300 likes | 473 Views
Goals. Understand File Allocation Table (FAT) Understand NTFS Compress and encrypt data on an NTFS Volume Assign shared folder permissions Set NTFS permissions Set special access permissions Troubleshoot permissions Understand Distributed File System Manage a Dfs Root. (Skill 1).
E N D
Goals • Understand File Allocation Table (FAT) • Understand NTFS • Compress and encrypt data on an NTFS Volume • Assign shared folder permissions • Set NTFS permissions • Set special access permissions • Troubleshoot permissions • Understand Distributed File System • Manage a Dfs Root
(Skill 1) Introducing File Allocation Table (FAT) • An older file system that can be read and accessed by most operating systems such as DOS, Windows 3.x, Windows 9.x, Windows NT, Windows 2000, Windows XP, and Windows Server 2003 • FAT allocates storage space to files by setting up allocation units on a hard disk • An allocation unit, also known as a cluster, is the smallest unit for allocating storage space on a partition or volume • Sectors are the basic units of the physical drive and are the smallest units that can be used to transfer data to and from the disk
(Skill 1) Figure 5-1 FAT file system
(Skill 1) Introducing File Allocation Table (FAT) (2) • Two primary versions • FAT16 file system • Supports partitions of up to 4 GB in size • Only Windows NT, Windows 2000, Windows XP, and Windows Server 2003 support FAT16 partitions larger than 2 GB • Is efficient on small-sized partitions of up to 256 MB • Supports dual booting by all Microsoft operating systems • Provides only folder-level security • FAT32 • Similar to FAT16 • It supports large-sized partitions of up to 2 TB (2047 GB)
(Skill 1) Figure 5-2 The FAT file system
(Skill 2) Introducing NTFS Reliability • NTFS is a recoverable file system • Volumes can be created that do not result in data loss in the event of a server crash or power failure Security • You can secure data by setting up permissions to control user access to files and folders Long file names • NTFS natively allows file names to be up to 256 characters in length Efficiency • NTFS is required in order to use certain features, such as Active Directory, which stores and manages network resources efficiently Faster access • NTFS minimizes the number of disk accesses required to find a file, which increases access speed
(Skill 3) Compressing and Encrypting Data on an NTFS Volume Data compression • Built-in feature that increases available storage on a hard disk • In NTFS volumes, you can compress only specific files and folders or the entire volume • When you add a new file or folder to a compressed folder, it is compressed automatically • You cannot compress an encrypted file Data encryption • A security technique that attempts to ensure the confidentiality of a document by scrambling it using an encryption key • You cannot encrypt a compressed file
(Skill 3) Figure 5-3 Creating a new folder
(Skill 3) Click to open the Advanced Attributes dialog box Figure 5-4 The Properties dialog box
(Skill 3) Figure 5-5 Advanced Attributes dialog box with compression enabled
(Skill 3) Figure 5-6 Confirm Attribute Changes dialog box
(Skill 3) Figure 5-7 Advanced Attributes dialog box with encryption enabled
(Skill 4) Assigning Shared Folder Permissions • Read permissions • View file and folder names • Execute program files • Navigate within the shared folder • Change permissions • Add files to the shared folder • Create new folders within the shared folder • Modify the content and attributes of the files • Delete files and folders • Execute all of the tasks included in the Read permission • Full Control permissions • Modify file permissions • Take file ownership • Perform all of the tasks allowed by the Change permission
(Skill 4) Figure 5-8 Sharing a folder
(Skill 4) Figure 5-9 Adding a user account
(Skill 4) Figure 5-10 Assigning shared folder permissions
(Skill 5) Setting NTFS Permissions • NTFS permissions • Restrict unauthorized access to files and folders • Secure network resources by controlling the level of access for each user • Standard NTFS folder permissions • Read • Write • List Folder Contents • Read & Execute • Modify • Full Control
(Skill 5) Setting NTFS Permissions (2) • Standard NTFS file permissions include: • Read • Write • Read & Execute • Modify • Full Control
(Skill 5) Setting NTFS Permissions (3) • When you apply permissions to a drive or folder, you are also applying those permissions to all files and folders underneath it, by default • Guidelines for assigning NTFS permissions • Create folders to organize data into categories • Assign users the lowest level of permissions required for them to perform their jobs • Assign the Read and Write permissions to the Users group • Avoid assigning the Full Control Permission for a folder • Deny permissions sparingly • Assign permissions to groups rather than to individual user accounts
(Skill 5) Figure 5-11 Advanced Security Settings dialog box
(Skill 5) Setting NTFS Permissions (4) • Other important factors • NTFS permissions can be inherited • Assign multiple NTFS permissions • NTFS file permissions override NTFS folder permissions • A denied permission overrides an allowed permission
(Skill 5) The Read & Execute, List Folder Contents, and Read NTFS permissions are assigned to user accounts by default Figure 5-12 Assigning the Write Permission
(Skill 6) Setting Special Access Permissions • Standard NTFS permissions should suffice in most cases • Special level of permissions are available • Set and view special permissions in the Advanced Security Settings for <file_name /folder_name > dialog box from within the file properties • This dialog box gives you access to all possible permissions available for a file or folder • Do not configure special permissions unless absolutely necessary because setting them may make it difficult to determine the level of access assigned to a user
(Skill 6) Figure 5-13 The Security tab in the Properties dialog box for a file or folder
(Skill 6) Figure 5-14 Jennifer Johnson’s special permissions
(Skill 6) Figure 5-15 The entry for Jennifer Johnson
(Skill 6) Figure 5-16 Giving Jennifer the Change Permissions permission
(Skill 7) Troubleshooting Permissions • Steps to follow if a user cannot access files and folders • Verify that permissions have been assigned to the user account and check to see if there any permission denials that are overriding the assigned permissions • Check for permissions and denials assigned to groups to which the user is a member • If the resource is remote, check both shared folder and NTFS permissions • Make sure the access token has been updated • Use the Effective Permissions tab on the Advanced Security Settings for <file_name/folder_name > dialog box • Query the file system and group memberships for a user to determine the effective permissions the user has • Take all of the user’s group memberships into account
(Skill 7) Figure 5-17 The Effective Permissions tab
(Skill 7) Figure 5-18 Jennifer Johnson’s effective permissions