shared folder
Download
Report
Transcript shared folder
File and Print Services
Lesson 6
Objectives
NTFS Permissions
Using Groups with NTFS Permissions
• To simplify administration, you can grant
permissions using groups.
• By assigning NTFS permissions to a group,
you are granting permissions to one or more
people simultaneously, reducing the number
of entries in each access list, as well as the
amount of effort required to grant multiple
people access to certain files or folders.
Types of NTFS Permissions
• There are two types of permissions used in
NTFS:
– Explicit permissions: Permissions granted
directly to a file or folder.
– Inherited permissions: Permissions that are
granted to a folder (parent object or
container) that flow into a child objects
(subfolders or files inside the parent folder).
• Besides granting the Allow permissions, you
can also grant the Deny permission.
Effective Permissions
Copying and Moving Files
• When copying and moving files, the following three
scenarios can result:
– If a folder or file is copied, the new folder or file will
automatically acquire the permissions of the drive
or folder to which it is being copied.
– If a folder or file is moved within the same volume,
the folder or file will retain the same permissions
that were already assigned.
– If a folder or file is moved from one volume to
another volume, the folder or file will automatically
acquire the permissions of the drive to which it is
being moved.
File and Folder Owners
• The owner of an object controls how
permissions are set on the object and to
whom permissions are granted.
• If for some reason you have been denied
access to a file or folder, you need to reset the
permissions by taking ownership of the file or
folder and modifying the permissions.
• All administrators automatically have the Take
ownership permission of all NTFS objects.
Encryption
• Encryption is the process of converting data into a
format that cannot be read by another user.
• Once a user has encrypted a file, it automatically
remains encrypted when stored on disk.
• Decryption is the process of converting data from
an encrypted format back to its original format.
• Once a user has decrypted a file, the file remains
decrypted when stored on disk.
Encrypting File System (EFS)
• Encrypting File System (EFS) is a core file
encryption technology used to store encrypted files
on NTFS file system volumes.
• Encrypted files cannot be used unless a user has
access to the keys required to decrypt the
information.
• After a file has been encrypted, you do not have to
manually decrypt that file before you can use it.
• Rather, once you encrypt a file or folder, you can
work with that file or folder just as you would with
any other file or folder.
Encrypting File System (EFS)
Sharing Folders
• Most users are not going to log onto a server directly to
access their data files.
• Instead, a drive or folder will be shared (known as a
shared folder), and they will access the data files over a
network.
• To help protect against unauthorized drive or folder
access, you should use share permissions along with
NTFS permissions (assuming the shared folder is on an
NTFS volume).
• When a user needs to access a network share, he or she
will use the UNC, which is \\servername\sharename.
Sharing Folders
Share Permissions
• The share permissions that are available are as
follows:
– Full control
– Change
– Read
• Because users can be members of several groups, it is
possible for them to have several sets of explicit
permissions for a particular folder or file.
• When this occurs, the permissions are combined to
form the effective permissions, which are the actual
permissions when logging in and accessing a file or
folder.
Network Discovery and Browsing
Administrative Shares
• An administrative share is a shared folder typically used
for administrative purposes and usually hidden.
• To make any shared folder or drive hidden, the share
name must have a $ at the end of it.
• Because the share folder or drive cannot be seen during
browsing, you have to use a UNC name to find the folder
or drive, which includes the share name (including the $).
• By default, all hard drive volumes with drive letters
automatically have administrative shares (C$, D$, E$,
and so on).
• Other hidden shares can be created as needed for
individual folders.
Network Printing
• One basic network services is network
printing, in which multiple users can share
the same printer.
– This is a cost-effective solution when you
have multiple employees in different
locations.
• As an administrator, you can install two
types of printers: local and network.
Printing in Windows
• When you install a physical printer, which Microsoft
refers to as a print device, you must first connect the
printer and turn it on.
• Next, you need to create a logical printer (Microsoft
refers to this as the printer), which will provide a
software interface between the print device and the
applications.
• When you create the printer, you also load a print
driver that acts as a translator for Windows and the
programs running on Windows so that they do not have
to worry about the specifics of the printer’s hardware
and printer language.
Installing Printers
• If you have the correct permissions to add a
local printer or a remote shared printer, you
can use the Add Printer Wizard to install the
printer.
• After the printer is installed, it will appear in
the Devices and Printers folder as well as in
the Device Manager.
Adding Printers
Adding Printers
• When the Add Printer dialog box appears,
specify the port to which the printer is
connected.
• If a printer is connected directly on the
network, you will have to create a Standard
TCP/IP Port.
– The TCP/IP printer port uses host port 9100
to communicate.
Adding Printer Drivers
Printer Pools
• Network printers are usually used by more than
one user.
• If you have a high volume of print jobs, the printer
can become congested and users will have to wait
for the documents to print.
• Either you can purchase a faster printer or you can
create a group of printers called a printer pool that
acts as a single virtual printer with a single print
queue.
• Users print to a single printer, and the print jobs
are distributed among the printers within the pool.
Printer Properties
• With most printers, you
have a wide range of
options.
• Although these options
vary from printer to
printer, they are easily
accessible by rightclicking the printer in
the Devices and
Printers folder and
selecting Printer
Properties.
Printer Permissions
• Printers are
considered objects.
• Therefore, you can
assign permissions to
a printer so that you
can specify who can
use the printer, who
can manage the
printer, and who can
manage the print
jobs.
Managing Print Jobs
Print Spooler Folder
• When the print device is available, the
spooler retrieves the next print job and
sends it to the print device.
• By default, the spool folder is located at
C:\Windows\\System32\Spool\Printers.
• If you have a server that handles a large
number of print jobs or several large print
jobs, make sure the drive where the spool
folder is has sufficient disk space.
Internet Printing
• To enable Internet Printing on a computer running
Windows Server 2008, you just need to install the
Internet Printing role service.
• To install the Internet Printing Client in Windows
Server 2008, click Add Features in Server
Manager, select the Internet Printing Client check
box, and then click OK.
• To manage a server by using the Web site created
by Internet Printing, open a web browser and
navigate to http://servername/printers.
Auditing
• Security can be divided into three areas.
Authentication is used to prove the identity
of a user.
• Authorization gives access to the user that
was authenticated.
• To complete the security picture, you need to
enable auditing so that you can have a
record of the users who have logged in and
what the user accessed or tried to access.
Auditing
Auditing NTFS Files and Folders
• To audit NTFS files, NTFS folders, and
printers is a two-step process.
– You must first enable Object Access using
Group Policy.
– Then you must specify which objects you
want to audit.
Auditing
Summary
• NTFS permissions allow you to control which users
and groups can gain access to files and folders on
an NTFS volume.
• Each of the standard permissions consists of a
logical group of special permissions.
• Explicit permissions are permissions granted
directly to the file or folder.
• Inherited permissions are permissions that are
granted to a folder (parent object or container) and
that flow into child objects (subfolders or files
inside the parent folder).
Summary
• If a file or folder is copied, the new file or folder
automatically acquires the permissions of the drive
or folder to which it is being copied.
• If a file or folder is moved within the same volume,
the file or folder retains the same permissions that
were already assigned to it.
• If a file or folder is moved from one volume to
another volume, it automatically acquires the
permissions of the drive or folder to which it is
being copied.
Summary
• Encryption is the process of converting data
into a format that cannot be read by another
user.
• Encrypting File System (EFS) is a core file
encryption technology used to store
encrypted files on NTFS file system volumes.
Summary
• Most users are not going to log on to a server
directly to access their data files. Instead, a drive
or folder will be shared (known as a shared folder),
and they will access the data files over the
network.
• Like NTFS, you can allow or deny each share
permission.
• To simplify managing share and NTFS permissions,
Microsoft recommends giving everyone full control,
and then controlling access using NTFS
permissions.
Summary
• An administrative share is a shared folder typically
used for administrative purposes.
• Microsoft refers to the printer itself as a print
device.
• A printer in Windows is a logical printer, which will
provide a software interface between the print
device and applications.
• A printer pools to act as a single virtual printer with
a single print queue, but it contains two or more
physical printers.
Summary
• Auditing provides a record of the users that have
logged in and what the user accessed or tried to
access.
• Auditing is not enabled by default. To enable
auditing, you specify what types of system events
to audit using group policies or the local security
policy.
• To audit NTFS files, NTFS folders, and printers is a
two-step process. You must first enable Object
Access using group policies. Then you must specify
which objects you want to audit.