1 / 35

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System. Chapter 11: Managing Access to File System Resources. Objectives. Understand the basic Windows XP security model Understand the characteristics of the Windows XP file systems Manage NTFS permissions

lynley
Télécharger la présentation

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources

  2. Objectives • Understand the basic Windows XP security model • Understand the characteristics of the Windows XP file systems • Manage NTFS permissions • Use file compression • Use file encryption Guide to MCDST 70-271

  3. Objectives (continued) • Manage simple and classic file sharing • Manage shared folders • Troubleshoot resource access problems • Understand security auditing Guide to MCDST 70-271

  4. The Windows XP Security Model • Windows XP Professional • Can establish local security when used as a standalone system or in a workgroup • Can participate in domain security • Access token • Includes information about: • User’s identity • Permissions • List of groups to which user belongs Guide to MCDST 70-271

  5. The Windows XP Security Model (continued) • Access control list (ACL) • Contains a list of permissions associated with a resource • Domain controller • Authenticates domain logons • Maintains the security policies and the account database for a domain Guide to MCDST 70-271

  6. The Windows XP Security Model (continued) • All objects are logically subdivided into three parts • A type identifier • A list of services or functions • A list of named attributes that may or may not have associated data items, called values Guide to MCDST 70-271

  7. File Systems • Windows XP supports • The File Allocation Table (FAT, also called FAT16) • FAT32 file systems • The New Technology File System (NTFS) • File-level security, encryption, compression, auditing, and more Guide to MCDST 70-271

  8. FAT and FAT32 • Important features of FAT • Supports volumes up to 4 GB in size • Most efficient on volumes smaller than 256 MB • A root directory that can contain only 512 entries • Has no file-level compression • Has no file-level security • A maximum file size of 2 GB Guide to MCDST 70-271

  9. NTFS • Important features • Supports volumes up to 2 TB in size • Is most efficient on volumes larger than 10 MB • Has a root directory that can contain unlimited entries • Has file-level compression • Has file-level security • Has file-level encryption Guide to MCDST 70-271

  10. Converting File Systems • FAT and FAT32 volumes on a system • Can be migrated to the NTFS format without losing data • To convert an NTFS volume to FAT or FAT32, you must: • Back up your data • Reformat the volume • Restore your data Guide to MCDST 70-271

  11. Managing NTFS Permissions • NTFS • The only file system supported by Windows XP that offers file-level security • File and folder permissions are nearly identical • NTFS file and folder permissions • Read • Write (folders) • Write (files) Guide to MCDST 70-271

  12. Managing NTFS Permissions (continued) • NTFS file and folder permissions (continued) • List Folder Contents (folders only) • Read & Execute (folders) • Read & Execute (files) • Modify (folders) • Modify (files) • Full Control (folders) • Full Control (files) • Special Permissions Guide to MCDST 70-271

  13. Managing NTFS Permissions (continued) Guide to MCDST 70-271

  14. Managing NTFS Permissions (continued) Guide to MCDST 70-271

  15. Managing NTFS Permissions (continued) Guide to MCDST 70-271

  16. Rules for Working with NTFS Permissions • NTFS object permissions alwaysapply • NTFS object permissions are cumulative • NTFS file permissions override any contradictory settings on the parent or container folder • Deny overrides all other specific Allows Guide to MCDST 70-271

  17. Rules for Working with NTFS Permissions (continued) • When disabling inheritance for an NTFS object, select to: • Copy the parent object’s permissions to the current object • Remove permissions assigned from the parent and retain only object-specific settings Guide to MCDST 70-271

  18. Inheritance of Permissions • Situations in which inheritance comes into play • Moving an object within the same volume or partition • Copying an object within the same volume or partition • Moving an object from one volume or partition to another • Copying an object from one volume or partition to another Guide to MCDST 70-271

  19. File Compression • The ability to compress data on the basis of single files, folders, or entire volumes • Offers the benefit of being able to store more data in the same space, but performance suffers • Configuring and managing file compression • Involves enabling or disabling the file compression attribute on one or more files or folders Guide to MCDST 70-271

  20. File Compression (continued) Guide to MCDST 70-271

  21. Encrypting File System • Allows you to encrypt data stored on an NTFS drive • Uses a public and private key encryption method • Does not function without a Recovery Agent • Windows XP automatically designates the local Administrator as the Recovery Agent Guide to MCDST 70-271

  22. Encrypting File System (continued) • Primary benefit • If your computer is either physically accessed or stolen, the data is protected • Primary drawback • The increased processing power required to encrypt all writes and decrypt all reads on the fly Guide to MCDST 70-271

  23. Encrypting File System (continued) • Each generation of operating systems uses a different default cryptography algorithm for EFS • Windows 2000 EFS uses DESX • Windows XP Professional EFS uses 3DES • Windows Server 2003 and Windows XP Professional with Service Pack 1 EFS use: • AES by default • Support 3DES and DESX Guide to MCDST 70-271

  24. Simple File Sharing • Used when quick and easy file sharing is needed from a Windows XP Professional system • Offers a limited range of configuration options for shared resources • Effective only when Windows XP is a member of a workgroup Guide to MCDST 70-271

  25. Managing Shared Folders • The Sharing tab, found on both FAT/FAT32 and NTFS folder Properties dialog boxes, offers the following controls: • Do not share this folder • Share this folder • Share name • Share name • User limit • Permissions Guide to MCDST 70-271

  26. Managing Shared Folders (continued) • Issues when working with shares • Permission levels are the only way to impose security on shared FAT volumes • Shares are folders, not individual files • Share permissions apply only to the network access point where the folder resides • Default permission for a new share is Full Control for the Everyone group Guide to MCDST 70-271

  27. Managing Shared Folders (continued) • Issues when working with shares • Multiple share permission levels caused by group memberships are cumulative • Deny always overrides any other specifics allowed • The most restrictive permissions of cumulative share or cumulative NTFS apply • Share permissions only restrict access for network users, not local users Guide to MCDST 70-271

  28. Troubleshooting Access and Permission Problems • To resolve permission or access problems: • Determine what valid access the user should have • Inspect the resource object’s permissions based on: • Groups and the specific user • What actions are set to Allow or Deny • Inspect the share’s permissions based on: • Groups and the specific user • What actions are set to Allow or Deny Guide to MCDST 70-271

  29. Troubleshooting Access and Permission Problems (continued) • To resolve permission or access problems (continued): • Inspect the user’s group memberships • Attempt to access other resources with the user account from the same computer and a different computer • Attempt to access the problematic resource with the Administrator account from the same computer and a different computer Guide to MCDST 70-271

  30. Troubleshooting Access and Permission Problems (continued) • Guidelines when designing permission levels • Grant permission only as needed • Rely upon NTFS to restrict access • Grant Full Control only when necessary, even on shares • Change permissions on a folder level; allow changes to affect all child elements Guide to MCDST 70-271

  31. Auditing for Security • Auditing • The security process that records the occurrence of specific operating system events • Events • Significant occurrences in the system that require users to be notified or a log entry to be added • Can provide valuable information about: • Security breaches • Resource activity • User adeptness Guide to MCDST 70-271

  32. Auditing for Security (continued) Guide to MCDST 70-271

  33. Auditing for Security (continued) Guide to MCDST 70-271

  34. Summary • Windows XP • Can participate as a client in workgroup and domain networks • Supports FAT/FAT32 and NTFS file systems • Local and network access to NTFS-hosted resources • Controlled through the use of permissions • Compression • Reduces the amount of drive space that some files consume Guide to MCDST 70-271

  35. Summary (continued) • File encryption • Used to restrict access to files and folders to a specific user account • Sharing file resources can be done through • Simple file sharing for workgroup members or • Classic file sharing for domain members • Troubleshooting access and permissions involves verifying that users are members of the correct groups Guide to MCDST 70-271

More Related