1 / 15

Chapter 5 – Managing File Access

Chapter 5 – Managing File Access. MIS 431 Created Spring 2006. Permissions!!. The main reason for implementing a network is to allow users to access shared resources. Resources such as files, folders, and printers are secured in WS03 via use of permissions.

Olivia
Télécharger la présentation

Chapter 5 – Managing File Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 5 – Managing File Access MIS 431 Created Spring 2006 MIS 431 - Chapter 5

  2. Permissions!! • The main reason for implementing a network is to allow users to access shared resources. • Resources such as files, folders, and printers are secured in WS03 via use of permissions. • WS03 handles both FAT and NTFS volumes, but NTFS is assumed – a richer permission environment. MIS 431 - Chapter 5

  3. WS03 File Systems • FAT – up to 4 GB; limitations are small partition size and no file security features • FAT32 – up to 2 TB partitions but no file security features • NTFS – version 5 in WS03 • Supports up to 16 TB (terabytes) • Greater scalability over FAT and better performance • Support for WS03 AD – DC must have an NTFS partition • Built-in encryption and compression • Configure disk quotas for users • Support for remote storage and removable media • Recovery logging of disk activities for faster recovery after a failure MIS 431 - Chapter 5

  4. Creating & Managing Shared Folders • A shared folder is a data resource that is made available over network to auth. Users • Users must have proper rights to create a shared folder • Be in the Administrators or Server Operators groups • Be in the Power Users group on WS03 servers that are not domain controllers MIS 431 - Chapter 5

  5. To Create a Shared Folder • Using Windows Explorer (Activity 5-1) • Rt click on folder and click Sharing Tab - see figure 5-2 on p. 185 • Choose Share this folder, give share name, and specify Permissions • Folder has shared icon (hand underneath) • Administrative share name: Admin$ • Has dollar sign at end and is hidden • Only Administrators can see and access root of the drive with C$ or D$ MIS 431 - Chapter 5

  6. To Create a Shared Folder, contd. • Using Computer Management (Act. 5-2) MMC • Use the Share a Folder Wizard in Shared Folders section: expand and click Shares • The wizard also lets you configure permissions • All users have read-only access (Everyone group has Read permission) • Administrators have full access; others read-only • Administrators have full access; others read and write • Custom share permissions – Allows both share and NTFS permissions to be defined manually by group and/or user • Using net share command from command line. MIS 431 - Chapter 5

  7. Monitoring Access to Shared Folders • Keep track of the number of users connected to specific resources • Use Computer Management MMC – examine Sessions and Open Files lines • Can Rt-click Computer Management (Local) and choose Connect to manage a different server in the domain. • Can disconnect a user or open file connection: rt-click the entry in the Details pane and choose Close Open File or Close Session – takes place immediately. MIS 431 - Chapter 5

  8. Shared Folder Permissions • DACL – discretionary access control list • Part of the security descriptor with list of users that have been • Allowed access to that resource • Disallowed access to that resource • Applies to network only, not users logged in locally to that computer MIS 431 - Chapter 5

  9. More WS03 Permissions… • Permissions in WS03 • Read – browse file and folder names, read contents, execute programs • Change – same as Read plus ability to add or delete files in the folder; also can read and edit contents of existing files • FullControl – same as Read and Change plus ability to change permissions for the folder MIS 431 - Chapter 5

  10. Implementing WS03 Permissions • See Act. 5-3 • Click Sharing tab and then Permissions button • Within Group or user names list box • Click Add • Enter a group name or a user name, click OK • In Allow column, select Full, Change, or Read • In Deny column, select Full, Change, or Read • DENY trumps Allow: don’t deny and allow same thing! MIS 431 - Chapter 5

  11. NTFS Permissions • These add to the WS03 permissions and give finer control • NTFS Permission Concepts: • Configure with Security tab • Permissions are cumulative: they add based on individual and group permissions • Denied permissions always override • Folder permissions are inherited by child folders and files unless otherwise specified • Can be set at a file level as well as folder level • Default is Read; Read & Execute; List Folder Contents MIS 431 - Chapter 5

  12. Standard NTFS (Fig 5-12 p. 198) • Full Control – make any changes • Modify – Full except permission to delete subfolders and files, change permissions, or take ownership • Read & Execute – Can traverse folders, list folders, read attributes & permissions; inherited by folders and files • List Folder Contents – Same as Read & Execute but inherited only by folders • Read – Same as Read & Execute except without permission to traverse folders • Write – Create files and folders, write attributes, read permissions, synchronize • Special – can choose custom combination (see Table 5-3) • See Activity 5-5 MIS 431 - Chapter 5

  13. Determine Effective Permissions • Much better technique in WS03 • Rt-click a folder • Click Effective Permissions tab in Advanced Security Settings dialog box (Act. 5-6) • Select a user or group, and read the effective permissions for that folder by that user/group MIS 431 - Chapter 5

  14. Combining Shared Folder and NTFS Permissions (Act. 5-7) • When combining WS03 and NTFS: • When a user access a share across the network, the permissions combine • Most restrictive of the two becomes the effective permission • When a user accesses a file locally, only NTFS permissions apply. MIS 431 - Chapter 5

  15. Convert FAT Partition to NTFS • Use command line utility called CONVERT to convert a FAT or FAT32 partition to NTFS 5. • In Activity 5-8, you will use Disk Management to create a new partition • Requires that you have space available. • Specify FAT32 for this partition and size • Give name and drive letter (in this case, F:) • Then create a folder and examine properties • Do Start | Run | Convert f:/fs:ntfs MIS 431 - Chapter 5

More Related