70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced
Download
1 / 37

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access - PowerPoint PPT Presentation


  • 331 Views
  • Uploaded on

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access. Objectives. Identify and understand the differences between the various file systems supported in Windows Server 2003 Create and manage shared folders

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access' - LeeJohn


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, EnhancedChapter 5: Managing File Access


Objectives l.jpg
Objectives 2003 Environment, Enhanced

  • Identify and understand the differences between the various file systems supported in Windows Server 2003

  • Create and manage shared folders

  • Understand and configure the shared folder permissions available in Windows Server 2003

  • Understand and configure the NTFS permissions available in Windows Server 2003

Guide to MCSE 70-290, Enhanced


Objectives continued l.jpg
Objectives (continued) 2003 Environment, Enhanced

  • Determine the impact of combining shared folder and NTFS permissions

  • Convert partitions and volumes from FAT to NTFS

Guide to MCSE 70-290, Enhanced


Windows server 2003 file systems l.jpg
Windows Server 2003 File Systems 2003 Environment, Enhanced

  • Three main file systems

    • File Allocation Table (FAT)

    • FAT32

    • NTFS

  • Final choice of file system depends on

    • How system will be used

    • Whether there are multiple operating systems

    • Security requirements

  • NTFS is most highly recommended

Guide to MCSE 70-290, Enhanced


Slide5 l.jpg
FAT 2003 Environment, Enhanced

  • Used by MS-DOS

  • Supported by all versions of Windows since

  • Traditionally limited to partitions up to 2 GB

    • Windows Server 2003 version supports partitions up to 4 GB

  • Limitations

    • Small partition sizes

    • No file system security features

    • Disk space usage is poor

Guide to MCSE 70-290, Enhanced


Fat32 l.jpg
FAT32 2003 Environment, Enhanced

  • A derivative of the FAT file system

  • Supports partition sizes up to 2 TB

  • Still does not provide advanced security features

    • Cannot configure permissions on file and folder resources

Guide to MCSE 70-290, Enhanced


Slide7 l.jpg
NTFS 2003 Environment, Enhanced

  • Introduced with Windows NT operating system

  • Current version (version 5)

    • Windows NT 4.0

    • Windows 2000

    • Windows XP

    • Windows Server 2003

  • Theoretically supports partition sizes of up to 16 Exabytes (EB)

    • Practically supports maximum partition sizes from 2 TB to 16 TB

Guide to MCSE 70-290, Enhanced


Ntfs continued l.jpg
NTFS (continued) 2003 Environment, Enhanced

  • Advantages of NTFS

    • Greater scalability and performance on larger partitions

    • Support for Active Directory on systems configured as domain controllers

    • Ability to configure security permissions on individual files and folders

    • Built-in support for compression and encryption

    • Ability to configure disk quotas for individual users

    • Support for Remote Storage

    • Recovery logging of disk activities

Guide to MCSE 70-290, Enhanced


Creating and managing shared folders l.jpg
Creating and Managing Shared Folders 2003 Environment, Enhanced

  • Shared folder

    • A data resource made available over a network to authorized network clients

    • Specific permissions required for creating, reading, modifying

  • Groups that can create shared folders:

    • Administrators

    • Server Operators

    • Power Users (only on member servers)

Guide to MCSE 70-290, Enhanced


Creating and managing shared folders continued l.jpg
Creating and Managing Shared Folders (continued) 2003 Environment, Enhanced

  • Several ways to create shared folders

  • Two important methods

    • Windows Explorer Interface

    • Computer Management console

      • Also allows shared folders to be monitored

Guide to MCSE 70-290, Enhanced


Using windows explorer l.jpg
Using Windows Explorer 2003 Environment, Enhanced

  • Used since Windows 95

  • Can create, maintain, and share folders

  • Folders can be on any drive connected to the computer

  • Folders are shared in Windows Explorer by accessing the Sharing tab of folder’s properties

Guide to MCSE 70-290, Enhanced


Using windows explorer continued l.jpg
Using Windows Explorer (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Using windows explorer continued13 l.jpg
Using Windows Explorer (continued) 2003 Environment, Enhanced

  • Shared name of folder does not have to be the actual file name

  • Hand icon used to indicate shared status

  • Shared folders can be hidden from My Network Places and Network Neighborhood

    • Place dollar sign ($) after name, e.g., Salary$

    • Number of hidden administrative shares created automatically at installation

Guide to MCSE 70-290, Enhanced


Using windows explorer continued14 l.jpg
Using Windows Explorer (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Using windows explorer continued15 l.jpg
Using Windows Explorer (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Using computer management l.jpg
Using Computer Management 2003 Environment, Enhanced

  • Computer Management console is a pre-defined Microsoft Management Console (MMC)

    • Allows you to share and monitor folders for local and remote computers

    • Allows you to stop sharing if desired

Guide to MCSE 70-290, Enhanced


Using computer management continued l.jpg
Using Computer Management (continued) 2003 Environment, Enhanced

  • Share a Folder Wizard

    • Used to create folders in Shared Folders section of Computer Management

    • Used to provide preconfigured or manual permissions

      • All users have read-only access

      • Administrators have full access; others have read-only access

      • Administrators have full access; others have read and write access

      • Custom share and folder permissions

Guide to MCSE 70-290, Enhanced


Monitoring access to shared folders l.jpg
Monitoring Access to Shared Folders 2003 Environment, Enhanced

  • Monitoring involves

    • Who is using shared files

    • What shared files are open at any given time

  • Other functions

    • Disconnect users from a share

    • Send network alert messages

  • Primary monitoring tool is Computer Management

Guide to MCSE 70-290, Enhanced


Monitoring access to shared folders continued l.jpg
Monitoring Access to Shared Folders (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Managing shared folder permissions l.jpg
Managing Shared Folder Permissions 2003 Environment, Enhanced

  • A shared folder has a discretionary access control list (DACL)

    • Contains a list of user or group references that have been allowed or denied permissions

    • Each reference is an access control entry (ACE)

    • Accessed from Permissions button on Sharing tab of folder’s properties

  • Permissions only apply to network users, not those logged on directly to local machine

Guide to MCSE 70-290, Enhanced


Managing shared folder permissions continued l.jpg
Managing Shared Folder Permissions (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Managing shared folder permissions continued22 l.jpg
Managing Shared Folder Permissions (continued) 2003 Environment, Enhanced

  • To deny access to a user or group

    • Windows Server 2003 does not include No Access share permission

    • Must explicitly deny access to each individually

  • Default permission is read access for Everyone group

    • Should be immediately addressed when a share is created

  • Folder permissions are inherited by all contained objects

Guide to MCSE 70-290, Enhanced


Ntfs permissions l.jpg
NTFS Permissions 2003 Environment, Enhanced

  • Resources located on an NTFS partition or volume can be given NTFS permissions

  • An administrator must

    • Know how permissions are applied

    • Standard and special NTFS permissions available

    • How effective permissions are determined

Guide to MCSE 70-290, Enhanced


Ntfs permission concepts l.jpg
NTFS Permission Concepts 2003 Environment, Enhanced

  • NTFS permissions are configured via the Security tab

  • NTFS permissions are cumulative

  • Access denial always overrides permitted access

  • NTFS folder permissions are inherited unless otherwise specified

  • NTFS permissions can be set at file or folder level

Guide to MCSE 70-290, Enhanced


Ntfs permission concepts continued l.jpg
NTFS Permission Concepts (continued) 2003 Environment, Enhanced

  • A new ACE has default permission

    • Read and Read and Execute for files

    • List Folder Contents for folders

  • Windows Server 2003 has set of standard permissions plus special permissions

Guide to MCSE 70-290, Enhanced


Ntfs permission concepts continued26 l.jpg
NTFS Permission Concepts (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Special ntfs permissions l.jpg
Special NTFS Permissions 2003 Environment, Enhanced

  • Can provide more or less access than standard permissions

  • Special permissions accessed from Advanced button in the Security tab on Properties dialog box for resource

  • Permission Entry dialog box enables assignment of permissions and control of inheritance settings

Guide to MCSE 70-290, Enhanced


Special ntfs permissions continued l.jpg
Special NTFS Permissions (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Special ntfs permissions continued29 l.jpg
Special NTFS Permissions (continued) 2003 Environment, Enhanced

  • Inheritance settings

    • This folder only

    • This folder, subfolders, and files (default)

    • This folder and subfolders

    • This folder and files

    • Subfolders and files only

    • Subfolders only

    • Files only

Guide to MCSE 70-290, Enhanced


Special ntfs permissions continued30 l.jpg
Special NTFS Permissions (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Special ntfs permissions continued31 l.jpg
Special NTFS Permissions (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Determining effective permissions l.jpg
Determining Effective Permissions 2003 Environment, Enhanced

  • Permissions that actually apply to a user can be the result of membership in multiple groups

  • Prior to Windows Server 2003, determining effective permissions was done manually

  • In Windows Server 2003, there is an Effective Permissions tab in Advanced Security Settings dialog box for resource

    • Shows specific permissions for a user or group

Guide to MCSE 70-290, Enhanced


Determining effective permissions continued l.jpg
Determining Effective Permissions (continued) 2003 Environment, Enhanced

Guide to MCSE 70-290, Enhanced


Combining shared folder and ntfs permissions l.jpg
Combining Shared Folder and NTFS Permissions 2003 Environment, Enhanced

  • NTFS permissions can be combined with share permissions

    • When accessing a share across a network, if both apply, use most restrictive

    • When accessing a file locally, only NTFS permissions apply

Guide to MCSE 70-290, Enhanced


Converting a fat partition to ntfs l.jpg
Converting a FAT Partition to NTFS 2003 Environment, Enhanced

  • For highest security, partitions and volumes should be configured to use NTFS

  • Command-line utility, CONVERT, will convert FAT or FAT32 partitions and volumes to NTFS

  • All existing files and folders are retained

  • CONVERT cannot convert NTFS to FAT or FAT32

Guide to MCSE 70-290, Enhanced


Summary l.jpg
Summary 2003 Environment, Enhanced

  • Windows Server 2003 supports 3 file systems

    • FAT

    • FAT32

    • NTFS (preferred)

  • Two types of permissions

    • Shared folder (network only)

      • Tools are Windows Explorer, Computer Management, and NET SHARE command

    • NTFS (local and network)

      • NTFS partitions only

Guide to MCSE 70-290, Enhanced


Summary continued l.jpg
Summary (continued) 2003 Environment, Enhanced

  • Permissions

    • Shared folders, 3 standard permissions

    • NTFS, 6 standard and 14 special permissions

      • Permissions are cumulative

      • Effective permissions can be determined from Advanced Security Settings of a resource

    • Shared folder and NTFS permissions can be combined

  • CONVERT utility can convert a FAT or FAT32 partition to the NTFS file system

Guide to MCSE 70-290, Enhanced


ad