Chapter 7: Configuring File and Share Access

Questions and Answers

Advanced Permissions are commonly utilized in Windows Permissions Architecture.

False

Deny permissions have a higher priority than Allow permissions in determining access rights.

True

The Specify permissions to control access page is the last step in the New Share Wizard.

False

Permissions in Windows are structured such that they can only be denied and not allowed.

False

Effective Access is determined solely by Allow permissions in a Windows environment.

False

Server Message Blocks (SMB) is the file-sharing protocol used solely by UNIX systems.

False

Creating a folder share involves determining which folders to share and the permissions to grant.

True

The Advanced Sharing dialog box provides a simplified interface for sharing folders.

False

To access shared folders, users must be granted permissions by the owner of those folders.

True

Network File System (NFS) requires the role service to be installed on a Windows server to function.

False

The Effective Access tab in the Advanced Security Settings dialog box allows users to set NTFS permissions only.

False

In NTFS, every file and folder has an Access Control List (ACL) that contains Access Control Entries (ACEs).

True

To access files, a user’s Security Identifier (SID) must match the permissions defined in the Access Control Entries (ACEs).

True

The Share Permissions tab allows users to perform actions that are usually restricted to Read permissions.

False

Full Control in NTFS permissions allows a user to modify folder permissions but does not include taking ownership of files.

False

What is the primary protocol used for file sharing in Windows environments?

Server Message Blocks (SMB)

Which of the following steps is NOT required when creating a folder share?

Configuring the network topology

What role service is required for the Network File System (NFS) to operate?

NFS role service

Which interface allows for a more detailed configuration when sharing folders?

Advanced Sharing dialog box

When sharing folders, which of the following is typically NOT a parameter that needs to be set?

Folder content type

What is the main purpose of the Specify permissions to control access page in the New Share Wizard?

To assign permissions for different security principals

Which statement best describes the characteristics of Advanced Permissions in Windows Permissions Architecture?

They allow for individual permission adjustments but are rarely utilized.

In Windows Permissions, what does the term 'Effective Access' refer to?

The combination of permissions that a security principal can effectively utilize

Which principle is primarily followed when granting permissions in Windows environments?

Additive method, starting with no permissions and granting allow permissions.

How does Inheriting Permissions function in the context of file sharing?

Permissions descend through a hierarchy from parent folders to child folders.

What action is NOT permitted by the Full Control permission in NTFS for folders?

Append data to files

During the authorization of file accesses, what is compared against the Access Control Entries (ACEs)?

The user's Security Identifier (SID)

Which of the following statements about Share Permissions is TRUE?

They can control the ability to change permissions and display folder names.

What is the role of Security Principals in NTFS and ReFS authorization?

They are users and groups identified by Windows using security identifiers (SIDs).

What does an Access Control List (ACL) specifically contain regarding file permissions?

Access Control Entries (ACEs) that list users and their permissions

Study Notes

Chapter 7: Configuring File and Share Access

• The chapter covers configuring file and share access, designing file sharing strategies, creating folder shares, assigning permissions, and configuring NTFS quotas.

Overview of Chapter Objectives

• Chapter objectives include configuring file and share access, designing file sharing strategies, creating folder shares, assigning permissions, and configuring NTFS quotas.

Creating Folder Shares

• Shares must be created for network users to access server disks.

• Crucial factors to determine when creating shares include:

  • Folders to share
  • Share names
  • User permissions for shares
  • Offline Files settings for shares

• Folder shares can be created by right-clicking a folder and selecting "Share with Specific People."

• A simplified interface is provided by this method.

• Users can also configure folders for sharing through the folder's properties sheet, offering more control options.

Types of Folder Shares

• Server Message Blocks (SMB):
  • A standard file-sharing protocol used across all Windows versions.
  • Requires the File Server role service.
• Network File System (NFS):
  • A standard file-sharing protocol predominantly employed in UNIX and Linux systems.
  • Requires the server to have NFS role service installed.

Creating a Folder Share Steps

• Select the profile: Choose from basic SMB profiles (Quick, Advanced, Applications) or NFS profiles. Profiles dictate settings for sharing style.
• Select the server and path: Determine the server and folder path for the share. Options include volume selection or custom path; the location will be a new folder in the \Shares directory on the selected volume.
• Specify share name: Assign a name and description for the folder share.
• Configure share settings:
  • Decide on access enumeration for files on the share.
  • Determine whether to enable caching or BranchCache for offline file access making content available to offline users.
  • Decide on encryption for data access during share operations to secure data transmitted to and from the share.
• Specify permissions: Define folder permissions for security principals using Basic or Advanced Permissions.
• Confirm selections: Review the configured settings for the file share. A confirmation page verifies the local path, server, cluster role, protocol, and other settings.

Assigning Permissions

• Windows Permissions Architecture:

  • Access Control List (ACL): A list of permissions related to a folder.
  • Access Control Entries (ACEs): Define permissions for specific security principals, like users or groups.

• Windows permits granular control of permissions through the security settings page.

• The "Additive" approach to assigning permissions begins with a blank set and uses multiple "Allow" entries to grant various access levels.

• The "Subtractive" approach starts by assigning all access ("Allowed"), then selectively removing ("Deny").

• Permissions:

  • "Full Control": Grants all possible rights (change permissions, take ownership, perform any action enabled by the "Change" permission).
  • "Change": Allows modification of file permissions and ownership.
  • "Read": Viewing folder names, filenames, file data, attributes, and accessing other folders within the shared folder.
  • "Write": Overwriting files, modifying attributes, viewing ownership and permissions.
  • "Read & Execute": Navigating restricted folders and performing actions allowed by Read permissions (including reading and running application files).
  • "List Folder Contents": Viewing folder names and subfolder names.
  • Additional permissions include special permissions, like "Read Extended Attributes", "Create Files/Write Data," "Create Folders/Append Data," etc.

NTFS Authorization

• NTFS and ReFS support permissions for each file and folder, including an ACL with ACEs.
• Each ACE specifies permissions for security principals (users and groups) using security identifiers (SIDs).
• Authorization involves comparing user SIDs with elements’ ACEs to determine access levels.

NTFS Basic Permissions (Folder and File), Overview

• Permissions listed include:
  • Full Control
  • Modify
  • Read & Execute
  • List Folder Contents
  • Read
  • Write

Combining Share and NTFS Permissions

• Share permissions (FC) and NTFS permissions combined offer network folder access.
• Local permissions are often NTFS permissions, while the more restrictive permission set will prevail during conflicting remote share or NTFS access.

Volume Shadow Copies

• Allows maintainance of file versions, recovering accidentally deleted or overwritten data.
• Functionally available for entire volumes only, not specific shares or folders.

Configuring NTFS Quotas

• Enables administrative control of storage limits per volume.
• NTFS quotas limit the storage space available to specific users on a shared volume, preventing disk usage overload.
• To configure, use the “Quota” tab in the Volume’s Properties page.

Description

This quiz focuses on Chapter 7, which explores the configuration of file and share access, including the design of file sharing strategies, creation of folder shares, assignment of permissions, and the management of NTFS quotas. Test your understanding of these critical components in network file sharing.