SHARING FILE SYSTEM RESOURCES - PowerPoint PPT Presentation

Loading...

PPT – SHARING FILE SYSTEM RESOURCES PowerPoint presentation | free to view - id: 70d7d6-OGNmN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

SHARING FILE SYSTEM RESOURCES

Description:

SHARING FILE SYSTEM RESOURCES CHAPTER OVERVIEW Create and manage file system shares and work with share permissions Use NTFS file system permissions to control access ... – PowerPoint PPT presentation

Number of Views:122
Avg rating:3.0/5.0
Slides: 48
Provided by: pgc95
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: SHARING FILE SYSTEM RESOURCES


1
SHARING FILE SYSTEM RESOURCES
  • Chapter 9

2
CHAPTER OVERVIEW
  • Create and manage file system shares and work
    with share permissions
  • Use NTFS file system permissions to control
    access to files
  • Manage file sharing using Internet Information
    Services (IIS)

3
UNDERSTANDING PERMISSIONS OVERVIEW
  • File system permissions
  • Share permissions
  • Active Directory permissions
  • Registry permissions (REGEDIT)

4
ACCESS CONTROL LISTS (ACL)
  • Lab
  • Properties for root of a drive
  • Windows Explorer
  • Right-click
  • Properties

Access Control Entries ACL has ACEs
5
PERMISSIONS
  • Permissions are keys to unlock access to
    resources.
  • Full Control permission is the master key.

6
INHERITANCE
  • Allows permissions assigned at one folder to flow
    down to subsequent files and folders
  • Can be overridden by explicit permission
    assignment or inheritance blocking
  • Useful in reducing the number of permission
    assignments required

7
INHERITANCE
Folder User Permissions
(Grand) Parent Folder Parent Folder 1 Child Folder 1A Child Folder 1B Parent Folder 2 Child Folder 2A Child Folder 2B Parent Folder 3 Child Folder 3A Read Write Delete Folders/Files Read Write Delete Folders/Files Read Write Delete Folders/Files Read Write Delete Folders/Files Read Write Delete Folders/Files Read Write Delete Folders/Files ???? ????? ?????? Folders/Files ???? ????? ?????? Folders/Files ???? ????? ?????? Folders/Files
8
EFFECTIVE PERMISSIONS
  • Allowed permissions are cumulative.
  • Denied permissions override allowed permissions.
  • Explicit permissions take precedence over
    inherited permissions.

9
EFFECTIVE PERMISSIONS
Folder User Permissions
(Grand) Parent Folder Parent Folder 1 Child Folder 1A (Grand) Child Child Folder 1B Deny All ???? ????? ?????? Folders/Files Read ????? ?????? Folders/Files ???? ????? ?????? Folders/Files ???? ????? ?????? Folders/Files
10
SHARING FOLDERS
  • Without shares, network clients cannot access
    folders on a server.
  • Require
  • Client for Microsoft Networks
  • File and Printer Sharing for Microsoft Networks

11
ADMINISTRATIVE SHARES
Administrative shares are hidden. Appending a
share with a creates a hidden share.
12
RESTRICTIONS ON CREATING FILE SYSTEM SHARES
  • On a domain controller
  • Administrators, Server Operators, Enterprise
    Admins, Domain Admins groups
  • On a domain member server or workstation
  • Administrators, Server Operators, Power Users
    groups
  • On a workgroup or standalone computer
  • Administrators or Power Users groups

13
CREATING A FILE SYSTEM SHARE USING WINDOWS
EXPLORER
  • Lab
  • Create Share Folder
  • Create C\ShareMe folder
  • Right-click C\ShareMe
  • Select Share this folder

14
SHARING A VOLUME USING WINDOWS EXPLORER
  • Lab
  • Create Share for root
  • Start Windows Explorer
  • Select C\ root
  • Right-click C\ root
  • Select Sharing tab
  • Click New Share

15
CREATING A FILE SYSTEM SHARE USING THE SHARED
FOLDERS SNAP-IN
  • Lab
  • Create Share using MMC
  • Start Computer Management Console
  • Select Shared Folders
  • Select Shares
  • Right-click
  • Click New Shares

16
CREATING A FILE SYSTEM SHARE USING NET.EXE
  • Allows shares to be created from a command line
  • Lets you configure permissions during creation
  • Lets you configure offline settings for the share

17
MANAGING SHARED FOLDERS
  • Lab
  • Share properties
  • Select ShareMe
  • Right-click
  • Properties

18
CONTROLLING OFFLINE STORAGE
  • Lab
  • Offline Caching
  • Select ShareMe
  • Right-Click
  • Caching

19
PUBLISHING FILE SYSTEM SHARES IN ACTIVE DIRECTORY
20
MANAGING SHARE PERMISSIONS
21
USING SHARE PERMISSIONS
  • Limited scope Can be applied only to folders
    and only when connecting to the share.
  • Lack of flexibility Permissions applied to the
    share apply to all levels below.
  • No replication Share permissions are not
    replicated.
  • No resiliency Share permissions cannot be
    backed up or restored.

22
USING SHARE PERMISSIONS (continued)
  • Fragility Shares (and therefore share
    permissions) are lost when a folder is moved or
    renamed.
  • No auditing Share permissions do not facilitate
    auditing.

23
SHARE PERMISSION DEFAULTS
  • When a new share is created, the following
    permissions are granted
  • Everyone special identity Read
  • Administrators Full Control

24
CREATING A FILE SYSTEM SHARING STRATEGY
  • Create logically named shares.
  • Use nesting where necessary to reduce users need
    to navigate the directory structure.
  • Share removable drives from the root to keep the
    share available when media are removed and
    reconnected or changed.

25
NESTING SHARES
  • A share can be created on any folder in the file
    system.
  • Multiple shares on the same folder can have
    different permissions.
  • Permissions are applied at the share entry point.

26
USING NTFS PERMISSIONS
  • Scope NTFS permissions apply no matter how the
    file is accessed.
  • Flexibility Wide range of permissions allows
    assignments to be tailored.
  • Replication NTFS permissions are included when
    a file is replicated.
  • Resilience NTFS permissions are retained when
    objects are backed up.
  • Less fragile NTFS permissions are not lost if a
    file is moved or renamed.
  • Auditing NTFS permissions support auditing.

27
MANAGING STANDARD PERMISSIONS
28
USING ADVANCED SECURITY SETTINGS
29
MANAGING SPECIAL PERMISSIONS
30
VIEWING EFFECTIVE PERMISSIONS
31
RESOURCE OWNERSHIP
  • Each file and folder is assigned an owner.
  • Ownership of a file makes the security principle
    a member of the Creator/Owner special identity.
  • Files that are owned go toward disk quota
    calculations.

32
ADMINISTERING IIS
  • Web server platform included with all editions of
    Windows Server 2003.
  • Version 6 has improved security over previous
    versions.
  • Allows files to be published through a browser
    interface.
  • Supports HTTP and FTP.

33
INSTALLING IIS
  • Not installed during operating system
    installation
  • Installed through the Windows Components Wizard
    (select Add Or Remove Programs in Control Panel,
    and click Add/Remove Windows Components) or
    through the Manage Your Server wizard

34
MANAGING AN IIS WEB SITE
35
  • USING THE WEB SITE TAB

36
USING THE HOME DIRECTORY TAB
37
USING THE DOCUMENTS TAB
38
USING THE PERFORMANCE TAB
39
CREATING VIRTUAL DIRECTORIES
  • Allows you to include a folder from anywhere on
    the network in your Web site
  • Appears to the Web site user as if it is a
    sub-directory of the main Web site folder
  • Allows management of Web content to be
    distributed between departments.

40
CONFIGURING IIS SECURITY
41
CONFIGURING IIS AUTHENTICATION
42
CONFIGURING IP ADDRESS AND DOMAIN NAME
RESTRICTIONS
43
CONFIGURING SECURE COMMUNICATIONS
44
SUMMARY
  • Windows Server 2003 controls access to resources
    using a number of mechanisms, including share
    permissions and NTFS permissions.
  • Every object protected by permissions has an ACL,
    which is a list of ACEs assigned to that object.
    Each ACE contains a security principal and
    indicates the level of access they are permitted
    or denied to the object.
  • File system shares enable network users to access
    files and folders on other computers.

45
SUMMARY (continued)
  • Share permissions provide basic protection for
    file system shares, but they lack the granularity
    and flexibility of NTFS permissions.
  • NTFS permissions can be allowed or denied, and
    explicit or inherited. A Deny permission takes
    precedence over an Allow permission, and an
    explicit permission takes precedence over an
    inherited permission.

46
SUMMARY (continued)
  • Access granted by NTFS permissions can be
    restricted by share permissions and other
    factors, such as IIS permissions on Web sites.
  • Whenever two permission types are assigned to a
    resource, you must evaluate each set of
    permissions and then determine which of the two
    is more restrictive.
  • Every NTFS file and folder has an owner. The
    owner of a file or folder is always permitted to
    modify the file or folders ACL.

47
SUMMARY (continued)
  • Any user with the Allow Take Ownership permission
    or the Take Ownership Of Files Or Other Objects
    user right can take ownership of an object.
  • IIS is a Windows Server 2003 application that
    allows you to share files and folders using Web
    and FTP server services.
About PowerShow.com