70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access - PowerPoint PPT Presentation

Loading...

PPT – 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access PowerPoint presentation | free to download - id: 1e4e6e-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access

Description:

... primary partition or logical drive Where OS files live. 3 ... Folders are shared in Windows Explorer by accessing the Sharing tab of folder's properties ... – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 46
Provided by: web54
Learn more at: http://web.sau.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access


1
70-290 MCSE Guide to Managing a Microsoft
Windows Server 2003 EnvironmentChapter 5
Managing File Access
2
Partitions
  • Partitions
  • Portion of the disk that functions as a separate
    storage unit
  • Primary partitions used to start computer
  • Must be marked as ACTIVE
  • Removable storage cannot be marked ACTIVE
  • Basic disk
  • 4 Primary partitions
  • 3 Primary partitions and 1 Extended partition
  • Extended partitions used to create logical drives
  • Win2003
  • System Partition ACTIVE needed to Load OS
  • Boot Partition primary partition or logical drive
    Where OS files live

3
Disk Management Snap-In
4
Windows Server 2003 File Systems
  • Three main file systems
  • File Allocation Table (FAT)
  • FAT32
  • NTFS
  • Final choice of file system depends on
  • How system will be used
  • Whether there are multiple operating systems
  • Security requirements
  • NTFS is most highly recommended

5
FAT
  • Used by MS-DOS
  • Supported by all versions of Windows since
  • Traditionally limited to partitions up to 2 GB
  • Windows Server 2003 version supports partitions
    up to 4 GB
  • Limitations
  • Small partition sizes
  • No file system security features
  • Disk space usage is poor

6
FAT32
  • A derivative of the FAT file system
  • Supports partition sizes up to 2 TB
  • Still does not provide advanced security features
  • Cannot configure permissions on file and folder
    resources

7
NTFS
  • Introduced with Windows NT operating system
  • Current version (version 5)
  • Windows NT 4.0
  • Windows 2000
  • Windows XP
  • Windows Server 2003
  • Theoretically supports partition sizes of up to
    16 Exabytes (EB)
  • Practically supports maximum partition sizes from
    2 TB to 16 TB

8
Windows Master File Table and Metadata
  • When a volume is formatted with NTFS, a Master
    File Table (MFT) and Metadata are created.
  • NTFS uses MFT entries to define the files that
    they correspond to.
  • NTFS creates a file record for each file and
    directory record created on an NTFS volume. Each
    file usually has one file record.
  • Metadata consists of the files NTFS uses to
    implement the file system structure.

9
NTFS File Attributes
  • Every allocated sector on an NTFS partition
    belongs to a file, including the file system
    Metadata.
  • NTFS views each file or folder as a set of file
    attributes.
  • Resident attributes reside within the MFT
  • Non-resident reside elsewhere on the volume
  • An attribute type code and, optionally, an
    attribute name identify each attribute.
  • Read only
  • Hidden
  • Ready for Archiving
  • Fast Searching
  • Compress
  • Encrypt

10
NTFS (continued)
  • Advantages of NTFS
  • Greater scalability and performance on larger
    partitions
  • Support for Active Directory on systems
    configured as domain controllers
  • Ability to configure security permissions on
    individual files and folders
  • Built-in support for compression and encryption
  • Ability to configure disk quotas for individual
    users
  • Shadow copies
  • Support for Remote Storage
  • Recovery logging of disk activities

11
Creating and Managing Shared Folders
  • Shared folder
  • A data resource made available over a network to
    authorized network clients
  • Specific permissions required for creating,
    reading, modifying
  • Groups that can create shared folders
  • Administrators
  • Server Operators
  • Power Users (only on member servers)
  • Users who have been granted the right

12
Creating and Managing Shared Folders (continued)
  • Several ways to create shared folders
  • Two important methods
  • Windows Explorer Interface
  • Computer Management console
  • Also allows shared folders to be monitored

13
Using Windows Explorer
  • Used since Windows 95
  • Can create, maintain, and share folders
  • Folders can be on any drive connected to the
    computer
  • Folders are shared in Windows Explorer by
    accessing the Sharing tab of folders properties

14
Using Windows Explorer (continued)
  • Shared name of folder does not have to be the
    actual file name
  • Hand icon used to indicate shared status
  • Shared folders can be hidden from My Network
    Places and Network Neighborhood
  • Place dollar sign () after name, e.g., Salary
  • Number of hidden administrative shares created
    automatically at installation

15
Administrative Shared Folders
  • C, D, E, . . .
  • Admin
  • systemroot\windows
  • Print
  • Installable printer drivers

16
Using Windows Explorer (continued)
17
Using Computer Management
  • Computer Management console is a pre-defined
    Microsoft Management Console (MMC)
  • Allows you to share and monitor folders for local
    and remote computers
  • Allows you to stop sharing if desired

18
Using Computer Management (continued)
  • Share a Folder Wizard
  • Used to create folders in Shared Folders section
    of Computer Management
  • Used to provide preconfigured or manual
    permissions
  • All users have read-only access
  • Administrators have full access others have
    read-only access
  • Administrators have full access others have read
    and write access
  • Custom share and folder permissions

19
Monitoring Access to Shared Folders
  • Monitoring involves
  • Who is using shared files
  • What shared files are open at any given time
  • Other functions
  • Disconnect users from a share
  • Send network alert messages
  • Primary monitoring tool is Computer Management

20
Monitoring Access to Shared Folders
21
Managing Shared Folder Permissions
  • A shared folder has a discretionary access
    control list (DACL)
  • Contains a list of user or group references that
    have been allowed or denied permissions
  • Each reference is an access control entry (ACE)
  • Accessed from Permissions button on Sharing tab
    of folders properties
  • Permissions only apply to network users, not
    those logged on directly to local machine

22
Managing Shared Folder Permissions (continued)
23
Managing Shared Folder Permissions (continued)
  • To deny access to a user or group
  • Windows Server 2003 does not include No Access
    share permission
  • Must explicitly deny access to each individually
  • Default permission is read access for Everyone
    group
  • Should be immediately addressed when a share is
    created
  • Folder permissions are inherited by all contained
    objects

24
Shared Folder Permissions
  • Shared folder permissions apply to folders, not
    individual files.
  • Shared folder permissions do not restrict local
    access
  • Shared folder permissions are the only way to
    secure network resources on FAT volumes.
  • To control how users gain access to a shared
    folder, you must assign shared folder
    permissions.
  • You can allow or deny shared folder permissions
    to individual users or to user groups.

25
Applying Shared Folder Permissions
  • Multiple permissions.
  • Effective permissions are a combination
  • Denied permissions override allowed permissions.
  • NTFS permissions Most restrictive is applied
  • Copying or moving shared folders.
  • Copy does not destroy the share
  • Move will destroy the share

26
Guidelines for Shared Folder Permissions
  • Determine which groups need access to each
    resource and the level of access they require.
  • Assign permissions to groups instead of user
    accounts to simplify access administration.
  • Assign the most restrictive permissions that
    still allow users to perform required tasks.
  • Organize resources so that folders with the same
    security requirements are located within a
    folder.
  • Use intuitive share names so that users can
    easily recognize and locate resources.

27
NTFS Permissions
  • Resources located on an NTFS partition or volume
    can be given NTFS permissions
  • An administrator must
  • Know how permissions are applied
  • Standard and special NTFS permissions available
  • How effective permissions are determined

28
NTFS Permission Concepts
  • NTFS permissions are configured via the Security
    tab
  • NTFS permissions are cumulative
  • Access denial always overrides permitted access
  • NTFS folder permissions are inherited unless
    otherwise specified
  • NTFS permissions can be set at file or folder
    level

29
NTFS Permission Concepts (continued)
  • A new ACE has default permission
  • Read and Read and Execute for files
  • List Folder Contents for folders
  • Windows Server 2003 has set of standard
    permissions plus special permissions

30
NTFS Permission Concepts (continued)
31
Special NTFS Permissions
  • Can provide more or less access than standard
    permissions
  • Special permissions accessed from Advanced button
    in the Security tab on Properties dialog box for
    resource
  • Permission Entry dialog box enables assignment of
    permissions and control of inheritance settings

32
Special NTFS Permissions (continued)
33
Special NTFS Permissions (continued)
  • Inheritance settings
  • This folder only
  • This folder, subfolders, and files (default)
  • This folder and subfolders
  • This folder and files
  • Subfolders and files only
  • Subfolders only
  • Files only

34
Special NTFS Permissions (continued)
35
Special NTFS Permissions (continued)
36
File/Folder Ownership
  • Every file/folder has an owner (usually a user
    who created a file)
  • Ownership doesnt change by users simply editing
    a file
  • An owner has Full Control permission for a
    file/folder and can grant other users NTFS
    permission to that file and folder
  • A user with appropriate permission can take
    ownership of someone elses file/folder

37
Determining Effective Permissions
  • Permissions that actually apply to a user can be
    the result of membership in multiple groups
  • Prior to Windows Server 2003, determining
    effective permissions was done manually
  • In Windows Server 2003, there is an Effective
    Permissions tab in Advanced Security Settings
    dialog box for resource
  • Shows specific permissions for a user or group

38
NTFS Permissions
  • No Access is stronger than all permissions.

User permissionsW
RW
FolderC\Thomas
Group permissionsR
None
User permissionsNo Access
FolderC\Thomas
User permissionsRW
39
Determining Effective Permissions (continued)
40
Combining Shared Folder and NTFS Permissions
  • NTFS permissions can be combined with share
    permissions
  • When accessing a share across a network, if both
    apply, use most restrictive
  • When accessing a file locally, only NTFS
    permissions apply

41
Assigning NTFS Permissions
  • NTFS Full Control permission
  • When user creates to becomes the owner
  • Multiple NTFS permissions
  • File permissions supercede folder permissions
  • May access a file even if no folder permissions
  • Permission inheritance
  • Folder permissions are inherited by files and
    sub-folders
  • Inheritance can be prevented
  • Permissions can be set directly
  • Most recent parent wins

42
Copying Files and Folders
43
Moving Files or Folders Between NTFS Volumes
44
Converting a FAT Partition to NTFS
  • For highest security, partitions and volumes
    should be configured to use NTFS
  • Command-line utility, CONVERT, will convert FAT
    or FAT32 partitions and volumes to NTFS
  • All existing files and folders are retained
  • CONVERT cannot convert NTFS to FAT or FAT32

45
Glad thats over!!!!
About PowerShow.com