Transcript www.yorktech.com

Chapter Overview



Understanding Shared Folders
Planning, Sharing, and Connecting to Shared
Folders
Combining Shared Folder Permissions and
NTFS Permissions
1
Shared Folders



Give network users access to files
Allow users to connect to the shared folder
over the network
Require users to have permission to access
them
2
Shared Folder Permissions





Are determined by the type of data in the
folder
Apply to the entire folder, not to individual
files
Do not restrict access to users at the
computer where the folder is stored
Are the only way to secure network resources
on a file allocation table (FAT) volume
Are set to Full Control for the Everyone group
by default
3
Types of Shared Folder Permissions
4
Guidelines for Allowing or Denying
Shared Folder Permissions



Allow, rather than deny, permissions.
Assign permissions to a group rather than to
a user.
Deny permissions only when necessary to
override applied permissions.
5
How Shared Folder Permissions Are
Applied




Users’ effective permissions are the
combination of their user and group
permissions.
Denied permissions override all other
permissions.
The appropriate NT file system (NTFS)
permissions are required on NTFS volumes.
Copied, moved, or renamed folders are no
longer shared.
6
Guidelines for Assigning Shared
Folder Permissions





Determine the level of access required.
Assign permissions to groups rather than
individual users.
Assign the most restrictive permissions that
still allow users to perform required tasks.
Organize folders to include resources with
similar security requirements.
Use short, intuitive share names.
7
Shared Application Folders


Contain applications installed on a network
server and used from client computers
Make it unnecessary to install and maintain
most application components on every
computer
8
Guidelines for Creating and Sharing
Application Folders

You can make the following modifications:






Create a shared folder for applications.
Assign the Full Control permission to the
Administrators group.
Remove the Full Control permission from the
Everyone group.
Assign the Read permission to the Users group.
Assign the Change permission to groups that
upgrade and troubleshoot.
Create a separate shared folder for each
application with different permissions.
9
Shared Data Folders


Are used to exchange public and working
data
Should be created on a volume that is
separate from the operating system and
applications
10
Guidelines for Shared Public Data
and Working Data Folders
11
Requirements for Sharing Folders

In a domain environment




The Administrators and Server Operators groups
can share folders anywhere in the domain
The Power Users group can share folders residing
only on the local computer
In a workgroup environment, the
Administrators and Power Users groups can
share folders on the local computer.
Users need at least the Read permission to
share a folder on an NTFS volume.
12
Administrative Shares


Microsoft Windows XP Professional
automatically creates administrative shares.
Administrative share names are appended
with a dollar sign ($).




The root of each volume on a hard disk is C$ by
default
The system root folder is Admin$
The %systemroot%\System32\Spool\Drivers
folder is Print$
You can create additional administrative
shares by appending a dollar sign ($) to the
13
share name.
Sharing a Folder
14
Assigning Shared Folder Permissions
15
Caching




Caching lets you store shared files in a cache
on a hard disk.
The cache is a reserved portion of disk space
on your computer.
The cache can be accessed when your
computer is offline.
The cache size can be changed.
16
The Caching Settings Dialog Box
17
Modifying Shared Folders

You can make the following modifications:



Stop sharing a folder
Modify the share name
Modify shared folder permissions
18
Connecting to a Shared Folder



My Network Places
My Computer
Run command
19
Combining Shared Folder and NTFS
Permissions




Share folders with the default permission.
Use NTFS permissions to control access.
Apply different NTFS permissions to each file
and subfolder.
Keep in mind that the more restrictive
permission is always the overriding
permission.
20
Chapter Summary





Sharing a folder makes the folder and its contents
available to other users on the network.
Using shared folder permissions is the only way to
secure file resources on FAT volumes.
Shared folder permissions apply to folders, not to
individual files.
The three shared folder permissions are Read,
Change, and Full Control.
Windows XP Professional automatically creates
administrative shares, which are marked with a dollar
sign ($) to hide them from users who browse the
computer.
21
Chapter Summary (Cont.)




Copies of files in shared folders are stored in the
cache on your hard disk, which makes the files
available offline.
You can access a shared folder on another computer
by using My Computer, the Run command, or My
Network Places.
On an NTFS volume, you can assign NTFS
permissions to individual users and groups to better
control access to the files and subfolders in the
shared folders.
When you combine shared folder permissions and
NTFS permissions, the more restrictive permission is
always the overriding permission.
22