Download
chapter 5 managing file access n.
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 5 – Managing File Access PowerPoint Presentation
Download Presentation
Chapter 5 – Managing File Access

Chapter 5 – Managing File Access

258 Vues Download Presentation
Télécharger la présentation

Chapter 5 – Managing File Access

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Chapter 5 – Managing File Access MIS 431 Created Spring 2006 MIS 431 - Chapter 5

  2. Permissions!! • The main reason for implementing a network is to allow users to access shared resources. • Resources such as files, folders, and printers are secured in WS03 via use of permissions. • WS03 handles both FAT and NTFS volumes, but NTFS is assumed – a richer permission environment. MIS 431 - Chapter 5

  3. WS03 File Systems • FAT – up to 4 GB; limitations are small partition size and no file security features • FAT32 – up to 2 TB partitions but no file security features • NTFS – version 5 in WS03 • Supports up to 16 TB (terabytes) • Greater scalability over FAT and better performance • Support for WS03 AD – DC must have an NTFS partition • Built-in encryption and compression • Configure disk quotas for users • Support for remote storage and removable media • Recovery logging of disk activities for faster recovery after a failure MIS 431 - Chapter 5

  4. Creating & Managing Shared Folders • A shared folder is a data resource that is made available over network to auth. Users • Users must have proper rights to create a shared folder • Be in the Administrators or Server Operators groups • Be in the Power Users group on WS03 servers that are not domain controllers MIS 431 - Chapter 5

  5. To Create a Shared Folder • Using Windows Explorer (Activity 5-1) • Rt click on folder and click Sharing Tab - see figure 5-2 on p. 185 • Choose Share this folder, give share name, and specify Permissions • Folder has shared icon (hand underneath) • Administrative share name: Admin$ • Has dollar sign at end and is hidden • Only Administrators can see and access root of the drive with C$ or D$ MIS 431 - Chapter 5

  6. To Create a Shared Folder, contd. • Using Computer Management (Act. 5-2) MMC • Use the Share a Folder Wizard in Shared Folders section: expand and click Shares • The wizard also lets you configure permissions • All users have read-only access (Everyone group has Read permission) • Administrators have full access; others read-only • Administrators have full access; others read and write • Custom share permissions – Allows both share and NTFS permissions to be defined manually by group and/or user • Using net share command from command line. MIS 431 - Chapter 5

  7. Monitoring Access to Shared Folders • Keep track of the number of users connected to specific resources • Use Computer Management MMC – examine Sessions and Open Files lines • Can Rt-click Computer Management (Local) and choose Connect to manage a different server in the domain. • Can disconnect a user or open file connection: rt-click the entry in the Details pane and choose Close Open File or Close Session – takes place immediately. MIS 431 - Chapter 5

  8. Shared Folder Permissions • DACL – discretionary access control list • Part of the security descriptor with list of users that have been • Allowed access to that resource • Disallowed access to that resource • Applies to network only, not users logged in locally to that computer MIS 431 - Chapter 5

  9. More WS03 Permissions… • Permissions in WS03 • Read – browse file and folder names, read contents, execute programs • Change – same as Read plus ability to add or delete files in the folder; also can read and edit contents of existing files • FullControl – same as Read and Change plus ability to change permissions for the folder MIS 431 - Chapter 5

  10. Implementing WS03 Permissions • See Act. 5-3 • Click Sharing tab and then Permissions button • Within Group or user names list box • Click Add • Enter a group name or a user name, click OK • In Allow column, select Full, Change, or Read • In Deny column, select Full, Change, or Read • DENY trumps Allow: don’t deny and allow same thing! MIS 431 - Chapter 5

  11. NTFS Permissions • These add to the WS03 permissions and give finer control • NTFS Permission Concepts: • Configure with Security tab • Permissions are cumulative: they add based on individual and group permissions • Denied permissions always override • Folder permissions are inherited by child folders and files unless otherwise specified • Can be set at a file level as well as folder level • Default is Read; Read & Execute; List Folder Contents MIS 431 - Chapter 5

  12. Standard NTFS (Fig 5-12 p. 198) • Full Control – make any changes • Modify – Full except permission to delete subfolders and files, change permissions, or take ownership • Read & Execute – Can traverse folders, list folders, read attributes & permissions; inherited by folders and files • List Folder Contents – Same as Read & Execute but inherited only by folders • Read – Same as Read & Execute except without permission to traverse folders • Write – Create files and folders, write attributes, read permissions, synchronize • Special – can choose custom combination (see Table 5-3) • See Activity 5-5 MIS 431 - Chapter 5

  13. Determine Effective Permissions • Much better technique in WS03 • Rt-click a folder • Click Effective Permissions tab in Advanced Security Settings dialog box (Act. 5-6) • Select a user or group, and read the effective permissions for that folder by that user/group MIS 431 - Chapter 5

  14. Combining Shared Folder and NTFS Permissions (Act. 5-7) • When combining WS03 and NTFS: • When a user access a share across the network, the permissions combine • Most restrictive of the two becomes the effective permission • When a user accesses a file locally, only NTFS permissions apply. MIS 431 - Chapter 5

  15. Convert FAT Partition to NTFS • Use command line utility called CONVERT to convert a FAT or FAT32 partition to NTFS 5. • In Activity 5-8, you will use Disk Management to create a new partition • Requires that you have space available. • Specify FAT32 for this partition and size • Give name and drive letter (in this case, F:) • Then create a folder and examine properties • Do Start | Run | Convert f:/fs:ntfs MIS 431 - Chapter 5