1 / 50

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646). Chapter 5 Configuring, Managing, and Troubleshooting Resource Access. Learning Objectives. Set up security for folders and files Configure shared folders and shared folder security

lisbet
Download Presentation

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 5 Configuring, Managing, and Troubleshooting Resource Access

  2. Learning Objectives • Set up security for folders and files • Configure shared folders and shared folder security • Install and set up the Distributed File System • Configure disk quotas • Implement UNIX compatibility MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  3. Managing Folder and File Security • Steps for sharing resources • Creating accounts and groups • Create access control lists (ACLs) • Types of ACLs • Discretionary ACL (DACL) • Configured by a server administrator or owner of an object • System control ACL (SACL) • Contains information used to audit the access to an object MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  4. Managing Folder and File Security (cont’d.) • DACL and SACL controls for folders and files • Attributes • Permissions • Auditing • Ownership MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  5. Configuring Folder and File Attributes • Attributes • Stored as header information with each folder and file • Along with other characteristics including volume label, designation as a subfolder, date of creation, and time of creation • Read-only and hidden attributes • Set on General tab in an NTFS folder’s or file’s properties dialog box • Advanced attributes • Archive, index, compress, and encrypt MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  6. Configuring Folder and File Attributes (cont’d.) Figure 5-1 Attributes of a folder on an NTFS formatted disk Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  7. Configuring Folder and File Attributes (cont’d.) • Archive attribute • Checked to indicate that the folder or file needs to be backed up because it is new or changed • Index Attribute vs. Windows Search Service • Index attribute and accompanying Indexing Service are legacy features for continuity with earlier operating systems MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  8. Configuring Folder and File Attributes (cont’d.) • Windows Search Service • Install the File Services role via Server Manager • Indexed files include: • Files in the Documents folder for an account • e-mail files • Photos and multimedia files • Files that are commonly accessed • Maintain Windows Search Service through Control Panel MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  9. Configuring Folder and File Attributes (cont’d.) Figure 5-3 Configuring advanced indexing options Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  10. Configuring Folder and File Attributes (cont’d.) • Compress Attribute • Reduce the amount of disk space used for files • Disadvantage of compressed files is increased CPU overhead to open the files and to copy them • Encrypt Attribute • Only user who encrypts folder or file is able to read it MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  11. Configuring Folder and File Attributes (cont’d.) • Microsoft Encrypting File System (EFS) • Sets up a unique, private encryption key associated with the user account that encrypted the folder or file • Uses both symmetric and asymmetric encryption techniques • Activity 5-1: Encrypting Files • Objective: Encrypt files in a folder MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  12. Configuring Folder and File Permissions • Permissions • Control access to an object, such as a folder or file • Use Edit button on the folder properties Security tab • Change which groups and users have permissions to a folder Figure 5-4 Configuring folder permissions Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  13. Configuring Folder and File Permissions (cont’d.) Table 5-1 NTFS folder and file permissions MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  14. Configuring Folder and File Permissions (cont’d.) • Activity 5-2: Configuring Folder Permissions • Objective: Configure permissions on a folder so that users can modify its contents • Inherited permissions • Parent object permissions apply to child object • Activity 5-3: Removing Inherited Permissions • Objective: Remove inherited permissions on a folder • Activity 5-4: Configuring Special Permissions • Objective: Configure special permissions for a folder to grant a group expanded access MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  15. Configuring Folder and File Permissions (cont’d.) Figure 5-5 Advanced Security Settings dialog box Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  16. Table 5-2 NTFS folder and file special permissions MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  17. Configuring Folder and File Auditing • Auditing • Track activity on a folder or file, such as read or write activity • NTFS folders and files • Audit combination of any or all of activities listed as special permissions • Activity 5-5: Auditing a Folder • Objective: Configure auditing on a folder to monitor how it is accessed and who is making changes to the folder MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  18. Configuring Folder and File Auditing (cont’d.) Figure 5-8 Folder auditing selections Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  19. Configuring Folder and File Ownership • Folders • Owned by the account that creates them • Owners have ability to change permissions for folders they create • Taking ownership • Transfer ownership • Administrator can always take ownership MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  20. Configuring Folder and File Ownership (cont’d.) Figure 5-9 Taking ownership of a folder Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  21. Configuring Shared Folders and Shared Folder Permissions • Shared folder • Users can access over the network • Changed in Windows Server 2008 from previous versions • Make person offering share more aware of security options • Activity 5-6: Enabling Sharing a Folder • Objective: Turn on file sharing and public folder sharing MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  22. Configuring Shared Folders and Shared Folder Permissions (cont’d.) Figure 5-10 File Sharing dialog box Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  23. Configuring Shared Folders and Shared Folder Permissions (cont’d.) Figure 5-11 Sharing tab Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  24. Configuring Shared Folders and Shared Folder Permissions (cont’d.) • Share permissions for an object • Differ from the NTFS access permissions set through the Security tab • NTFS and share permissions are cumulative • Four share permissions associated with a folder • Reader • Contributor • Co-owner • Owner MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  25. Configuring Shared Folders and Shared Folder Permissions (cont’d.) • Folder caching options • Only the files and programs that users specify will be available offline • All files and programs that users open from the share will be automatically available offline • Files or programs from the share will not be available offline • Activity 5-7: Configuring a Shared Folder • Objective: Configure a shared folder, share permissions, and offline access MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  26. Publishing a Shared Folder in Active Directory • Publish an object • Make it available for users to access when they view Active Directory contents • Directory Service Client (DSClient) • Software that enables older operating systems to search Active Directory • Activity 5-8: Publishing a Shared Folder • Objective: Publish a shared folder in Active Directory MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  27. Troubleshooting a Security Conflict • Review folder and share permissions for: • User account • All of the groups to which user belongs • Effective Permissions tab • Helps troubleshoot permissions conflicts • To access: • Right-click a folder or file, click Properties, click the Security tab, click the Advanced button, and click the Effective Permissions tab MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  28. Troubleshooting a Security Conflict (cont’d.) • Take into account what happens when a folder or files in a folder are copied or moved • Activity 5-9: Troubleshooting Permissions • Objective: View the effective permissions on a folder MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  29. Figure 5-13 Examining effective permissions as a troubleshooting aid Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  30. Implementing a Distributed File System • Distributed File System (DFS) • Simplify access to the shared folders on a network • By setting up folders to appear as though they are accessed from only one place • Makes managing folder access easier for server administrators • Configured using the DFS Management tool in the Administrative Tools menu • Shared folder contents can be replicated to one or more DCs or member servers MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  31. Implementing a Distributed File System (cont’d.) • Advantages • Save time searching • NTFS access permissions apply • Fault tolerance • Load balancing • Improved access for Web-based internet and intranet • Backups made more easily • Important information is not lost when a disk drive on one server fails • Users always have access to shared folders even in the event of a disk failure MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  32. DFS Models • Stand-alone • No Active Directory implementation available to help manage the shared folders • Provides only a single or flat level share • Domain-based • Takes full advantage of Active Directory • Available only to servers and workstations that are members of a domain MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  33. DFS Topology • Hierarchical structure of DFS in domain-based model • Namespace root • Main container in Active Directory • Holds links to shared folders that can be accessed from the root • Populated by shared folders for users to access • Replication group • Set of shared folders replicated or copied to one or more servers in a domain MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  34. Installing DFS • Installed as a service within the File Services role Figure 5-14 Selecting to install DFS Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  35. Figure 5-15 Configuring the namespace type Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  36. Installing DFS (cont’d.) • Activity 5-10: Creating a Namespace Root • Objective: Configure a namespace root MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  37. Managing a Domain-Based Namespace Root System • Tasks involved in managing the namespace root • Creating a folder in a namespace • Delegating management • Tuning a namespace • Deleting a namespace root • Using DFS replication MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  38. Managing a Domain-Based Namespace Root System (cont’d.) • Creating a Folder in a Namespace • Folder target is a path in the Universal Naming Convention (UNC) format • Universal Naming Convention (UNC) • Naming convention that designates network servers, computers, and shared resources • Activity 5-11: Adding a Folder and Folder Target in DFS • Objective: Add a folder in DFS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  39. Managing a Domain-Based Namespace Root System (cont’d.) • Delegating Management • Day-to-day activities can be managed by an assistant or by another person • Right-click namespace and click Delegate Management Permissions • Tuning a Namespace • Configure the order for referrals • Configure cache duration for a namespace or folder • Configure namespace polling • Configure folder targets as enabled or disabled MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  40. Managing a Domain-Based Namespace Root System (cont’d.) • Deleting a Namespace Root • Delete namespace root via the DFS Management tool • Click namespace root and click Delete • Using DFS Replication • Defined two or more folder targets • Decide which server is to be the primary group member • Click a folder under the namespace root in the tree of the DFS Management tool • Replication is handled by the File Replication Service MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  41. Managing a Domain-Based Namespace Root System (cont’d.) • Important improvements to DFS replication • Enables faster and more reliable recovery • Faster for all sizes of files • More efficient over LANs and WANs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  42. Configuring Disk Quotas • Advantages of disk quotas • Prevent users from filling the disk capacity • Encourage users to help manage disk space • Track disk capacity needs • Provide server administrators with information about when users are nearing or have reached their quota limits • Quotas can be set on any local or shared volume MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  43. Configuring Disk Quotas (cont’d.) • Parameters • Enable quota management • Deny disk space to users exceeding quota limit • Do not limit disk usage • Limit disk space to • Set warning level to • Log event when a user exceeds their quota limit • Log event when the user exceeds their warning level MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  44. Configuring Disk Quotas (cont’d.) • Activity 5-12: Configuring Disk Quotas • Objective: Enable disk quotas and then set a disk quota for a specific group of users MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  45. Using UNIX Interoperability in Windows Server 2008 • Subsystem for UNIX-based Applications (SUA) • Provides compatibility with UNIX and Linux systems • SUA functionality • Run UNIX/Linux applications with few or no changes to the program source code. • Run UNIX/Linux scripts • Use popular UNIX/Linux shells • Run most UNIX/Linux commands • Run the popular vi UNIX/Linux editor MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  46. Using UNIX Interoperability in Windows Server 2008 (cont’d.) • Compiler • Program that reads lines of program code in a source file and converts the code into machine-language instructions the computer can execute • Script • Consists of lines of commands that are executed when you run the script • Shell • Interface between the user and the operating system • Korn or C shell MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  47. Using UNIX Interoperability in Windows Server 2008 (cont’d.) • Dynamic-link library (DLL) • Contain program code that can be called and run by Windows applications • Server for Network Information Services • Provides a naming system for shared resources on a UNIX/Linux network MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  48. Using UNIX Interoperability in Windows Server 2008 (cont’d.) • New features for SUA • More transparent ability for UNIX/Linux applications to connect to Oracle and SQL Server databases • Inclusion of true 64-bit libraries • New utilities • Use Microsoft Visual Studio for designing UNIX/Linux applications MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  49. Summary • Discretionary access control lists • Manage access to resources • Folder and file attributes provide one level of security • Permissions provide another level of security • Folders can be shared for users to access over a network • Use Effective Permissions capability to troubleshoot a security conflict MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  50. Summary (cont’d.) • Distributed File System (DFS) • Set up shared folders that are easier for users to access and can be replicated for backup and load distribution • Disk quotas • Manage the resources put on a server disk volume • Subsystem for UNIX-based Applications • Provides compatibility with UNIX and Linux systems MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

More Related