Download presentation
Presentation is loading. Please wait.
Published bySheila Randall Modified over 9 years ago
1
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources
2
Guide to MCDST 70-2712 Objectives Understand the basic Windows XP security model Understand the characteristics of the Windows XP file systems Manage NTFS permissions Use file compression Use file encryption
3
Guide to MCDST 70-2713 Objectives (continued) Manage simple and classic file sharing Manage shared folders Troubleshoot resource access problems Understand security auditing
4
Guide to MCDST 70-2714 The Windows XP Security Model Windows XP Professional –Can establish local security when used as a standalone system or in a workgroup –Can participate in domain security Access token –Includes information about: User’s identity Permissions List of groups to which user belongs
5
Guide to MCDST 70-2715 The Windows XP Security Model (continued) Access control list (ACL) –Contains a list of permissions associated with a resource Domain controller –Authenticates domain logons –Maintains the security policies and the account database for a domain
6
Guide to MCDST 70-2716 The Windows XP Security Model (continued) All objects are logically subdivided into three parts –A type identifier –A list of services or functions –A list of named attributes that may or may not have associated data items, called values
7
Guide to MCDST 70-2717 File Systems Windows XP supports –The File Allocation Table (FAT, also called FAT16) –FAT32 file systems –The New Technology File System (NTFS) –File-level security, encryption, compression, auditing, and more
8
Guide to MCDST 70-2718 FAT and FAT32 Important features of FAT –Supports volumes up to 4 GB in size –Most efficient on volumes smaller than 256 MB –A root directory that can contain only 512 entries –Has no file-level compression –Has no file-level security –A maximum file size of 2 GB
9
Guide to MCDST 70-2719 NTFS Important features –Supports volumes up to 2 TB in size –Is most efficient on volumes larger than 10 MB –Has a root directory that can contain unlimited entries –Has file-level compression –Has file-level security –Has file-level encryption
10
Guide to MCDST 70-27110 Converting File Systems FAT and FAT32 volumes on a system –Can be migrated to the NTFS format without losing data To convert an NTFS volume to FAT or FAT32, you must: –Back up your data –Reformat the volume –Restore your data
11
Guide to MCDST 70-27111 Managing NTFS Permissions NTFS –The only file system supported by Windows XP that offers file-level security –File and folder permissions are nearly identical NTFS file and folder permissions –Read –Write (folders) –Write (files)
12
Guide to MCDST 70-27112 Managing NTFS Permissions (continued) NTFS file and folder permissions (continued) –List Folder Contents (folders only) –Read & Execute (folders) –Read & Execute (files) –Modify (folders) –Modify (files) –Full Control (folders) –Full Control (files) –Special Permissions
13
Guide to MCDST 70-27113 Managing NTFS Permissions (continued)
14
Guide to MCDST 70-27114 Managing NTFS Permissions (continued)
15
Guide to MCDST 70-27115 Managing NTFS Permissions (continued)
16
Guide to MCDST 70-27116 Rules for Working with NTFS Permissions NTFS object permissions always apply NTFS object permissions are cumulative NTFS file permissions override any contradictory settings on the parent or container folder Deny overrides all other specific Allows
17
Guide to MCDST 70-27117 Rules for Working with NTFS Permissions (continued) When disabling inheritance for an NTFS object, select to: –Copy the parent object’s permissions to the current object –Remove permissions assigned from the parent and retain only object-specific settings
18
Guide to MCDST 70-27118 Inheritance of Permissions Situations in which inheritance comes into play –Moving an object within the same volume or partition –Copying an object within the same volume or partition –Moving an object from one volume or partition to another –Copying an object from one volume or partition to another
19
Guide to MCDST 70-27119 File Compression The ability to compress data on the basis of single files, folders, or entire volumes Offers the benefit of being able to store more data in the same space, but performance suffers Configuring and managing file compression –Involves enabling or disabling the file compression attribute on one or more files or folders
20
Guide to MCDST 70-27120 File Compression (continued)
21
Guide to MCDST 70-27121 Encrypting File System Allows you to encrypt data stored on an NTFS drive Uses a public and private key encryption method Does not function without a Recovery Agent Windows XP automatically designates the local Administrator as the Recovery Agent
22
Guide to MCDST 70-27122 Encrypting File System (continued) Primary benefit –If your computer is either physically accessed or stolen, the data is protected Primary drawback –The increased processing power required to encrypt all writes and decrypt all reads on the fly
23
Guide to MCDST 70-27123 Encrypting File System (continued) Each generation of operating systems uses a different default cryptography algorithm for EFS –Windows 2000 EFS uses DESX –Windows XP Professional EFS uses 3DES –Windows Server 2003 and Windows XP Professional with Service Pack 1 EFS use: AES by default Support 3DES and DESX
24
Guide to MCDST 70-27124 Simple File Sharing Used when quick and easy file sharing is needed from a Windows XP Professional system Offers a limited range of configuration options for shared resources Effective only when Windows XP is a member of a workgroup
25
Guide to MCDST 70-27125 Managing Shared Folders The Sharing tab, found on both FAT/FAT32 and NTFS folder Properties dialog boxes, offers the following controls: –Do not share this folder –Share this folder –Share name –User limit –Permissions
26
Guide to MCDST 70-27126 Managing Shared Folders (continued) Issues when working with shares –Permission levels are the only way to impose security on shared FAT volumes –Shares are folders, not individual files –Share permissions apply only to the network access point where the folder resides –Default permission for a new share is Full Control for the Everyone group
27
Guide to MCDST 70-27127 Managing Shared Folders (continued) Issues when working with shares –Multiple share permission levels caused by group memberships are cumulative –Deny always overrides any other specifics allowed –The most restrictive permissions of cumulative share or cumulative NTFS apply –Share permissions only restrict access for network users, not local users
28
Guide to MCDST 70-27128 Troubleshooting Access and Permission Problems To resolve permission or access problems: –Determine what valid access the user should have –Inspect the resource object’s permissions based on: Groups and the specific user What actions are set to Allow or Deny –Inspect the share’s permissions based on: Groups and the specific user What actions are set to Allow or Deny
29
Guide to MCDST 70-27129 Troubleshooting Access and Permission Problems (continued) To resolve permission or access problems (continued): –Inspect the user’s group memberships –Attempt to access other resources with the user account from the same computer and a different computer –Attempt to access the problematic resource with the Administrator account from the same computer and a different computer
30
Guide to MCDST 70-27130 Troubleshooting Access and Permission Problems (continued) Guidelines when designing permission levels –Grant permission only as needed –Rely upon NTFS to restrict access –Grant Full Control only when necessary, even on shares –Change permissions on a folder level; allow changes to affect all child elements
31
Guide to MCDST 70-27131 Auditing for Security Auditing –The security process that records the occurrence of specific operating system events –Events Significant occurrences in the system that require users to be notified or a log entry to be added –Can provide valuable information about: Security breaches Resource activity User adeptness
32
Guide to MCDST 70-27132 Auditing for Security (continued)
33
Guide to MCDST 70-27133 Auditing for Security (continued)
34
Guide to MCDST 70-27134 Summary Windows XP –Can participate as a client in workgroup and domain networks –Supports FAT/FAT32 and NTFS file systems Local and network access to NTFS-hosted resources –Controlled through the use of permissions Compression –Reduces the amount of drive space that some files consume
35
Guide to MCDST 70-27135 Summary (continued) File encryption –Used to restrict access to files and folders to a specific user account Sharing file resources can be done through –Simple file sharing for workgroup members or –Classic file sharing for domain members Troubleshooting access and permissions involves verifying that users are members of the correct groups
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.