: SHARING FILE SYSTEM RESOURCES12 RESTRICTIONS ON CREATING FILE SYSTEM SHARES On a domain controller: Administrators, Server Operators, Enterprise Admins, Domain Admins groups On a domain member server or workstation: Administrators, Server Operators, Power Users groups On a workgroup or standalone computer: Administrators or Power Users groups On a domain controller: Administrators, Server Operators, Enterprise Admins, Domain Admins groups On a domain member server or workstation: Administrators, Server Operators, Power Users groups On a workgroup or standalone computer: Administrators or Power Users groups

13 Chapter 9: SHARING FILE SYSTEM RESOURCES13 CREATING A FILE SYSTEM SHARE USING WINDOWS EXPLORER Lab: Create Share Folder Create “C:\ShareMe” folder Right-click “C:\ShareMe” Select “Share this folder” Lab: Create Share Folder Create “C:\ShareMe” folder Right-click “C:\ShareMe” Select “Share this folder”

14 Chapter 9: SHARING FILE SYSTEM RESOURCES14 SHARING A VOLUME USING WINDOWS EXPLORER Lab: Create Share for root Start Windows Explorer Select C:\ root Right-click C:\ root Select Sharing tab Click “New Share…” Lab: Create Share for root Start Windows Explorer Select C:\ root Right-click C:\ root Select Sharing tab Click “New Share…”

15 Chapter 9: SHARING FILE SYSTEM RESOURCES15 CREATING A FILE SYSTEM SHARE USING THE SHARED FOLDERS SNAP-IN Lab: Create Share using MMC Start Computer Management Console Select Shared Folders Select Shares Right-click Click New Shares Lab: Create Share using MMC Start Computer Management Console Select Shared Folders Select Shares Right-click Click New Shares

16 Chapter 9: SHARING FILE SYSTEM RESOURCES16 CREATING A FILE SYSTEM SHARE USING NET.EXE Allows shares to be created from a command line Lets you configure permissions during creation Lets you configure offline settings for the share Allows shares to be created from a command line Lets you configure permissions during creation Lets you configure offline settings for the share

17 Chapter 9: SHARING FILE SYSTEM RESOURCES17 MANAGING SHARED FOLDERS Lab: Share properties Select “ShareMe” Right-click Properties Lab: Share properties Select “ShareMe” Right-click Properties

18 Chapter 9: SHARING FILE SYSTEM RESOURCES18 CONTROLLING OFFLINE STORAGE Lab: Offline Caching Select “ShareMe” Right-Click Caching Lab: Offline Caching Select “ShareMe” Right-Click Caching

19 Chapter 9: SHARING FILE SYSTEM RESOURCES19 PUBLISHING FILE SYSTEM SHARES IN ACTIVE DIRECTORY

20 Chapter 9: SHARING FILE SYSTEM RESOURCES20 MANAGING SHARE PERMISSIONS

21 Chapter 9: SHARING FILE SYSTEM RESOURCES21 USING SHARE PERMISSIONS Limited scope Can be applied only to folders and only when connecting to the share. Lack of flexibility Permissions applied to the share apply to all levels below. No replication Share permissions are not replicated. No resiliency Share permissions cannot be backed up or restored. Limited scope Can be applied only to folders and only when connecting to the share. Lack of flexibility Permissions applied to the share apply to all levels below. No replication Share permissions are not replicated. No resiliency Share permissions cannot be backed up or restored.

22 Chapter 9: SHARING FILE SYSTEM RESOURCES22 USING SHARE PERMISSIONS (continued) Fragility Shares (and therefore share permissions) are lost when a folder is moved or renamed. No auditing Share permissions do not facilitate auditing. Fragility Shares (and therefore share permissions) are lost when a folder is moved or renamed. No auditing Share permissions do not facilitate auditing.

23 Chapter 9: SHARING FILE SYSTEM RESOURCES23 SHARE PERMISSION DEFAULTS When a new share is created, the following permissions are granted: Everyone special identity: Read Administrators: Full Control When a new share is created, the following permissions are granted: Everyone special identity: Read Administrators: Full Control

24 Chapter 9: SHARING FILE SYSTEM RESOURCES24 CREATING A FILE SYSTEM SHARING STRATEGY Create logically named shares. Use nesting where necessary to reduce users’ need to navigate the directory structure. Share removable drives from the root to keep the share available when media are removed and reconnected or changed. Create logically named shares. Use nesting where necessary to reduce users’ need to navigate the directory structure. Share removable drives from the root to keep the share available when media are removed and reconnected or changed.

25 Chapter 9: SHARING FILE SYSTEM RESOURCES25 NESTING SHARES A share can be created on any folder in the file system. Multiple shares on the same folder can have different permissions. Permissions are applied at the share entry point. A share can be created on any folder in the file system. Multiple shares on the same folder can have different permissions. Permissions are applied at the share entry point.

26 Chapter 9: SHARING FILE SYSTEM RESOURCES26 USING NTFS PERMISSIONS Scope NTFS permissions apply no matter how the file is accessed. Flexibility Wide range of permissions allows assignments to be tailored. Replication NTFS permissions are included when a file is replicated. Resilience NTFS permissions are retained when objects are backed up. Less fragile NTFS permissions are not lost if a file is moved or renamed. Auditing NTFS permissions support auditing. Scope NTFS permissions apply no matter how the file is accessed. Flexibility Wide range of permissions allows assignments to be tailored. Replication NTFS permissions are included when a file is replicated. Resilience NTFS permissions are retained when objects are backed up. Less fragile NTFS permissions are not lost if a file is moved or renamed. Auditing NTFS permissions support auditing.

27 Chapter 9: SHARING FILE SYSTEM RESOURCES27 MANAGING STANDARD PERMISSIONS

28 Chapter 9: SHARING FILE SYSTEM RESOURCES28 USING ADVANCED SECURITY SETTINGS

29 Chapter 9: SHARING FILE SYSTEM RESOURCES29 MANAGING SPECIAL PERMISSIONS

30 Chapter 9: SHARING FILE SYSTEM RESOURCES30 VIEWING EFFECTIVE PERMISSIONS

31 Chapter 9: SHARING FILE SYSTEM RESOURCES31 RESOURCE OWNERSHIP Each file and folder is assigned an owner. Ownership of a file makes the security principle a member of the Creator/Owner special identity. Files that are owned go toward disk quota calculations. Each file and folder is assigned an owner. Ownership of a file makes the security principle a member of the Creator/Owner special identity. Files that are owned go toward disk quota calculations.

32 Chapter 9: SHARING FILE SYSTEM RESOURCES32 ADMINISTERING IIS Web server platform included with all editions of Windows Server 2003. Version 6 has improved security over previous versions. Allows files to be published through a browser interface. Supports HTTP and FTP. Web server platform included with all editions of Windows Server 2003. Version 6 has improved security over previous versions. Allows files to be published through a browser interface. Supports HTTP and FTP.

33 Chapter 9: SHARING FILE SYSTEM RESOURCES33 INSTALLING IIS Not installed during operating system installation Installed through the Windows Components Wizard (select Add Or Remove Programs in Control Panel, and click Add/Remove Windows Components) or through the Manage Your Server wizard Not installed during operating system installation Installed through the Windows Components Wizard (select Add Or Remove Programs in Control Panel, and click Add/Remove Windows Components) or through the Manage Your Server wizard

34 Chapter 9: SHARING FILE SYSTEM RESOURCES34 MANAGING AN IIS WEB SITE

35 Chapter 9: SHARING FILE SYSTEM RESOURCES35 USING THE WEB SITE TAB

36 Chapter 9: SHARING FILE SYSTEM RESOURCES36 USING THE HOME DIRECTORY TAB

37 Chapter 9: SHARING FILE SYSTEM RESOURCES37 USING THE DOCUMENTS TAB

38 Chapter 9: SHARING FILE SYSTEM RESOURCES38 USING THE PERFORMANCE TAB

39 Chapter 9: SHARING FILE SYSTEM RESOURCES39 CREATING VIRTUAL DIRECTORIES Allows you to include a folder from anywhere on the network in your Web site Appears to the Web site user as if it is a sub-directory of the main Web site folder Allows management of Web content to be distributed between departments. Allows you to include a folder from anywhere on the network in your Web site Appears to the Web site user as if it is a sub-directory of the main Web site folder Allows management of Web content to be distributed between departments.

40 Chapter 9: SHARING FILE SYSTEM RESOURCES40 CONFIGURING IIS SECURITY

41 Chapter 9: SHARING FILE SYSTEM RESOURCES41 CONFIGURING IIS AUTHENTICATION

42 Chapter 9: SHARING FILE SYSTEM RESOURCES42 CONFIGURING IP ADDRESS AND DOMAIN NAME RESTRICTIONS

43 Chapter 9: SHARING FILE SYSTEM RESOURCES43 CONFIGURING SECURE COMMUNICATIONS

44 Chapter 9: SHARING FILE SYSTEM RESOURCES44 SUMMARY Windows Server 2003 controls access to resources using a number of mechanisms, including share permissions and NTFS permissions. Every object protected by permissions has an ACL, which is a list of ACEs assigned to that object. Each ACE contains a security principal and indicates the level of access they are permitted or denied to the object. File system shares enable network users to access files and folders on other computers. Windows Server 2003 controls access to resources using a number of mechanisms, including share permissions and NTFS permissions. Every object protected by permissions has an ACL, which is a list of ACEs assigned to that object. Each ACE contains a security principal and indicates the level of access they are permitted or denied to the object. File system shares enable network users to access files and folders on other computers.

45 Chapter 9: SHARING FILE SYSTEM RESOURCES45 SUMMARY (continued) Share permissions provide basic protection for file system shares, but they lack the granularity and flexibility of NTFS permissions. NTFS permissions can be allowed or denied, and explicit or inherited. A Deny permission takes precedence over an Allow permission, and an explicit permission takes precedence over an inherited permission. Share permissions provide basic protection for file system shares, but they lack the granularity and flexibility of NTFS permissions. NTFS permissions can be allowed or denied, and explicit or inherited. A Deny permission takes precedence over an Allow permission, and an explicit permission takes precedence over an inherited permission.

46 Chapter 9: SHARING FILE SYSTEM RESOURCES46 SUMMARY (continued) Access granted by NTFS permissions can be restricted by share permissions and other factors, such as IIS permissions on Web sites. Whenever two permission types are assigned to a resource, you must evaluate each set of permissions and then determine which of the two is more restrictive. Every NTFS file and folder has an owner. The owner of a file or folder is always permitted to modify the file or folder’s ACL. Access granted by NTFS permissions can be restricted by share permissions and other factors, such as IIS permissions on Web sites. Whenever two permission types are assigned to a resource, you must evaluate each set of permissions and then determine which of the two is more restrictive. Every NTFS file and folder has an owner. The owner of a file or folder is always permitted to modify the file or folder’s ACL.

47 Chapter 9: SHARING FILE SYSTEM RESOURCES47 SUMMARY (continued) Any user with the Allow Take Ownership permission or the Take Ownership Of Files Or Other Objects user right can take ownership of an object. IIS is a Windows Server 2003 application that allows you to share files and folders using Web and FTP server services. Any user with the Allow Take Ownership permission or the Take Ownership Of Files Or Other Objects user right can take ownership of an object. IIS is a Windows Server 2003 application that allows you to share files and folders using Web and FTP server services.

Download ppt "11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with."

Similar presentations

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.

11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.

1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Similar presentations

Ads by Google