380 likes | 554 Views
Module 4: Managing Access to Resources. Overview. Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and Folders Using NTFS Permissions Determining Effective Permissions Managing Access to Shared Files Using Offline Caching.
E N D
Overview • Overview of Managing Access to Resources • Managing Access to Shared Folders • Managing Access to Files and Folders Using NTFS Permissions • Determining Effective Permissions • Managing Access to Shared Files Using Offline Caching
Lesson: Overview of Managing Access to Resources • Multimedia: Access Control in Microsoft Windows Server 2003 • What Are Permissions? • What Are Standard and Special Permissions? • Practice: Examining NTFS Permissions • Multimedia: Permission States
Multimedia: Access Control in Microsoft Windows Server 2003 • This presentation explains how Active Directory uses security principals and identifiers to provide access to objects • Important point to watch for: If you delete a security principle and then create it again with the same name, what is the effect on the permissions?
What Are Permissions? • Permissions define the type of access granted to a user, group, or computer for an object • You apply permissions to objects such as files, folders, and printers • You assign permissions to users and groups in Active Directory or on a local computer
What Are Standard and Special Permissions? Standard Permissions Special Permissions
Practice: Examining NTFS Permissions In this practice, you will: • Examine the NTFS default permissions on system folders • Examine the NTFS default permissions on a newly created folder
Multimedia: Permission States In this activity, you will learn the differences between the permission states and then test your knowledge
Lesson: Managing Access to Shared Folders • What Are Shared Folders? • What Are Administrative Shared Folders? • Tools to Create and Manage Shared Folders • Shared Folder Permissions • Methods to Connect to Shared Folders • What Are Published Shared Folders? • How Published Shared Folders Are Used • Best Practices For Using Shared Folders • Practice: Managing Access to Shared Folders
What Are Shared Folders? • Shared folders show an icon of a hand holding the folder • You can share only folders, not files • Default permission on shared folders is Everyone, Read • When you copy or move a shared folder, the folder is no longer shared • To hide a shared folder, include a $ after the name of the shared folder • Users access hidden shares by typing the UNC path
Tools to Create and Manage Shared Folders Who can create shared folders? • On Windows Server 2003 domain controllers • Administrators group • Server Operators group • On Windows Server 2003 member or stand-alone servers • Administrators group • Power Users group Tools used to create and manage shared folders • Computer Management • Window Explorer or My Computer • The Net Share command
What Are Published Shared Folders? • A published shared folder: • Is a shared folder object in Active Directory • Can maintain static friendly names • Clients: • Can search Active Directory for published shared folders • Do not need to know the name of the server to connect to a shared folder • Can search by using keywords if they do not know the exact name of the share
How Published Shared Folders Are Used • Administrators can use Active Directory Users and Computers to find shared folders • Windows XP Professional clients can search Active Directory from My Network Places
Best Practices for Using Shared Folders • Use the Authenticated Users group instead of Everyone • Share folders with the appropriate level of permission • Use groups to grant access rather than individual users • Publish shared folders in larger environments
Practice: Managing Access to Shared Folders In this practice, you will: • Connect to an administrative share • Create a shared folder and grant permissions • Publish a shared folder and create keywords • Map a drive letter to the shared folder and test permissions
Lesson: Managing Access to Files and Folders Using NTFS Permissions • What Is NTFS? • NTFS File and Folder Permissions • What Is NTFS Permissions Inheritance? • Effects on NTFS Permissions When Copying and Moving Files and Folders • Best Practices for Managing Access to Files and Folders Using NTFS Permissions • Practice: Managing Access to Files and Folders Using NTFS Permissions
What Is NTFS? NTFS is a file system that provides: • Reliability • Security at the file level and folder level • Improved management of storage growth • Multiple user permissions
NTFS File and Folder Permissions File permissions Folder permissions • Full Control • Modify • Read & Execute • Write • Read • Full Control • Modify • Read & Execute • Write • Read • List Folder Contents
What Is NTFS Permissions Inheritance? Inherit permissions FolderA Read / Write FolderB Access to FolderB Prevent inheritance FolderA Read / Write FolderB FolderC No access to FolderB
Effects on NTFS Permissions When Copying and Moving Files and Folders Copy Copy or Move NTFS Partition C:\ NTFS Partition E:\ Move NTFS Partition D:\ • When you copy files and folders, they inherit the permissions of the destination folder • When you move files and folders within the same partition, they retain their permissions • When you move files and folders to a different partition, they inherit the permissions of the destination folder
Best Practices for Managing Access to Files and Folders Using NTFS Permissions • Grant permissions to domain local groups instead of to users • Group resources to simplify administration • Allow users only the level of access that they require • Grant Read & Execute permission for application folders
Practice: Managing Access to Files and Folders Using NTFS Permissions In this practice, you will: • Examine and configure NTFS permissions • Block NTFS permission inheritance and set permissions • Test NTFS permissions • Test the effects of copying and moving files or folders
Lesson: Determining Effective Permissions • What Are Effective Permissions on NTFS Files and Folders? • Class Discussion: Applying NTFS Permissions • Effects of Combined Shared Folder and NTFS Permissions • Class Discussion: Determining Effective NTFS and Shared Folder Permissions • Practice: Determining Effective NTFS and Shared Folder Permissions
What Are Effective Permissions on NTFS Files and Folders? • NTFS permissions are cumulative • File permissions override folder permissions • Deny overrides all permissions • Creators of files and folders are their owners
Class Discussion: Applying NTFS Permissions NTFS Partition Folder1 File1 Folder2 File2 • Users groupWrite for Folder1 • Sales group Read for Folder1 1 Users Group • Users groupRead for Folder1 • Sales groupWrite for Folder2 2 User1 • Users groupModify for Folder1 • File2 should only be accessible to Sales group with Read permission 3 Sales Group
Effects of Combined Shared Folder and NTFS Permissions Public Full Control NTFS Volume Users Read File1 Change File2
Class Discussion: Determining Effective NTFS and Shared Folder Permissions NTFS Volume NTFS Volume 1 2 Users Group Sales Group FC FC FC R FC FC Users Data User1 Sales User1 Sales Group User2 HR User2 User3 Pubs User3 Class discussion: • Determine effective NTFS permissions • Determine shared folder permissions
Practice: Determining Effective NTFS and Shared Folder Permissions In this practice, you will: • Share the Legal folder • Determine the effective NTFS permissions • Determine the effective combined permissions
Lesson: Managing Access to Shared Files Using Offline Caching • What Is Offline Files? • How Offline Files Are Synchronized • Offline File Caching Options • Practice: Using Offline Caching
What Is Offline Files? • Offline Files is a document-management feature that provides the user with consistent online and offline access to files • Advantages of using Offline Files: • Support for mobile users • Automatic synchronization • Performance advantages • Backup advantages
How Offline Files Are Synchronized • Disconnected from the network • Files are synchronized at logoff. The user works with the locally cached copy • Logged on to the network • Files are synchronized at logon. The user works with the network version of the files • If a file has been modified in both locations • The user must choose which version of the file to keep or to rename one file and keep both versions
Practice: Using Offline Caching In this practice, you will: • Manually cache a document in the Legal shared folder • Set synchronization options
Lab: Managing Access to Resources In this lab, you will: • Create and share folders • Configure NTFS security • Publish shared folders • Test permissions • Configure automatic caching