slide1
Download
Skip this Video
Download Presentation
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access

Loading in 2 Seconds...

play fullscreen
1 / 37

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access - PowerPoint PPT Presentation


  • 333 Views
  • Uploaded on

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access. Objectives. Identify and understand the differences between the various file systems supported in Windows Server 2003 Create and manage shared folders

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access' - LeeJohn


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, EnhancedChapter 5: Managing File Access

objectives
Objectives
  • Identify and understand the differences between the various file systems supported in Windows Server 2003
  • Create and manage shared folders
  • Understand and configure the shared folder permissions available in Windows Server 2003
  • Understand and configure the NTFS permissions available in Windows Server 2003

Guide to MCSE 70-290, Enhanced

objectives continued
Objectives (continued)
  • Determine the impact of combining shared folder and NTFS permissions
  • Convert partitions and volumes from FAT to NTFS

Guide to MCSE 70-290, Enhanced

windows server 2003 file systems
Windows Server 2003 File Systems
  • Three main file systems
    • File Allocation Table (FAT)
    • FAT32
    • NTFS
  • Final choice of file system depends on
    • How system will be used
    • Whether there are multiple operating systems
    • Security requirements
  • NTFS is most highly recommended

Guide to MCSE 70-290, Enhanced

slide5
FAT
  • Used by MS-DOS
  • Supported by all versions of Windows since
  • Traditionally limited to partitions up to 2 GB
    • Windows Server 2003 version supports partitions up to 4 GB
  • Limitations
    • Small partition sizes
    • No file system security features
    • Disk space usage is poor

Guide to MCSE 70-290, Enhanced

fat32
FAT32
  • A derivative of the FAT file system
  • Supports partition sizes up to 2 TB
  • Still does not provide advanced security features
    • Cannot configure permissions on file and folder resources

Guide to MCSE 70-290, Enhanced

slide7
NTFS
  • Introduced with Windows NT operating system
  • Current version (version 5)
    • Windows NT 4.0
    • Windows 2000
    • Windows XP
    • Windows Server 2003
  • Theoretically supports partition sizes of up to 16 Exabytes (EB)
    • Practically supports maximum partition sizes from 2 TB to 16 TB

Guide to MCSE 70-290, Enhanced

ntfs continued
NTFS (continued)
  • Advantages of NTFS
    • Greater scalability and performance on larger partitions
    • Support for Active Directory on systems configured as domain controllers
    • Ability to configure security permissions on individual files and folders
    • Built-in support for compression and encryption
    • Ability to configure disk quotas for individual users
    • Support for Remote Storage
    • Recovery logging of disk activities

Guide to MCSE 70-290, Enhanced

creating and managing shared folders
Creating and Managing Shared Folders
  • Shared folder
    • A data resource made available over a network to authorized network clients
    • Specific permissions required for creating, reading, modifying
  • Groups that can create shared folders:
    • Administrators
    • Server Operators
    • Power Users (only on member servers)

Guide to MCSE 70-290, Enhanced

creating and managing shared folders continued
Creating and Managing Shared Folders (continued)
  • Several ways to create shared folders
  • Two important methods
    • Windows Explorer Interface
    • Computer Management console
      • Also allows shared folders to be monitored

Guide to MCSE 70-290, Enhanced

using windows explorer
Using Windows Explorer
  • Used since Windows 95
  • Can create, maintain, and share folders
  • Folders can be on any drive connected to the computer
  • Folders are shared in Windows Explorer by accessing the Sharing tab of folder’s properties

Guide to MCSE 70-290, Enhanced

using windows explorer continued
Using Windows Explorer (continued)

Guide to MCSE 70-290, Enhanced

using windows explorer continued13
Using Windows Explorer (continued)
  • Shared name of folder does not have to be the actual file name
  • Hand icon used to indicate shared status
  • Shared folders can be hidden from My Network Places and Network Neighborhood
    • Place dollar sign ($) after name, e.g., Salary$
    • Number of hidden administrative shares created automatically at installation

Guide to MCSE 70-290, Enhanced

using windows explorer continued14
Using Windows Explorer (continued)

Guide to MCSE 70-290, Enhanced

using windows explorer continued15
Using Windows Explorer (continued)

Guide to MCSE 70-290, Enhanced

using computer management
Using Computer Management
  • Computer Management console is a pre-defined Microsoft Management Console (MMC)
    • Allows you to share and monitor folders for local and remote computers
    • Allows you to stop sharing if desired

Guide to MCSE 70-290, Enhanced

using computer management continued
Using Computer Management (continued)
  • Share a Folder Wizard
    • Used to create folders in Shared Folders section of Computer Management
    • Used to provide preconfigured or manual permissions
      • All users have read-only access
      • Administrators have full access; others have read-only access
      • Administrators have full access; others have read and write access
      • Custom share and folder permissions

Guide to MCSE 70-290, Enhanced

monitoring access to shared folders
Monitoring Access to Shared Folders
  • Monitoring involves
    • Who is using shared files
    • What shared files are open at any given time
  • Other functions
    • Disconnect users from a share
    • Send network alert messages
  • Primary monitoring tool is Computer Management

Guide to MCSE 70-290, Enhanced

managing shared folder permissions
Managing Shared Folder Permissions
  • A shared folder has a discretionary access control list (DACL)
    • Contains a list of user or group references that have been allowed or denied permissions
    • Each reference is an access control entry (ACE)
    • Accessed from Permissions button on Sharing tab of folder’s properties
  • Permissions only apply to network users, not those logged on directly to local machine

Guide to MCSE 70-290, Enhanced

managing shared folder permissions continued22
Managing Shared Folder Permissions (continued)
  • To deny access to a user or group
    • Windows Server 2003 does not include No Access share permission
    • Must explicitly deny access to each individually
  • Default permission is read access for Everyone group
    • Should be immediately addressed when a share is created
  • Folder permissions are inherited by all contained objects

Guide to MCSE 70-290, Enhanced

ntfs permissions
NTFS Permissions
  • Resources located on an NTFS partition or volume can be given NTFS permissions
  • An administrator must
    • Know how permissions are applied
    • Standard and special NTFS permissions available
    • How effective permissions are determined

Guide to MCSE 70-290, Enhanced

ntfs permission concepts
NTFS Permission Concepts
  • NTFS permissions are configured via the Security tab
  • NTFS permissions are cumulative
  • Access denial always overrides permitted access
  • NTFS folder permissions are inherited unless otherwise specified
  • NTFS permissions can be set at file or folder level

Guide to MCSE 70-290, Enhanced

ntfs permission concepts continued
NTFS Permission Concepts (continued)
  • A new ACE has default permission
    • Read and Read and Execute for files
    • List Folder Contents for folders
  • Windows Server 2003 has set of standard permissions plus special permissions

Guide to MCSE 70-290, Enhanced

ntfs permission concepts continued26
NTFS Permission Concepts (continued)

Guide to MCSE 70-290, Enhanced

special ntfs permissions
Special NTFS Permissions
  • Can provide more or less access than standard permissions
  • Special permissions accessed from Advanced button in the Security tab on Properties dialog box for resource
  • Permission Entry dialog box enables assignment of permissions and control of inheritance settings

Guide to MCSE 70-290, Enhanced

special ntfs permissions continued
Special NTFS Permissions (continued)

Guide to MCSE 70-290, Enhanced

special ntfs permissions continued29
Special NTFS Permissions (continued)
  • Inheritance settings
    • This folder only
    • This folder, subfolders, and files (default)
    • This folder and subfolders
    • This folder and files
    • Subfolders and files only
    • Subfolders only
    • Files only

Guide to MCSE 70-290, Enhanced

special ntfs permissions continued30
Special NTFS Permissions (continued)

Guide to MCSE 70-290, Enhanced

special ntfs permissions continued31
Special NTFS Permissions (continued)

Guide to MCSE 70-290, Enhanced

determining effective permissions
Determining Effective Permissions
  • Permissions that actually apply to a user can be the result of membership in multiple groups
  • Prior to Windows Server 2003, determining effective permissions was done manually
  • In Windows Server 2003, there is an Effective Permissions tab in Advanced Security Settings dialog box for resource
    • Shows specific permissions for a user or group

Guide to MCSE 70-290, Enhanced

determining effective permissions continued
Determining Effective Permissions (continued)

Guide to MCSE 70-290, Enhanced

combining shared folder and ntfs permissions
Combining Shared Folder and NTFS Permissions
  • NTFS permissions can be combined with share permissions
    • When accessing a share across a network, if both apply, use most restrictive
    • When accessing a file locally, only NTFS permissions apply

Guide to MCSE 70-290, Enhanced

converting a fat partition to ntfs
Converting a FAT Partition to NTFS
  • For highest security, partitions and volumes should be configured to use NTFS
  • Command-line utility, CONVERT, will convert FAT or FAT32 partitions and volumes to NTFS
  • All existing files and folders are retained
  • CONVERT cannot convert NTFS to FAT or FAT32

Guide to MCSE 70-290, Enhanced

summary
Summary
  • Windows Server 2003 supports 3 file systems
    • FAT
    • FAT32
    • NTFS (preferred)
  • Two types of permissions
    • Shared folder (network only)
      • Tools are Windows Explorer, Computer Management, and NET SHARE command
    • NTFS (local and network)
      • NTFS partitions only

Guide to MCSE 70-290, Enhanced

summary continued
Summary (continued)
  • Permissions
    • Shared folders, 3 standard permissions
    • NTFS, 6 standard and 14 special permissions
      • Permissions are cumulative
      • Effective permissions can be determined from Advanced Security Settings of a resource
    • Shared folder and NTFS permissions can be combined
  • CONVERT utility can convert a FAT or FAT32 partition to the NTFS file system

Guide to MCSE 70-290, Enhanced

ad