Podcast
Questions and Answers
What is NOT allowed under Full Control permission for shared folders?
What is NOT allowed under Full Control permission for shared folders?
During the authorization process, what does the system compare to determine a user's access?
During the authorization process, what does the system compare to determine a user's access?
What does the Share Permissions tab allow a user to do?
What does the Share Permissions tab allow a user to do?
What does NTFS stand for?
What does NTFS stand for?
Signup and view all the answers
Which of the following is a responsibility of security principals identified by Windows?
Which of the following is a responsibility of security principals identified by Windows?
Signup and view all the answers
What must be determined before creating folder shares?
What must be determined before creating folder shares?
Signup and view all the answers
Which protocol is the standard for file sharing in Windows environments?
Which protocol is the standard for file sharing in Windows environments?
Signup and view all the answers
What interface can be used for a simplified sharing process?
What interface can be used for a simplified sharing process?
Signup and view all the answers
Which service is required for using the Network File System (NFS)?
Which service is required for using the Network File System (NFS)?
Signup and view all the answers
What is NOT a consideration when creating folder shares?
What is NOT a consideration when creating folder shares?
Signup and view all the answers
What is the primary purpose of the Specify share name page in the New Share Wizard?
What is the primary purpose of the Specify share name page in the New Share Wizard?
Signup and view all the answers
What type of permissions are preconfigured combinations known as?
What type of permissions are preconfigured combinations known as?
Signup and view all the answers
How do Deny permissions affect Allow permissions in an effective access scenario?
How do Deny permissions affect Allow permissions in an effective access scenario?
Signup and view all the answers
What are Advanced Permissions used for?
What are Advanced Permissions used for?
Signup and view all the answers
What does the term 'Inheriting Permissions' refer to?
What does the term 'Inheriting Permissions' refer to?
Signup and view all the answers
Which permission allows a user to view the names of files and subfolders in an NTFS folder?
Which permission allows a user to view the names of files and subfolders in an NTFS folder?
Signup and view all the answers
What is a characteristic of the owner of a file or folder on an NTFS drive?
What is a characteristic of the owner of a file or folder on an NTFS drive?
Signup and view all the answers
Which permission is NOT applicable to folders in NTFS?
Which permission is NOT applicable to folders in NTFS?
Signup and view all the answers
Which of the following actions can be performed with the Modify permission on a file?
Which of the following actions can be performed with the Modify permission on a file?
Signup and view all the answers
What permission does a user need to create new files inside an NTFS folder?
What permission does a user need to create new files inside an NTFS folder?
Signup and view all the answers
The owner of a file or folder on an NTFS drive can modify the permissions even if denied access.
The owner of a file or folder on an NTFS drive can modify the permissions even if denied access.
Signup and view all the answers
The Read permission allows a user to modify the attributes of a file.
The Read permission allows a user to modify the attributes of a file.
Signup and view all the answers
The List Folder Contents permission lets a user delete files from a folder.
The List Folder Contents permission lets a user delete files from a folder.
Signup and view all the answers
The Write permission on an NTFS folder allows users to create new files within it.
The Write permission on an NTFS folder allows users to create new files within it.
Signup and view all the answers
Performing all actions associated with the Read permission includes running applications.
Performing all actions associated with the Read permission includes running applications.
Signup and view all the answers
Files must be shared to allow network users to access the disks on the servers.
Files must be shared to allow network users to access the disks on the servers.
Signup and view all the answers
The Server Message Block (SMB) protocol is typically used in UNIX environments.
The Server Message Block (SMB) protocol is typically used in UNIX environments.
Signup and view all the answers
To create folder shares, you need to determine what folders to share and what permissions to grant users.
To create folder shares, you need to determine what folders to share and what permissions to grant users.
Signup and view all the answers
The Advanced Sharing dialog box provides a simplified interface for sharing folders.
The Advanced Sharing dialog box provides a simplified interface for sharing folders.
Signup and view all the answers
The Network File System (NFS) requires the File Server role service to be installed.
The Network File System (NFS) requires the File Server role service to be installed.
Signup and view all the answers
Allow permissions are cumulative while Deny permissions override Allow permissions.
Allow permissions are cumulative while Deny permissions override Allow permissions.
Signup and view all the answers
Advanced Permissions are commonly used and can be applied individually.
Advanced Permissions are commonly used and can be applied individually.
Signup and view all the answers
Effective Access is determined only by Deny permissions.
Effective Access is determined only by Deny permissions.
Signup and view all the answers
Permissions run upward through a hierarchy.
Permissions run upward through a hierarchy.
Signup and view all the answers
Basic Permissions are granular and can be applied individually.
Basic Permissions are granular and can be applied individually.
Signup and view all the answers
The Full Control permission allows a user to take ownership of files.
The Full Control permission allows a user to take ownership of files.
Signup and view all the answers
NTFS does not support permissions for file and folder access.
NTFS does not support permissions for file and folder access.
Signup and view all the answers
During authorization, a user's SIDs are compared to the ACEs stored in the ACL.
During authorization, a user's SIDs are compared to the ACEs stored in the ACL.
Signup and view all the answers
The Share Permissions tab allows a user to delete folders and files.
The Share Permissions tab allows a user to delete folders and files.
Signup and view all the answers
The permissions for files and folders on an NTFS drive are managed via an ACL containing ACEs.
The permissions for files and folders on an NTFS drive are managed via an ACL containing ACEs.
Signup and view all the answers
Study Notes
Chapter 7: Configuring File and Share Access
- This chapter covers configuring file and share access, including designing a file-sharing strategy, creating folder shares, assigning permissions, and configuring NTFS quotas.
Chapter Objectives
- Configure File and Share Access
- Design a File Sharing Strategy
- Create Folder Shares
- Assign Permissions
- Configure NTFS Quotas
Creating Folder Shares
- Shares must be created for network users to access disks on servers.
- Determining factors include:
- Folders to share
- Names for shares
- Permissions for users
- Offline file settings for shares
Creator/Owner
- Users can share their own folders.
- Right-click and select "Share with Specific People" for a simplified interface.
- Use the "Sharing" tab in the folder's properties sheet for more control.
Creating Folder Shares (File Sharing Dialog Box)
- Choose network users to share with.
- Type a name or use the arrow to find a user.
- Select a permission level (Owner, Read/Write, Read).
Creating Folder Shares (Advanced Sharing Dialog Box)
- Allow sharing the folder.
- Specify a share name.
- Limit the number of simultaneous users.
- Include comments.
- Configures permissions and caching options.
Types of Folder Shares
- Server Message Blocks (SMB): Standard file-sharing protocol used by Windows versions. Requires the File Server role service.
- Network File System (NFS): Standard file-sharing protocol used by most UNIX and Linux distributions. Requires the Server to have the NFS role service installed.
Create a Folder Share (Shares Homepage)
- Navigation for managing shares (Servers, Volumes, Disks, Storage Pools, Shares, iSCSI, Work Folders).
- Display of Shares, Volumes, and Quotas. Quota information is also shown.
Create a Folder Share (New Share Wizard)
- Select Profile: Choose a file share profile (SMB Share - Quick, SMB Share - Advanced, SMB Share - Applications, NFS Share - Quick, NFS Share - Advanced). Different profiles have various features.
- Select Location: Select Network drive or specify a custom folder path.
-
Specify Share Name: Name the share.
- Local folder path
- Remote Share Path
- Configure Share Settings: Enable or disable access-based enumeration, caching (BranchCache), and encryption.
- Specify Permissions: Define permission levels for various users or groups. Permissions can be customized using Advanced settings.
Assigning Permissions
- Configuring file and share access permissions - This is a wide topic.
Windows Permissions Architecture
- Access Control List (ACL): List of permissions for a folder or file - Each entry has a security principal (a user, group, or other entity).
- Access Control Entries (ACEs): Detailed entries within an ACL, outlining each user's permissions to various actions (read, write, full control).
- Security principal: User, group, or other entity with defined permissions - Identified by Security Identifiers (SIDs). The ACL entries specify the permissions each principal has.
The Security Tab of Properties Sheet
- Use the "Security" tab to manage permissions for a folder or file.
- The Tab allows viewing and altering permissions for various groups/users. It shows the permissions, and allows adding, removing, editing permissions.
Basic and Advanced Permissions
- Basic Permissions: Preconfigured permission combinations - e.g., Full Control, Modify, Read & Execute, List Folder Contents, Read, Write).
- Advanced Permissions: Granular permissions that can apply individually, but are less commonly used - Gives finer control of permissions.
Allowing and Denying Permissions
- Additive: Begin with no permissions and grant permissions.
- Subtractive: Begin with permissions granted and deny subsequent permissions – Deny overrides Allow.
Inheriting Permissions
- Permissions cascade down through a hierarchy of folders and files - Child elements inherit permissions from parent elements.
Effective Access
- The combined result of Allow and Deny permissions a security principal receives.
- Allow permissions accumulate; Deny permissions override Allow permissions. Explicit permissions take precedence over inherited permissions.
NTFS Authorization
- NTFS and ReFS use permissions, defined in ACEs for each file/folder in an ACL.
- Every file/folder includes an ACL containing ACEs specifying security principal and permissions.
- Security Principals are identified by Security Identifiers (SIDs) - used to uniquely identify a principal.
NTFS Basic Permissions:
- Full Control: Modify permissions, take ownership, delete subfolders/files, and perform all other associated actions. (All permissions included)
- Modify: Modify the file/folder (Delete, modify attributes, read/write/execute).
- Read & Execute: Navigate restricted folders, perform actions associated with read and list folder contents. (Read and Execute)
- List Folder Contents: View folder names, filenames, file data, and attributes. (Listing contents)
- Read: View files, folders, and subfolders, along with ownerships, permissions, and attributes.
- Write: Create new files/folders, modify folder attributes. (Write)
- Overwrite, modify attributes; view ownership, permissions (Write and modify)
Resource Ownership
- Every file/folder on an NTFS drive has an owner.
- Owners have full access.
- Others with "Take Ownership" can inherit ownership rights.
Combining Share and NTFS Permissions
- Share permits network level access; NTFS permissions allow control to files and folders.
Assigning Permissions (Systems) - Updated
- Share Permissions: Control network access to folders.
- NTFS Permissions: Control access to files and folders on a disk volume formatted with NTFS - Controls file level permissions.
- Registry Permissions: Control access to specific registry parts of Windows - Less common
- Active Directory Permissions: Control access to specific Active Directory Domain Services (AD DS) hierarchy parts - Controlling access to resources and data on a network scale.
How NTFS Security and Shared Permissions Work Together
- Setting shared permissions is needed when setting up a shared folder.
- NTFS security is needed if NTFS is being used for the folder.
- The local permission (NTFS) overrides the remote permissions (shared).
Volume Shadow Copies
- Allows maintaining previous versions of files on a server.
- Copies allow access to files/folders even if inadvertently overwritten/deleted.
- Only applicable to entire volumes (not individual folders/files)
Configuring NTFS Quotas
- Administrators use NTFS quotas to set storage limits for users on a specified volume.
- Configuration determines how users exceeding limits are handled.
Lesson Summary - Updated
- Creating folder shares. Access to server-based data.
- Windows functions (Offline files, Volume Shadow Copies). Admin functions (NTFS quotas). Expands on earlier summary information.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz assesses your knowledge on configuring file and share access, including the design of effective file sharing strategies. You'll explore creating folder shares, assigning user permissions, and managing NTFS quotas. Test your understanding of the key concepts related to file sharing in network environments.
