chapter 9 n.
Download
Skip this Video
Download Presentation
SHARING FILE SYSTEM RESOURCES

Loading in 2 Seconds...

play fullscreen
1 / 45

SHARING FILE SYSTEM RESOURCES - PowerPoint PPT Presentation


  • 177 Views
  • Uploaded on

Chapter 9. SHARING FILE SYSTEM RESOURCES. CHAPTER OVERVIEW. Create and manage file system shares and work with share permissions. Use NTFS file system permissions to control access to files. Manage file sharing using Internet Information Services (IIS). UNDERSTANDING PERMISSIONS.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SHARING FILE SYSTEM RESOURCES' - brady-key


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter overview
Chapter 9: SHARING FILE SYSTEM RESOURCESCHAPTER OVERVIEW
  • Create and manage file system shares and work with share permissions.
  • Use NTFS file system permissions to control access to files.
  • Manage file sharing using Internet Information Services (IIS).
understanding permissions
Chapter 9: SHARING FILE SYSTEM RESOURCESUNDERSTANDING PERMISSIONS
  • File system permissions
  • Share permissions
  • Active Directory permissions
  • Registry permissions
inheritance
Chapter 9: SHARING FILE SYSTEM RESOURCESINHERITANCE
  • Allows permissions assigned at one folder to flow down to subsequent files and folders
  • Can be overridden by explicit permission assignment or inheritance blocking
  • Useful in reducing the number of permission assignments required
effective permissions
Chapter 9: SHARING FILE SYSTEM RESOURCESEFFECTIVE PERMISSIONS
  • Allowed permissions are cumulative.
  • Denied permissions override allowed permissions.
  • Explicit permissions take precedence over inherited permissions.
restrictions on creating file system shares
Chapter 9: SHARING FILE SYSTEM RESOURCESRESTRICTIONS ON CREATING FILE SYSTEM SHARES
  • On a domain controller: Administrators, Server Operators, Enterprise Admins, Domain Admins groups only
  • On a domain member server or workstation: Administrators, Server Operators, or Power Users groups only
  • On a workgroup or standalone computer: Administrators or Power Users groups only
creating a file system share using net exe
Chapter 9: SHARING FILE SYSTEM RESOURCESCREATING A FILE SYSTEM SHARE USING NET.EXE
  • Allows shares to be created from a command line
  • Lets you configure permissions during creation
  • Lets you configure offline settings for the share
using share permissions
Chapter 9: SHARING FILE SYSTEM RESOURCESUSING SHARE PERMISSIONS
  • Limited scope Can be applied only to folders and only when connecting to the share.
  • Lack of flexibility Permissions applied to the share apply to all levels below.
  • No replication Share permissions are not replicated.
  • No resiliency Share permissions cannot be backed up or restored.
using share permissions continued
Chapter 9: SHARING FILE SYSTEM RESOURCESUSING SHARE PERMISSIONS (continued)
  • Fragility Shares (and therefore share permissions) are lost when a folder is moved or renamed.
  • No auditing Share permissions do not facilitate auditing.
share permission defaults
Chapter 9: SHARING FILE SYSTEM RESOURCESSHARE PERMISSION DEFAULTS
  • When a new share is created, the following permissions are granted:
    • Everyone special identity: Read
    • Administrators: Full Control
creating a file system sharing strategy
Chapter 9: SHARING FILE SYSTEM RESOURCESCREATING A FILE SYSTEM SHARING STRATEGY
  • Create logically named shares.
  • Use nesting where necessary to reduce users’ need to navigate the directory structure.
  • Share removable drives from the root to keep the share available when media are removed and reconnected or changed.
nesting shares
Chapter 9: SHARING FILE SYSTEM RESOURCESNESTING SHARES
  • A share can be created on any folder in the file system.
  • Multiple shares on the same folder can have different permissions.
  • Permissions are applied at the share entry point.
using ntfs permissions
Chapter 9: SHARING FILE SYSTEM RESOURCESUSING NTFS PERMISSIONS
  • Scope NTFS permissions apply no matter how the file is accessed.
  • Flexibility Wide range of permissions allows assignments to be tailored.
  • Replication NTFS permissions are included when a file is replicated.
  • Resilience NTFS permissions are retained when objects are backed up.
  • Less fragile NTFS permissions are not lost if a file is moved or renamed.
  • Auditing NTFS permissions support auditing.
resource ownership
Chapter 9: SHARING FILE SYSTEM RESOURCESRESOURCE OWNERSHIP
  • Each file and folder is assigned an owner.
  • Ownership of a file makes the security principle a member of the Creator/Owner special identity.
  • Files that are owned go toward disk quota calculations.
administering iis
Chapter 9: SHARING FILE SYSTEM RESOURCESADMINISTERING IIS
  • Web server platform included with all editions of Windows Server 2003.
  • Version 6 has improved security over previous versions.
  • Allows files to be published through a browser interface.
  • Supports HTTP and FTP.
installing iis
Chapter 9: SHARING FILE SYSTEM RESOURCESINSTALLING IIS
  • Not installed during operating system installation
  • Installed through the Windows Components Wizard (select Add Or Remove Programs in Control Panel, and click Add/Remove Windows Components) or through the Manage Your Server Wizard
creating virtual directories
Chapter 9: SHARING FILE SYSTEM RESOURCESCREATING VIRTUAL DIRECTORIES
  • Allows you to include a folder from anywhere on the network in your Web site
  • Appears to the Web site user as if it is a subdirectory of the main Web site folder
  • Allows management of Web content to be distributed between departments
summary
Chapter 9: SHARING FILE SYSTEM RESOURCESSUMMARY
  • Windows Server 2003 controls access to resources using a number of mechanisms, including share permissions and NTFS permissions.
  • Every object protected by permissions has an ACL, which is a list of ACEs assigned to that object. Each ACE contains a security principal and indicates the level of access they are permitted or denied to the object.
  • File system shares enable network users to access files and folders on other computers.
summary continued
Chapter 9: SHARING FILE SYSTEM RESOURCESSUMMARY (continued)
  • Share permissions provide basic protection for file system shares, but they lack the granularity and flexibility of NTFS permissions.
  • NTFS permissions can be allowed or denied, and explicit or inherited. A Deny permission takes precedence over an Allow permission, and an Explicit permission takes precedence over an Inherited permission.
summary continued1
Chapter 9: SHARING FILE SYSTEM RESOURCESSUMMARY (continued)
  • Access granted by NTFS permissions can be restricted by share permissions and other factors, such as IIS permissions on Web sites.
  • Whenever two permission types are assigned to a resource, you must evaluate each set of permissions and then determine which of the two is more restrictive.
  • Every NTFS file and folder has an owner. The owner of a file or folder is always permitted to modify the file or folder’s ACL.
summary continued2
Chapter 9: SHARING FILE SYSTEM RESOURCESSUMMARY (continued)
  • Any user with the Allow Take Ownership permission or the Take Ownership Of Files Or Other Objects user right can take ownership of an object.
  • IIS is a Windows Server 2003 application that allows you to share files and folders using Web and FTP server services.
ad