70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access - PowerPoint PPT Presentation


PPT – 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access PowerPoint presentation | free to download - id: 1e4e6e-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access


... primary partition or logical drive Where OS files live. 3 ... Folders are shared in Windows Explorer by accessing the Sharing tab of folder's properties ... – PowerPoint PPT presentation

Number of Views:87
Avg rating:3.0/5.0
Slides: 46
Provided by: web54
Learn more at: http://web.sau.edu


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access

70-290 MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment Chapter 5
Managing File Access
  • Partitions
  • Portion of the disk that functions as a separate
    storage unit
  • Primary partitions used to start computer
  • Must be marked as ACTIVE
  • Removable storage cannot be marked ACTIVE
  • Basic disk
  • 4 Primary partitions
  • 3 Primary partitions and 1 Extended partition
  • Extended partitions used to create logical drives
  • Win2003
  • System Partition ACTIVE needed to Load OS
  • Boot Partition primary partition or logical drive
    Where OS files live

Disk Management Snap-In
Windows Server 2003 File Systems
  • Three main file systems
  • File Allocation Table (FAT)
  • FAT32
  • NTFS
  • Final choice of file system depends on
  • How system will be used
  • Whether there are multiple operating systems
  • Security requirements
  • NTFS is most highly recommended

  • Used by MS-DOS
  • Supported by all versions of Windows since
  • Traditionally limited to partitions up to 2 GB
  • Windows Server 2003 version supports partitions
    up to 4 GB
  • Limitations
  • Small partition sizes
  • No file system security features
  • Disk space usage is poor

  • A derivative of the FAT file system
  • Supports partition sizes up to 2 TB
  • Still does not provide advanced security features
  • Cannot configure permissions on file and folder

  • Introduced with Windows NT operating system
  • Current version (version 5)
  • Windows NT 4.0
  • Windows 2000
  • Windows XP
  • Windows Server 2003
  • Theoretically supports partition sizes of up to
    16 Exabytes (EB)
  • Practically supports maximum partition sizes from
    2 TB to 16 TB

Windows Master File Table and Metadata
  • When a volume is formatted with NTFS, a Master
    File Table (MFT) and Metadata are created.
  • NTFS uses MFT entries to define the files that
    they correspond to.
  • NTFS creates a file record for each file and
    directory record created on an NTFS volume. Each
    file usually has one file record.
  • Metadata consists of the files NTFS uses to
    implement the file system structure.

NTFS File Attributes
  • Every allocated sector on an NTFS partition
    belongs to a file, including the file system
  • NTFS views each file or folder as a set of file
  • Resident attributes reside within the MFT
  • Non-resident reside elsewhere on the volume
  • An attribute type code and, optionally, an
    attribute name identify each attribute.
  • Read only
  • Hidden
  • Ready for Archiving
  • Fast Searching
  • Compress
  • Encrypt

NTFS (continued)
  • Advantages of NTFS
  • Greater scalability and performance on larger
  • Support for Active Directory on systems
    configured as domain controllers
  • Ability to configure security permissions on
    individual files and folders
  • Built-in support for compression and encryption
  • Ability to configure disk quotas for individual
  • Shadow copies
  • Support for Remote Storage
  • Recovery logging of disk activities

Creating and Managing Shared Folders
  • Shared folder
  • A data resource made available over a network to
    authorized network clients
  • Specific permissions required for creating,
    reading, modifying
  • Groups that can create shared folders
  • Administrators
  • Server Operators
  • Power Users (only on member servers)
  • Users who have been granted the right

Creating and Managing Shared Folders (continued)
  • Several ways to create shared folders
  • Two important methods
  • Windows Explorer Interface
  • Computer Management console
  • Also allows shared folders to be monitored

Using Windows Explorer
  • Used since Windows 95
  • Can create, maintain, and share folders
  • Folders can be on any drive connected to the
  • Folders are shared in Windows Explorer by
    accessing the Sharing tab of folders properties

Using Windows Explorer (continued)
  • Shared name of folder does not have to be the
    actual file name
  • Hand icon used to indicate shared status
  • Shared folders can be hidden from My Network
    Places and Network Neighborhood
  • Place dollar sign () after name, e.g., Salary
  • Number of hidden administrative shares created
    automatically at installation

Administrative Shared Folders
  • C, D, E, . . .
  • Admin
  • systemroot\windows
  • Print
  • Installable printer drivers

Using Windows Explorer (continued)
Using Computer Management
  • Computer Management console is a pre-defined
    Microsoft Management Console (MMC)
  • Allows you to share and monitor folders for local
    and remote computers
  • Allows you to stop sharing if desired

Using Computer Management (continued)
  • Share a Folder Wizard
  • Used to create folders in Shared Folders section
    of Computer Management
  • Used to provide preconfigured or manual
  • All users have read-only access
  • Administrators have full access others have
    read-only access
  • Administrators have full access others have read
    and write access
  • Custom share and folder permissions

Monitoring Access to Shared Folders
  • Monitoring involves
  • Who is using shared files
  • What shared files are open at any given time
  • Other functions
  • Disconnect users from a share
  • Send network alert messages
  • Primary monitoring tool is Computer Management

Monitoring Access to Shared Folders
Managing Shared Folder Permissions
  • A shared folder has a discretionary access
    control list (DACL)
  • Contains a list of user or group references that
    have been allowed or denied permissions
  • Each reference is an access control entry (ACE)
  • Accessed from Permissions button on Sharing tab
    of folders properties
  • Permissions only apply to network users, not
    those logged on directly to local machine

Managing Shared Folder Permissions (continued)
Managing Shared Folder Permissions (continued)
  • To deny access to a user or group
  • Windows Server 2003 does not include No Access
    share permission
  • Must explicitly deny access to each individually
  • Default permission is read access for Everyone
  • Should be immediately addressed when a share is
  • Folder permissions are inherited by all contained

Shared Folder Permissions
  • Shared folder permissions apply to folders, not
    individual files.
  • Shared folder permissions do not restrict local
  • Shared folder permissions are the only way to
    secure network resources on FAT volumes.
  • To control how users gain access to a shared
    folder, you must assign shared folder
  • You can allow or deny shared folder permissions
    to individual users or to user groups.

Applying Shared Folder Permissions
  • Multiple permissions.
  • Effective permissions are a combination
  • Denied permissions override allowed permissions.
  • NTFS permissions Most restrictive is applied
  • Copying or moving shared folders.
  • Copy does not destroy the share
  • Move will destroy the share

Guidelines for Shared Folder Permissions
  • Determine which groups need access to each
    resource and the level of access they require.
  • Assign permissions to groups instead of user
    accounts to simplify access administration.
  • Assign the most restrictive permissions that
    still allow users to perform required tasks.
  • Organize resources so that folders with the same
    security requirements are located within a
  • Use intuitive share names so that users can
    easily recognize and locate resources.

NTFS Permissions
  • Resources located on an NTFS partition or volume
    can be given NTFS permissions
  • An administrator must
  • Know how permissions are applied
  • Standard and special NTFS permissions available
  • How effective permissions are determined

NTFS Permission Concepts
  • NTFS permissions are configured via the Security
  • NTFS permissions are cumulative
  • Access denial always overrides permitted access
  • NTFS folder permissions are inherited unless
    otherwise specified
  • NTFS permissions can be set at file or folder

NTFS Permission Concepts (continued)
  • A new ACE has default permission
  • Read and Read and Execute for files
  • List Folder Contents for folders
  • Windows Server 2003 has set of standard
    permissions plus special permissions

NTFS Permission Concepts (continued)
Special NTFS Permissions
  • Can provide more or less access than standard
  • Special permissions accessed from Advanced button
    in the Security tab on Properties dialog box for
  • Permission Entry dialog box enables assignment of
    permissions and control of inheritance settings

Special NTFS Permissions (continued)
Special NTFS Permissions (continued)
  • Inheritance settings
  • This folder only
  • This folder, subfolders, and files (default)
  • This folder and subfolders
  • This folder and files
  • Subfolders and files only
  • Subfolders only
  • Files only

Special NTFS Permissions (continued)
Special NTFS Permissions (continued)
File/Folder Ownership
  • Every file/folder has an owner (usually a user
    who created a file)
  • Ownership doesnt change by users simply editing
    a file
  • An owner has Full Control permission for a
    file/folder and can grant other users NTFS
    permission to that file and folder
  • A user with appropriate permission can take
    ownership of someone elses file/folder

Determining Effective Permissions
  • Permissions that actually apply to a user can be
    the result of membership in multiple groups
  • Prior to Windows Server 2003, determining
    effective permissions was done manually
  • In Windows Server 2003, there is an Effective
    Permissions tab in Advanced Security Settings
    dialog box for resource
  • Shows specific permissions for a user or group

NTFS Permissions
  • No Access is stronger than all permissions.

User permissions W
Folder C\Thomas
Group permissions R
User permissions No Access
Folder C\Thomas
User permissions RW
Determining Effective Permissions (continued)
Combining Shared Folder and NTFS Permissions
  • NTFS permissions can be combined with share
  • When accessing a share across a network, if both
    apply, use most restrictive
  • When accessing a file locally, only NTFS
    permissions apply

Assigning NTFS Permissions
  • NTFS Full Control permission
  • When user creates to becomes the owner
  • Multiple NTFS permissions
  • File permissions supercede folder permissions
  • May access a file even if no folder permissions
  • Permission inheritance
  • Folder permissions are inherited by files and
  • Inheritance can be prevented
  • Permissions can be set directly
  • Most recent parent wins

Copying Files and Folders
Moving Files or Folders Between NTFS Volumes
Converting a FAT Partition to NTFS
  • For highest security, partitions and volumes
    should be configured to use NTFS
  • Command-line utility, CONVERT, will convert FAT
    or FAT32 partitions and volumes to NTFS
  • All existing files and folders are retained
  • CONVERT cannot convert NTFS to FAT or FAT32

Glad thats over!!!!
About PowerShow.com