Presentation is loading. Please wait.

Presentation is loading. Please wait.

Configuring and Managing Resource Access Lecture 5.

Published byMiles Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Configuring and Managing Resource Access Lecture 5."— Presentation transcript:

1 Configuring and Managing Resource Access Lecture 5

2 Folder and File Security Access Control List (ACL) – list of privileges given to a user account or a group DACL – discretionary ACL – configured by an admin or owner SACL – system control ACL – contains information for auditing access

3 Folder and File Attributes Read-only Hidden Extended attributes: Archive, Index (not Windows Search Service), Compress, Encrypt

4 Folder and File Permissions Permissions (NTFS) control access to an object DACL

5 NTFS permissions NTFS permissions are specified in the object’s ACL and are used to control access to the object 2 Categories of permissions: Standard and Special Standard are pre-set, frequently used permissions for objects Special provide finer granularity to file/folder security

6 NTFS permissions NTFS permissions can be assigned by an owner, a user with Full Control, or a user with Change Permissions. Also, a user with Take Ownership permission can take ownership of the file/folder and then change permissions.

7 Standard NTFS Permissions  Read  Read&Execute  List Folder Contents  Write  Modify  Full Control

8 Folder and File Auditing  Auditing tracks access to folders and files  Audited events are recorded in the Windows Server 2008 Security Log in Event Viewer

9 Folder and File ownership  An owner is the person who creates a folder/file.  Owner can change permissions  Ownership can be transferred to a user with Full Control or Take Ownership permissions  Administrators can always take ownership

10 New, Moved and Copied files and folders permissions  When a file or folder is moved or copied, it will inherit the destination folder permissions.  The only exception is when a file/folder is moved within the same NTFS volume - then it will retain its original permissions.

11 Shared Folders and Permissions  Shared folder gives users access over the network  In Server 2008 sharing is more secure (not shared with Everyone by default)

12 Shared Folder Permissions  Share permissions are different from NTFS (NTFS and share permissions are cumulative)  Deny permissions take precedence’  Shared folders can be cached  Shared Folders can be published in AD

13 Shared Folder Permissions  Reader (former Read)  Contributor (former Change)  Co-owner (former Full Control)  Owner

14 Effective permissions  User and Group NTFS permissions combine for the least restrictive combination, except where Deny overrides Allow. Files may have different permissions that parent folder permissions.  When combining share and NTFS permissions always chose the MOST restrictive combination

15 Effective NTFS permissions 1. Determine effective shared by choosing the least restrictive of all shared. The exception is Denied permission overrides Allow. 2. Determine effective NTFS by choosing the least restrictive of all shared. The exception is Denied permission overrides Allow. 3. Combine the results of steps 1 and 2 and choose the MOST restrictive permission out of share and NTFS. IF there is no overlap - no permissions are effective.

16 Troubleshooting Permissions Problems When permissions are granted through group membership, a user needs to log off and log back on Watch out for “Deny” Permissions Watch out for individual folder permissions Watch out for a conflicting combination of NTFS/Shared permissions File permissions change after being moved/copied

17 Distributed File Services A way to combine multiple shared folders on different servers into one hierarchy (under 1 root) Stand-alone- only exists on 1 server Domain-based – allows fault-tolerance and load balancing, as well as using AD for copying a folder to multiple targets

Download ppt "Configuring and Managing Resource Access Lecture 5."

Similar presentations

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.

1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS 431 - Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.

MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Chapter 5 File and Printer Services

Chapter 5 File and Printer Services
Access Control Lists and NTFS Permissions INFO333 – Lecture 4 2010 Mariusz Nowostawski Noria Foukia.

Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.

NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.

Similar presentations

Ads by Google