SHARING FILE SYSTEM RESOURCES



Similar documents
9 Administering Shared Folders

Create, Link, or Edit a GPO with Active Directory Users and Computers

PLANNING AND DESIGNING GROUP POLICY, PART 1

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Administering Active Directory. Administering Active Directory. Reading. Review: Organizational Units. Review: Domains. Review: Domain Trees

File systems security: Shared folders & NTFS permissions, EFS Disk Quotas

Objectives. At the end of this chapter students should be able to:

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Wavecrest Certificate

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Advanced Audit Policy Configurations for LT Auditor+ Reference Guide

Using Group Policy to Manage and Enforce ACL on VNX for File P/N REV A01 February 2011

Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3)

Using Windows Administrative Tools on VNX

LifeSize Control Installation Guide

DeviceLock Management via Group Policy

Setting Up SSL on IIS6 for MEGA Advisor

Module 8: Implementing Group Policy

Administering Group Policy with Group Policy Management Console

Security Guidelines for MapInfo Discovery 1.1

2. Using Notepad, create a file called c:\demote.txt containing the following information:

Privilege Guard 3.0 Administration Guide

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Group Policy 21/05/2013

FIGURE Selecting properties for the event log.

HTTP Server Setup for McAfee Endpoint Encryption (Formerly SafeBoot) Table of Contents

etoken Enterprise For: SSL SSL with etoken

NetWrix Password Manager. Quick Start Guide

Windows Offline Files

Security IIS Service Lesson 6

Desktop Surveillance Help

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Clustering ExtremeZ-IP 4.1

How to monitor AD security with MOM

Combining Shared Folder and NTFS Permissions

O Reilly Media, Inc. 3/2/2007

VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1

Direct Storage Access Using NetApp SnapDrive. Installation & Administration Guide

File and Printer Sharing with Microsoft Windows

MCSE TestPrep: Windows NT Server 4, Second Edition Managing Resources

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

DMZ Server monitoring with

DeviceLock Management via Group Policy

Creating and Managing Shared Folders

Lab 5 Managing Access to Shared Folders

EMC Celerra Network Server

These guidelines can dramatically improve logon and startup performance.

Smart Policy - Web Collector. Version 1.1

Microsoft Virtual Labs. Active Directory New User Interface

AXIS 70U - Using Scan-to-File

Migrating Your Windows File Server to a CTERA Cloud Gateway. Cloud Attached Storage. February 2015 Version 4.1

Managing and Maintaining a Microsoft Windows Server 2003 Environment

CIFS Permissions Best Practices Nasuni Corporation Natick, MA

Deploying a File Server Lesson 2

Administration GUIDE. SharePoint Server idataagent. Published On: 11/19/2013 V10 Service Pack 4A Page 1 of 201

USING USER ACCESS CONTROL LISTS (ACLS) TO MANAGE FILE PERMISSIONS WITH A LENOVO NETWORK STORAGE DEVICE

White Paper. Configuration of Fabasoft Folio Printer Ports. Fabasoft Folio 2015 Update Rollup 2

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Moving Components of an Amicus Premium Installation

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

MCSE Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required)

CHAPTER THREE. Managing Groups

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide

CONFIGURING TARGET ACTIVE DIRECTORY DOMAIN FOR AUDIT BY NETWRIX AUDITOR

Creating Home Directories for Windows and Macintosh Computers

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac

Getting Started Guide

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Managing an Active Directory Infrastructure

SCCM Client Checklist for Windows 7

Active Directory Change Notifier Quick Start Guide

Installing and Configuring a Server Certificate for use by MailSite Fusion with TLS/SSL A guide for MailSite Administrators

Configuring Security Features of Session Recording

NTP Software File Auditor for NAS, EMC Edition

MTA Course: Windows Operating System Fundamentals Topic: Understand backup and recovery methods File name: 10753_WindowsOS_SA_6.

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Setup SSL in SharePoint 2013 Using Domain Certificate

Check Point FDE integration with Digipass Key devices

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

Subversion Server for Windows

Training Guide: Configuring Windows8 8

How to install Small Business Server 2003 in an existing Active

Modular Messaging. Release 3.0 / 3.1. Diminished Permissions for Exchange.

Windows Domain Network Configuration Guide

Administration Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Sophos Anti-Virus for NetApp Storage Systems startup guide

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

Windows Clients and GoPrint Print Queues

This document details the following four steps in setting up a Web Server (aka Internet Information Services -IIS) on Windows XP:

Transcription:

1 Chapter 9 SHARING FILE SYSTEM RESOURCES Chapter 9: SHARING FILE SYSTEM RESOURCES 2 CHAPTER OVERVIEW Create and manage file system shares and work with share permissions Use NTFS file system permissions to control access to files Manage file sharing using Internet Information Services (IIS) Chapter 9: SHARING FILE SYSTEM RESOURCES 3 UNDERSTANDING PERMISSIONS OVERVIEW File system permissions Share permissions Active Directory permissions Registry permissions (REGEDIT) 1

Chapter 9: SHARING FILE SYSTEM RESOURCES 4 ACCESS CONTROL LISTS (ACL) Lab: Properties for root of a drive Windows Explorer Right-click Properties Access Control Entries ACL has ACEs Chapter 9: SHARING FILE SYSTEM RESOURCES 5 PERMISSIONS Permissions are keys to unlock access to resources. Full Control permission is the master key. Chapter 9: SHARING FILE SYSTEM RESOURCES 6 INHERITANCE Allows permissions assigned at one folder to flow down to subsequent files and folders Can be overridden by explicit permission assignment or inheritance blocking Useful in reducing the number of permission assignments required 2

Chapter 9: SHARING FILE SYSTEM RESOURCES 7 INHERITANCE Folder (Grand) Parent Folder Parent Folder 1 Child Folder 1A Child Folder 1B Parent Folder 2 Child Folder 2A Child Folder 2B Parent Folder 3 Child Folder 3A User Permissions Read Write Delete Folders/Files Read Write Delete Folders/Files Read Write Delete Folders/Files Read Write Delete Folders/Files Read Write Delete Folders/Files Read Write Delete Folders/Files??????????????? Folders/Files??????????????? Folders/Files??????????????? Folders/Files Chapter 9: SHARING FILE SYSTEM RESOURCES 8 EFFECTIVE PERMISSIONS Allowed permissions are cumulative. Denied permissions override allowed permissions. Explicit permissions take precedence over inherited permissions. Chapter 9: SHARING FILE SYSTEM RESOURCES 9 EFFECTIVE PERMISSIONS Folder (Grand) Parent Folder Parent Folder 1 Child Folder 1A (Grand) Child Child Folder 1B User Permissions Deny All??????????????? Folders/Files Read??????????? Folders/Files??????????????? Folders/Files??????????????? Folders/Files 3

Chapter 9: SHARING FILE SYSTEM RESOURCES 10 SHARING FOLDERS Without shares, network clients cannot access folders on a server. Require: Client for Microsoft Networks File and Printer Sharing for Microsoft Networks Chapter 9: SHARING FILE SYSTEM RESOURCES 11 ADMINISTRATIVE SHARES Administrative shares are hidden. Appending a share with a $ creates a hidden share. Chapter 9: SHARING FILE SYSTEM RESOURCES 12 RESTRICTIONS ON CREATING FILE SYSTEM SHARES On a domain controller: Administrators, Server Operators, Enterprise Admins, Domain Admins groups On a domain member server or workstation: Administrators, Server Operators, Power Users groups On a workgroup or standalone computer: Administrators or Power Users groups 4

Chapter 9: SHARING FILE SYSTEM RESOURCES 13 CREATING A FILE SYSTEM SHARE USING WINDOWS EXPLORER Lab: Create Share Folder Create C:\ShareMe folder Right-click C:\ShareMe Select Share this folder Chapter 9: SHARING FILE SYSTEM RESOURCES 14 SHARING A VOLUME USING WINDOWS EXPLORER Lab: Create Share for root Start Windows Explorer Select C:\ root Right-click C:\ root Select Sharing tab Click New Share Chapter 9: SHARING FILE SYSTEM RESOURCES 15 CREATING A FILE SYSTEM SHARE USING THE SHARED FOLDERS SNAP-IN Lab: Create Share using MMC Start Computer Management Console Select Shared Folders Select Shares Right-click Click New Shares 5

Chapter 9: SHARING FILE SYSTEM RESOURCES 16 CREATING A FILE SYSTEM SHARE USING NET.EXE Allows shares to be created from a command line Lets you configure permissions during creation Lets you configure offline settings for the share Chapter 9: SHARING FILE SYSTEM RESOURCES 17 MANAGING SHARED FOLDERS Lab: Share properties Select ShareMe Right-click Properties Chapter 9: SHARING FILE SYSTEM RESOURCES 18 CONTROLLING OFFLINE STORAGE Lab: Offline Caching Select ShareMe Right-Click Caching 6

Chapter 9: SHARING FILE SYSTEM RESOURCES 19 PUBLISHING FILE SYSTEM SHARES IN ACTIVE DIRECTORY Chapter 9: SHARING FILE SYSTEM RESOURCES 20 MANAGING SHARE PERMISSIONS Chapter 9: SHARING FILE SYSTEM RESOURCES 21 USING SHARE PERMISSIONS Limited scope Can be applied only to folders and only when connecting to the share. Lack of flexibility Permissions applied to the share apply to all levels below. No replication Share permissions are not replicated. No resiliency Share permissions cannot be backed up or restored. 7

Chapter 9: SHARING FILE SYSTEM RESOURCES 22 USING SHARE PERMISSIONS (continued) Fragility Shares (and therefore share permissions) are lost when a folder is moved or renamed. No auditing Share permissions do not facilitate auditing. Chapter 9: SHARING FILE SYSTEM RESOURCES 23 SHARE PERMISSION DEFAULTS When a new share is created, the following permissions are granted: Everyone special identity: Read Administrators: Full Control Chapter 9: SHARING FILE SYSTEM RESOURCES 24 CREATING A FILE SYSTEM SHARING STRATEGY Create logically named shares. Use nesting where necessary to reduce users need to navigate the directory structure. Share removable drives from the root to keep the share available when media are removed and reconnected or changed. 8

Chapter 9: SHARING FILE SYSTEM RESOURCES 25 NESTING SHARES A share can be created on any folder in the file system. Multiple shares on the same folder can have different permissions. Permissions are applied at the share entry point. Chapter 9: SHARING FILE SYSTEM RESOURCES 26 USING NTFS PERMISSIONS Scope NTFS permissions apply no matter how the file is accessed. Flexibility Wide range of permissions allows assignments to be tailored. Replication NTFS permissions are included when a file is replicated. Resilience NTFS permissions are retained when objects are backed up. Less fragile NTFS permissions are not lost if a file is moved or renamed. Auditing NTFS permissions support auditing. Chapter 9: SHARING FILE SYSTEM RESOURCES 27 MANAGING STANDARD PERMISSIONS 9

Chapter 9: SHARING FILE SYSTEM RESOURCES 28 USING ADVANCED SECURITY SETTINGS Chapter 9: SHARING FILE SYSTEM RESOURCES 29 MANAGING SPECIAL PERMISSIONS Chapter 9: SHARING FILE SYSTEM RESOURCES 30 VIEWING EFFECTIVE PERMISSIONS 10

Chapter 9: SHARING FILE SYSTEM RESOURCES 31 RESOURCE OWNERSHIP Each file and folder is assigned an owner. Ownership of a file makes the security principle a member of the Creator/Owner special identity. Files that are owned go toward disk quota calculations. Chapter 9: SHARING FILE SYSTEM RESOURCES 32 ADMINISTERING IIS Web server platform included with all editions of Windows Server 2003. Version 6 has improved security over previous versions. Allows files to be published through a browser interface. Supports HTTP and FTP. Chapter 9: SHARING FILE SYSTEM RESOURCES 33 INSTALLING IIS Not installed during operating system installation Installed through the Windows Components Wizard (select Add Or Remove Programs in Control Panel, and click Add/Remove Windows Components) or through the Manage Your Server wizard 11

Chapter 9: SHARING FILE SYSTEM RESOURCES 34 MANAGING AN IIS WEB SITE Chapter 9: SHARING FILE SYSTEM RESOURCES 35 USING THE WEB SITE TAB Chapter 9: SHARING FILE SYSTEM RESOURCES 36 USING THE HOME DIRECTORY TAB 12

Chapter 9: SHARING FILE SYSTEM RESOURCES 37 USING THE DOCUMENTS TAB Chapter 9: SHARING FILE SYSTEM RESOURCES 38 USING THE PERFORMANCE TAB Chapter 9: SHARING FILE SYSTEM RESOURCES 39 CREATING VIRTUAL DIRECTORIES Allows you to include a folder from anywhere on the network in your Web site Appears to the Web site user as if it is a sub-directory of the main Web site folder Allows management of Web content to be distributed between departments. 13

Chapter 9: SHARING FILE SYSTEM RESOURCES 40 CONFIGURING IIS SECURITY Chapter 9: SHARING FILE SYSTEM RESOURCES 41 CONFIGURING IIS AUTHENTICATION Chapter 9: SHARING FILE SYSTEM RESOURCES 42 CONFIGURING IP ADDRESS AND DOMAIN NAME RESTRICTIONS 14

Chapter 9: SHARING FILE SYSTEM RESOURCES 43 CONFIGURING SECURE COMMUNICATIONS Chapter 9: SHARING FILE SYSTEM RESOURCES 44 SUMMARY Windows Server 2003 controls access to resources using a number of mechanisms, including share permissions and NTFS permissions. Every object protected by permissions has an ACL, which is a list of ACEs assigned to that object. Each ACE contains a security principal and indicates the level of access they are permitted or denied to the object. File system shares enable network users to access files and folders on other computers. Chapter 9: SHARING FILE SYSTEM RESOURCES 45 SUMMARY (continued) Share permissions provide basic protection for file system shares, but they lack the granularity and flexibility of NTFS permissions. NTFS permissions can be allowed or denied, and explicit or inherited. A Deny permission takes precedence over an Allow permission, and an explicit permission takes precedence over an inherited permission. 15

Chapter 9: SHARING FILE SYSTEM RESOURCES 46 SUMMARY (continued) Access granted by NTFS permissions can be restricted by share permissions and other factors, such as IIS permissions on Web sites. Whenever two permission types are assigned to a resource, you must evaluate each set of permissions and then determine which of the two is more restrictive. Every NTFS file and folder has an owner. The owner of a file or folder is always permitted to modify the file or folder s ACL. Chapter 9: SHARING FILE SYSTEM RESOURCES 47 SUMMARY (continued) Any user with the Allow Take Ownership permission or the Take Ownership Of Files Or Other Objects user right can take ownership of an object. IIS is a Windows Server 2003 application that allows you to share files and folders using Web and FTP server services. 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information