Chapter 5 – Managing File Access
Download
Report
Transcript Chapter 5 – Managing File Access
Chapter 5 – Managing
File Access
MIS 431 Created Spring 2006
MIS 431 - Chapter 5
1
Permissions!!
The main reason for implementing a network
is to allow users to access shared resources.
Resources such as files, folders, and printers
are secured in WS03 via use of permissions.
WS03 handles both FAT and NTFS volumes,
but NTFS is assumed – a richer permission
environment.
MIS 431 - Chapter 5
2
WS03 File Systems
FAT – up to 4 GB; limitations are small partition size and no file
security features
FAT32 – up to 2 TB partitions but no file security features
NTFS – version 5 in WS03
Supports up to 16 TB (terabytes)
Greater scalability over FAT and better performance
Support for WS03 AD – DC must have an NTFS partition
Built-in encryption and compression
Configure disk quotas for users
Support for remote storage and removable media
Recovery logging of disk activities for faster recovery after a
failure
MIS 431 - Chapter 5
3
Creating & Managing Shared Folders
A shared folder is a data resource that is
made available over network to auth. Users
Users must have proper rights to create a
shared folder
Be in the Administrators or Server Operators
groups
Be in the Power Users group on WS03
servers that are not domain controllers
MIS 431 - Chapter 5
4
To Create a Shared Folder
Using Windows Explorer (Activity 5-1)
Rt click on folder and click Sharing Tab - see
figure 5-2 on p. 185
Choose Share this folder, give share name,
and specify Permissions
Folder has shared icon (hand underneath)
Administrative share name: Admin$
Has dollar sign at end and is hidden
Only Administrators can see and access root
of the drive with C$ or D$
MIS 431 - Chapter 5
5
To Create a Shared Folder, contd.
Using Computer Management (Act. 5-2) MMC
Use the Share a Folder Wizard in Shared Folders
section: expand and click Shares
The wizard also lets you configure permissions
All users have read-only access (Everyone group has
Read permission)
Administrators have full access; others read-only
Administrators have full access; others read and write
Custom share permissions – Allows both share and
NTFS permissions to be defined manually by group
and/or user
Using net share command from command line.
MIS 431 - Chapter 5
6
Monitoring Access to Shared Folders
Keep track of the number of users connected
to specific resources
Use Computer Management MMC – examine
Sessions and Open Files lines
Can Rt-click Computer Management (Local)
and choose Connect to manage a different
server in the domain.
Can disconnect a user or open file
connection: rt-click the entry in the Details
pane and choose Close Open File or Close
Session – takes place immediately.
MIS 431 - Chapter 5
7
Shared Folder Permissions
DACL – discretionary access control list
Part of the security descriptor with list of users
that have been
Allowed access to that resource
Disallowed access to that resource
Applies to network only, not users logged in
locally to that computer
MIS 431 - Chapter 5
8
More WS03 Permissions…
Permissions in WS03
Read – browse file and folder names, read
contents, execute programs
Change – same as Read plus ability to add or
delete files in the folder; also can read and edit
contents of existing files
Full Control – same as Read and Change
plus ability to change permissions for the
folder
MIS 431 - Chapter 5
9
Implementing WS03 Permissions
See Act. 5-3
Click Sharing tab and then Permissions button
Within Group or user names list box
Click Add
Enter a group name or a user name, click OK
In Allow column, select Full, Change, or Read
In Deny column, select Full, Change, or Read
DENY trumps Allow: don’t deny and allow
same thing!
MIS 431 - Chapter 5
10
NTFS Permissions
These add to the WS03 permissions and give finer
control
NTFS Permission Concepts:
Configure with Security tab
Permissions are cumulative: they add based on
individual and group permissions
Denied permissions always override
Folder permissions are inherited by child folders and
files unless otherwise specified
Can be set at a file level as well as folder level
Default is Read; Read & Execute; List Folder Contents
MIS 431 - Chapter 5
11
Standard NTFS (Fig 5-12 p. 198)
Full Control – make any changes
Modify – Full except permission to delete subfolders and files,
change permissions, or take ownership
Read & Execute – Can traverse folders, list folders, read
attributes & permissions; inherited by folders and files
List Folder Contents – Same as Read & Execute but inherited
only by folders
Read – Same as Read & Execute except without permission to
traverse folders
Write – Create files and folders, write attributes, read
permissions, synchronize
Special – can choose custom combination (see Table 5-3)
See Activity 5-5
MIS 431 - Chapter 5
12
Determine Effective Permissions
Much better technique in WS03
Rt-click a folder
Click Effective Permissions tab in Advanced
Security Settings dialog box (Act. 5-6)
Select a user or group, and read the effective
permissions for that folder by that user/group
MIS 431 - Chapter 5
13
Combining Shared Folder and NTFS
Permissions (Act. 5-7)
When combining WS03 and NTFS:
When a user access a share across the
network, the permissions combine
Most restrictive of the two becomes the
effective permission
When a user accesses a file locally, only
NTFS permissions apply.
MIS 431 - Chapter 5
14
Convert FAT Partition to NTFS
Use command line utility called CONVERT to
convert a FAT or FAT32 partition to NTFS 5.
In Activity 5-8, you will use Disk Management
to create a new partition
Requires that you have space available.
Specify FAT32 for this partition and size
Give name and drive letter (in this case, F:)
Then create a folder and examine properties
Do Start | Run | Convert f:/fs:ntfs
MIS 431 - Chapter 5
15