Chapter 9: Managing Server Folders, Permissions, and Software Installation

1
Chapter 9 Managing Server Folders, Permissions,
and Software Installation
2
Learning Objectives

• Manage folders on a server, including
• Planning a folder structure
• Viewing and creating folders
• Setting folder properties such as attributes,
  permissions, auditing, and ownership
• Setting up shared folders
• Moving and copying files and folders
• Install and manage application software

continued
3
Learning Objectives

• Use the Registry to configure Windows NT Server
  and application software, and use Windows NT
  Diagnostics to view Registry contents
• Set system policies using the System Policy
  Editor
• Configure and use License Manager
• Configure and use Directory Replicator

4
Managing Folders

• Designing a folder structure
• Viewing and creating folders
• Setting folder properties
• Setting up a shared folder
• Troubleshooting a security conflict
• Moving and copying files and folders

5
Designing a Folder Structure

• A chaotic file structure makes it difficult to
  run or remove programs
• Avoid confusion by having a place for
• Software applications
• Confidential files shared by certain groups
• Public files shared by everyone
• Software utilities for all users
• Server management utilities

6
Folder Structure Design Considerations

• Root folder should not be cluttered with files or
  too many folders
• Each software application should have its own
  folder or subfolder
• Similar information should be grouped
• Folders should have names that clearly reflect
  their purpose

7
A Sample Folder Structure
Folders off the Root
Manage
Users
Data
Word
Ntserver
Winnt (created by NT Server setup)
Forms
Msoffice
Access
Excel
Queries
Winword
Templates
Clipart
Office
Contracts
Court
Tax
RealEstate
Wills
Bankruptcy
8
Viewing and Creating Folders

• Viewing
• Use My Computer or Windows NT Explorer
• Display can be customized
• or, the good ol command-line interface
• dir command, or similar add-ons
• Creating
• Use My Computer or Windows NT Explorer
• or, CLI

9
Setting Folder Properties

• General properties
• Folder and permission security
• Permissions
• Auditing
• Ownership

10
General Properties

• Descriptive information
• Location
• Size
• Number of files/folders
• Folder name and creation date
• Folder attributes

11
Attributes

• A characteristic associated with a folder or
  file, used to help mange access and backups
• Largely ignored by NT administrators (except for
  backup purposes) in favor of rights and
  permissions

12
Windows NT Attributes
13
Folder and Permission Security

• Three security options
• Permissions Control access to the folder and
  its contents
• Auditing Enables administrator to audit
  activities on a folder or file
• Ownership Designates the folder owner who has
  full control of that folder

14
NTFS Folder and File Permissions
15
Directory Permissions Dialog Box
Note would usually have 1 group/username under
Name.
16
Microsoft Guidelines for Setting Permissions

• Protect the Winnt folder that contains operating
  system files from general users (No Access or
  Read) but give Administrators Full Control access
• Protect server utility folders with access
  permissions only for Administrators, and Server
  and Backup Operators

continued
17
Microsoft Guidelines for Setting Permissions

• Protect software application folders with Add
  Read
• Create publicly used folders with Change access
• Provide users Full Control of their own home
  directories
• Remove the group Everyone from confidential
  folders

18
Special Folder and Special File Access Options

• Enable customization of folders or file access
  beyond standard permissions
• different combinations of the aforementioned
  abilities
• R, W, X, D, C, take owner
• useful for special situations, if need be

19
Auditing

• Tracks access to folders and files
• Directory Auditing dialog box enables auditing of
  a variety of successful and failed events
• track success/fail, whichever is more important
  for that particular case
• remember, auditing can be expensive -- that is,
  can dramatically affect server performance

20
Ownership

• Folder owners have Full Control permissions for
  the folders they create

Taking ownership of a folder
21
Setting Up a Shared Folder

• Share permissions
• No Access
• Read
• Change
• Full Control
• Can be overridden
• NT uses most restrictive permission, whichever is
  stricter

22
Setting Up a Shared Folder

• Sharing can be limited by users
• software licensing
• also provides some extra security
• Shares can be hidden
• put character at end of share name
• both for security through obscurity as well as
  ease-of-use

23
Troubleshooting a Security Conflict

• Review folder permissions and share permissions
  for the account and for the groups to which the
  account user belongs
• Careful planning of folder structure and user
  groups in light of server security needs saves
  time and user aggravation

24
Moving and Copying Files and Folders

• Creating, moving, or copying a file can affect
  the file and folder permissions
• Moving File is deleted from the original
  location placed in a different folder
• Copying Original file remains intact and a copy
  is made in another folder
• New file permissions depend on
• copy/create - inherit from folder
• move - retain existing
• unless move to different volume - like copy

25
Installing and Managing Application Software

• Software licensing
• Network compatibility
• Network performance
• Location of temporary files
• Software testing
• Loading software from the network
• Restrictions for MS-DOS-based software

26
Software Licensing

• Read and follow licensing agreement before
  loading software
• Copy protect the software
• user education important
• License monitoring A process used to ensure
  that the number of software licenses in use does
  not exceed the number for which the network is
  authorized

27
Network Compatibility

• Check all applications to be certain they are
  network-compatible, i.e., designed for multiuser
  access, often with network capabilities such as
  options to send files through e-mail
• with popularity of the Internet, new applications
  generally are network-friendly
• but remember, Internet features can be a security
  hole

28
Network Performance

• Closely monitor network activity and traffic
  associated with software applications
• some applications have BIG effect on network
  traffic
• remember, software is one consideration when
  choosing topology

29
Location of Temporary Files

• Determine what extra files are needed to run an
  application and where to store them
• Teach software users how to deploy temporary and
  backup files created by software, and how to
  delete them when no longer needed
• utilities exist to clean up files automatically

30
Software Testing

• Test each software installation before releasing
  it to users
• An important way to determine that the software
  is working, is network compatible, and that the
  permissions are correctly set

31
Loading Software from the Network

• One option Install software application files
  from network onto each client workstation
• Another option Install client software so that
  application files are loaded from server
• Advantage Save workstation disk space
• Advantage Ease of management
• Disadvantage Extra network traffic

32
Installing Software Using Add/Remove Programs

• Software configuration is stored in Windows NT
  Registry configuration is easier and
  configuration information can be updated to an
  ERD
• Registry tracks location of all files associated
  with software easier to remove all program pieces

33
Running Software Applications in User Mode

• User mode
• Used for running programs in a memory area kept
  separate from that used by the kernel
• The program cannot directly access the kernel or
  operating system services except through an API
• Kernel mode
• Privileged environment in which Windows NT
  operating system kernel runs
• Consists of protected memory area and privileges
  to directly execute system services, access CPU,
  run I/O operations, etc.

34
Using the Registry to Configure System Setup and
Software

• Registry Database that contains information the
  operating system needs about the entire server
  (configuration, program setup, devices, drivers,
  etc.)
• Two editors to view Registry contents
• Regedit
• Regedt32

35
The Five Root Keys

• Root key (or subtree) Highest category of data
  contained in the Registry
• The five root keys
• HKEY_LOCAL_MACHINE
• HKEY_CURRENT_USER
• HKEY_USERS
• HKEY_CLASSES_ROOT
• HKEY_CURRENT_CONFIG

36
The Five Root Keys
37
Backing Up the Registry

• The Registry is vitally important to Windows NT
  Server
• Plan to back it up regularly when you back up
  other files
• ERD - via RDISK
• separately - via REGBACK
• 3rd-party backup software often has specific
  options for registry

38
Setting System Policies

• Override registry settings in Windows NT Server
• Used to set up special conditions for individual
  users
• security
• ease-of-use
• Used to set up restrictions for all users
• security
• ease-of-use

39
System Policies to Govern All Users

• Control Panel display options
• Desktop wallpaper and color schemes
• Operating system shell restrictions
• hiding drives, Net Neighborhood, etc.
• System restrictions
• run only certain programs, etc.
• Windows NT Shell options
• Windows NT System options

40
System Policiesto Govern Individual Users

• Remote access settings
• Creation of hidden drive shares
• Network printer scheduling and error control
  options
• Customized shared folder setup
• Logon security and logon banner controls
• File-naming options
• User profile network time-out periods for slow
  network connections

41
Setting Up and Using License Manager

• License right to use software
• license terms differ by vendor
• select the best option based on needs price
• Per seat licensing Requires that there be
  enough licensees for all network client
  workstations
• Per server licensing Based on maximum number of
  clients that use an application at one time

42
Setting Up and Using Directory Replicator

• Directory replication services enable designated
  directories on one server to be copied to another
  server(s) or workstation(s) on the network
• Export server Server with the original
  directories
• Import server Computer that receives the
  directories and files

43
Directory Replication Uses

• To copy an update database on a member server in
  a client/server system to a reporting database on
  a different member server
• To create a backup copy of account-related
  information

44
Setting Up Export and Import Parameters
45
Chapter Summary

• Plan folder structure in advance.
• Create distinct folders for user directories,
  software applications, server utilities, etc.
• Set up folder properties
• Set up permissions according to purpose of folder

continued
46
Chapter Summary

• Before installing application software in a
  folder, make sure the software is
  network-compatible.
• Use Add/Remove Programs tool to install software
  so that installation is coordinated with the
  Windows NT Registry.

continued
47
Chapter Summary

• System policies offer another way to change
  Registry settings and to customize how users
  access Windows NT Server.
• License Manager records and monitors the number
  of licenses.
• Directory Replicator copies folders from a server
  to other network computers.

48
(No Transcript)