1 / 37

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access. Objectives. Identify and understand the differences between the various file systems supported in Windows Server 2003 Create and manage shared folders

brasen
Download Presentation

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 EnvironmentChapter 5: Managing File Access

  2. Objectives • Identify and understand the differences between the various file systems supported in Windows Server 2003 • Create and manage shared folders • Understand and configure the shared folder permissions available in Windows Server 2003 • Understand and configure the NTFS permissions available in Windows Server 2003 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  3. Objectives (continued) • Determine the impact of combining shared folder and NTFS permissions • Convert partitions and volumes from FAT to NTFS 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  4. Windows Server 2003 File Systems • Three main file systems • File Allocation Table (FAT) • FAT32 • NTFS • Final choice of file system depends on • How system will be used • Whether there are multiple operating systems • Security requirements • NTFS is most highly recommended 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  5. FAT • Used by MS-DOS • Supported by all versions of Windows since • Traditionally limited to partitions up to 2 GB • Windows Server 2003 version supports partitions up to 4 GB • Limitations • Small partition sizes • No file system security features • Disk space usage is poor 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  6. FAT32 • A derivative of the FAT file system • Supports partition sizes up to 2 TB • Still does not provide advanced security features • Cannot configure permissions on file and folder resources 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  7. NTFS • Introduced with Windows NT operating system • Current version (version 5) • Windows NT 4.0 • Windows 2000 • Windows XP • Windows Server 2003 • Theoretically supports partition sizes of up to 16 Exabytes (EB) • Practically supports maximum partition sizes from 2 TB to 16 TB 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  8. NTFS (continued) • Advantages of NTFS • Greater scalability and performance on larger partitions • Support for Active Directory on systems configured as domain controllers • Ability to configure security permissions on individual files and folders • Built-in support for compression and encryption • Ability to configure disk quotas for individual users • Support for Remote Storage • Recovery logging of disk activities 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  9. Creating and Managing Shared Folders • Shared folder • A data resource made available over a network to authorized network clients • Specific permissions required for creating, reading, modifying • Groups that can create shared folders: • Administrators • Server Operators • Power Users (only on member servers) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  10. Creating and Managing Shared Folders (continued) • Several ways to create shared folders • Two important methods • Windows Explorer Interface • Computer Management console • Also allows shared folders to be monitored 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  11. Using Windows Explorer • Used since Windows 95 • Can create, maintain, and share folders • Folders can be on any drive connected to the computer • Folders are shared in Windows Explorer by accessing the Sharing tab of folder’s properties 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  12. Using Windows Explorer (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  13. Using Windows Explorer (continued) • Shared name of folder does not have to be the actual file name • Hand icon used to indicate shared status • Shared folders can be hidden from My Network Places and Network Neighborhood • Place dollar sign ($) after name, e.g., Salary$ • Number of hidden administrative shares created automatically at installation 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  14. Using Windows Explorer (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  15. Using Windows Explorer (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  16. Using Computer Management • Computer Management console is a pre-defined Microsoft Management Console (MMC) • Allows you to share and monitor folders for local and remote computers • Allows you to stop sharing if desired 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  17. Using Computer Management (continued) • Share a Folder Wizard • Used to create folders in Shared Folders section of Computer Management • Used to provide preconfigured or manual permissions • All users have read-only access • Administrators have full access; others have read-only access • Administrators have full access; others have read and write access • Custom share and folder permissions 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  18. Monitoring Access to Shared Folders • Monitoring involves • Who is using shared files • What shared files are open at any given time • Other functions • Disconnect users from a share • Send network alert messages • Primary monitoring tool is Computer Management 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  19. Monitoring Access to Shared Folders (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  20. Managing Shared Folder Permissions • A shared folder has a discretionary access control list (DACL) • Contains a list of user or group references that have been allowed or denied permissions • Each reference is an access control entry (ACE) • Accessed from Permissions button on Sharing tab of folder’s properties • Permissions only apply to network users, not those logged on directly to local machine 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  21. Managing Shared Folder Permissions (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  22. Managing Shared Folder Permissions (continued) • To deny access to a user or group • Windows Server 2003 does not include No Access share permission • Must explicitly deny access to each individually • Default permission is read access for Everyone group • Should be immediately addressed when a share is created • Folder permissions are inherited by all contained objects 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  23. NTFS Permissions • Resources located on an NTFS partition or volume can be given NTFS permissions • An administrator must • Know how permissions are applied • Standard and special NTFS permissions available • How effective permissions are determined 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  24. NTFS Permission Concepts • NTFS permissions are configured via the Security tab • NTFS permissions are cumulative • Access denial always overrides permitted access • NTFS folder permissions are inherited unless otherwise specified • NTFS permissions can be set at file or folder level 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  25. NTFS Permission Concepts (continued) • A new ACE has default permission • Read and Read and Execute for files • List Folder Contents for folders • Windows Server 2003 has set of standard permissions plus special permissions 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  26. NTFS Permission Concepts (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  27. Special NTFS Permissions • Can provide more or less access than standard permissions • Special permissions accessed from Advanced button in the Security tab on Properties dialog box for resource • Permission Entry dialog box enables assignment of permissions and control of inheritance settings 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  28. Special NTFS Permissions (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  29. Special NTFS Permissions (continued) • Inheritance settings • This folder only • This folder, subfolders, and files (default) • This folder and subfolders • This folder and files • Subfolders and files only • Subfolders only • Files only 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  30. Special NTFS Permissions (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  31. Special NTFS Permissions (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  32. Determining Effective Permissions • Permissions that actually apply to a user can be the result of membership in multiple groups • Prior to Windows Server 2003, determining effective permissions was done manually • In Windows Server 2003, there is an Effective Permissions tab in Advanced Security Settings dialog box for resource • Shows specific permissions for a user or group 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  33. Determining Effective Permissions (continued) 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  34. Combining Shared Folder and NTFS Permissions • NTFS permissions can be combined with share permissions • When accessing a share across a network, if both apply, use most restrictive • When accessing a file locally, only NTFS permissions apply 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  35. Converting a FAT Partition to NTFS • For highest security, partitions and volumes should be configured to use NTFS • Command-line utility, CONVERT, will convert FAT or FAT32 partitions and volumes to NTFS • All existing files and folders are retained • CONVERT cannot convert NTFS to FAT or FAT32 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  36. Summary • Windows Server 2003 supports 3 file systems • FAT • FAT32 • NTFS (preferred) • Two types of permissions • Shared folder (network only) • Tools are Windows Explorer, Computer Management, and NET SHARE command • NTFS (local and network) • NTFS partitions only 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

  37. Summary (continued) • Permissions • Shared folders, 3 standard permissions • NTFS, 6 standard and 14 special permissions • Permissions are cumulative • Effective permissions can be determined from Advanced Security Settings of a resource • Shared folder and NTFS permissions can be combined • CONVERT utility can convert a FAT or FAT32 partition to the NTFS file system 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

More Related