Chapter 7: Configuring File and Share Access

Questions and Answers

What is NOT allowed under Full Control permission for shared folders?

• Take ownership of files
• Change file permissions
• Execute program files (correct)
• Delete subfolders and files

During the authorization process, what does the system compare to determine a user's access?

• User's security identifiers (SIDs) (correct)
• User's last login time
• User's operating system version
• User's group membership details

What does the Share Permissions tab allow a user to do?

• Increase system performance
• Add files to folders (correct)
• Change network settings
• Modify firewall rules

What does NTFS stand for?

New Technology File System (C)

Which of the following is a responsibility of security principals identified by Windows?

To identify users and groups using security identifiers (A)

What must be determined before creating folder shares?

What folders to share (D)

Which protocol is the standard for file sharing in Windows environments?

Server Message Blocks (SMB) (C)

What interface can be used for a simplified sharing process?

Sharing tab of folder's Properties (C)

Which service is required for using the Network File System (NFS)?

NFS role service (A)

What is NOT a consideration when creating folder shares?

What antivirus software to use (A)

What is the primary purpose of the Specify share name page in the New Share Wizard?

To assign a name to the share (C)

What type of permissions are preconfigured combinations known as?

Basic Permissions (A)

How do Deny permissions affect Allow permissions in an effective access scenario?

Deny permissions override Allow permissions (C)

What are Advanced Permissions used for?

Granting specific degrees of access individually (C)

What does the term 'Inheriting Permissions' refer to?

Permissions that are passed down through a hierarchy (D)

Which permission allows a user to view the names of files and subfolders in an NTFS folder?

Read (A)

What is a characteristic of the owner of a file or folder on an NTFS drive?

Can always modify permissions (B)

Which permission is NOT applicable to folders in NTFS?

Execute (A)

Which of the following actions can be performed with the Modify permission on a file?

Delete the file (A)

What permission does a user need to create new files inside an NTFS folder?

Write (C)

The owner of a file or folder on an NTFS drive can modify the permissions even if denied access.

True (A)

The Read permission allows a user to modify the attributes of a file.

False (B)

The List Folder Contents permission lets a user delete files from a folder.

False (B)

The Write permission on an NTFS folder allows users to create new files within it.

True (A)

Performing all actions associated with the Read permission includes running applications.

False (B)

Files must be shared to allow network users to access the disks on the servers.

True (A)

The Server Message Block (SMB) protocol is typically used in UNIX environments.

False (B)

To create folder shares, you need to determine what folders to share and what permissions to grant users.

True (A)

The Advanced Sharing dialog box provides a simplified interface for sharing folders.

False (B)

The Network File System (NFS) requires the File Server role service to be installed.

False (B)

Allow permissions are cumulative while Deny permissions override Allow permissions.

True (A)

Advanced Permissions are commonly used and can be applied individually.

False (B)

Effective Access is determined only by Deny permissions.

False (B)

Permissions run upward through a hierarchy.

False (B)

Basic Permissions are granular and can be applied individually.

False (B)

The Full Control permission allows a user to take ownership of files.

True (A)

NTFS does not support permissions for file and folder access.

False (B)

During authorization, a user's SIDs are compared to the ACEs stored in the ACL.

True (A)

The Share Permissions tab allows a user to delete folders and files.

True (A)

The permissions for files and folders on an NTFS drive are managed via an ACL containing ACEs.

True (A)

Flashcards

Access Control List (ACL)

A list that defines the permissions granted to users, groups, or other security principals for a resource.

Access Control Entry (ACE)

An individual entry within an ACL that defines the specific permission granted to a security principal.

Basic Permissions

Pre-configured permission combinations offering a simplified way to control access to resources.

Advanced Permissions

Granular permissions that allow for more fine-grained control over access to resources.

Effective Access

The final set of permissions a security principal receives after considering all applicable permissions (Allow, Deny, explicit, and inherited).

What is a Folder Share?

A folder share allows network users to access files stored on a server. It involves defining the folders to share, assigning names to the shares, granting permissions, and configuring offline file settings.

SMB Protocol

SMB (Server Message Block) is a standard file-sharing protocol used by Windows operating systems. It enables communication between computers on a network.

NFS Protocol

NFS (Network File System) is a standard file-sharing protocol predominantly used by UNIX and Linux systems. It facilitates file sharing across networks.

Creating a Folder Share

To create a folder share, you need to use the 'New Share Wizard' in the Server Manager. The wizard guides you through selecting the server, folder path, profile for the share, and various settings.

Types of Folder Shares

There are two primary types of folder shares: SMB and NFS. Each protocol is specific to a particular operating system family, providing network file sharing capabilities.

Share Permissions

A set of rules that determine who can access a shared folder and what actions they can perform. These permissions are set on a per-user or group basis.

Full Control Permissions

The highest level of access to a shared folder, allowing users to perform all possible actions, including modifying, deleting, and taking ownership of files and folders.

Read Permissions

The most basic level of access, allowing users to view the contents of a folder and read files, but not modify them.

NTFS Permissions

A system built into NTFS (NT File System) that controls access to files and folders based on user identities and assigned permissions.

Modify Permission

Allows the user to change the contents of a file or folder, including deleting, editing, and renaming. Also grants permission to write new data to the file or folder.

Read & Execute Permission

Allows the user to view the contents of a file or folder and run applications within that folder. This does not include permission to modify the file or folder.

List Folder Contents Permission

Allows the user to see the names of files and subfolders within a designated folder. This does not grant access to the actual files or folders.

File Ownership

The person who created a file or folder is the owner. Owners have the highest level of control over permissions and can delegate ownership to others.

New Share Wizard

The New Share Wizard is a tool within Server Manager that assists in creating folder shares. The wizard guides you through selecting the server, folder path, the profile for the share, and various settings.

What is an ACL?

A Access Control List (ACL) is like a list for a shared folder containing all the users, groups, or security principals and what permissions they have for that folder.

What are ACLs?

An Access Control List (ACL) is a list that defines permissions for a resource, like a folder. It contains entries for each user or group, telling what they can do.

What is a Security Principal?

A security principal is a user, group, or even a service that can be granted access to resources. It's the 'who' behind the permissions.

What's the difference between Allow and Deny permissions?

Allow permissions grant access to a resource. Deny permissions prevent access, even if an 'Allow' is present. Deny overrides Allow.

What are Effective Access Permissions?

Effective Access is the final set of permissions a user gets after combining all 'Allow' and 'Deny' permissions. 'Deny' has a higher priority.

NTFS Permission: Modify

Allows users to make changes to files and folders. This includes adding, deleting, and modifying data. It also grants permission to view the file or folder's contents and attributes.

NTFS Permission: Read & Execute

Gives users the ability to view files and folders and to run applications within them. However, it doesn't allow users to modify the files or folders themselves.

NTFS Permission: Read

Provides basic access to files and folders, allowing users to view their contents. It doesn't give users the power to change or modify them.

NTFS Permission: List Folder Contents

Allows users to see the file and folder names within a specific folder. It doesn't give them access to the actual files and folders themselves.

NTFS Permission: Write

Gives users the ability to modify existing files and folders, including overwriting data and changing their attributes. It doesn't give them access to run applications, delete or create new files.

Study Notes

Chapter 7: Configuring File and Share Access

• This chapter covers configuring file and share access, including designing a file-sharing strategy, creating folder shares, assigning permissions, and configuring NTFS quotas.

Chapter Objectives

• Configure File and Share Access
• Design a File Sharing Strategy
• Create Folder Shares
• Assign Permissions
• Configure NTFS Quotas

Creating Folder Shares

• Shares must be created for network users to access disks on servers.
• Determining factors include:
  • Folders to share
  • Names for shares
  • Permissions for users
  • Offline file settings for shares

Creator/Owner

• Users can share their own folders.
• Right-click and select "Share with Specific People" for a simplified interface.
• Use the "Sharing" tab in the folder's properties sheet for more control.

Creating Folder Shares (File Sharing Dialog Box)

• Choose network users to share with.
• Type a name or use the arrow to find a user.
• Select a permission level (Owner, Read/Write, Read).

Creating Folder Shares (Advanced Sharing Dialog Box)

• Allow sharing the folder.
• Specify a share name.
• Limit the number of simultaneous users.
• Include comments.
• Configures permissions and caching options.

Types of Folder Shares

• Server Message Blocks (SMB): Standard file-sharing protocol used by Windows versions. Requires the File Server role service.
• Network File System (NFS): Standard file-sharing protocol used by most UNIX and Linux distributions. Requires the Server to have the NFS role service installed.

Create a Folder Share (Shares Homepage)

• Navigation for managing shares (Servers, Volumes, Disks, Storage Pools, Shares, iSCSI, Work Folders).
• Display of Shares, Volumes, and Quotas. Quota information is also shown.

Create a Folder Share (New Share Wizard)

• Select Profile: Choose a file share profile (SMB Share - Quick, SMB Share - Advanced, SMB Share - Applications, NFS Share - Quick, NFS Share - Advanced). Different profiles have various features.
• Select Location: Select Network drive or specify a custom folder path.
• Specify Share Name: Name the share.
  • Local folder path
  • Remote Share Path
• Configure Share Settings: Enable or disable access-based enumeration, caching (BranchCache), and encryption.
• Specify Permissions: Define permission levels for various users or groups. Permissions can be customized using Advanced settings.

Assigning Permissions

• Configuring file and share access permissions - This is a wide topic.

Windows Permissions Architecture

• Access Control List (ACL): List of permissions for a folder or file - Each entry has a security principal (a user, group, or other entity).
• Access Control Entries (ACEs): Detailed entries within an ACL, outlining each user's permissions to various actions (read, write, full control).
• Security principal: User, group, or other entity with defined permissions - Identified by Security Identifiers (SIDs). The ACL entries specify the permissions each principal has.

The Security Tab of Properties Sheet

• Use the "Security" tab to manage permissions for a folder or file.
• The Tab allows viewing and altering permissions for various groups/users. It shows the permissions, and allows adding, removing, editing permissions.

Basic and Advanced Permissions

• Basic Permissions: Preconfigured permission combinations - e.g., Full Control, Modify, Read & Execute, List Folder Contents, Read, Write).
• Advanced Permissions: Granular permissions that can apply individually, but are less commonly used - Gives finer control of permissions.

Allowing and Denying Permissions

• Additive: Begin with no permissions and grant permissions.
• Subtractive: Begin with permissions granted and deny subsequent permissions – Deny overrides Allow.

Inheriting Permissions

• Permissions cascade down through a hierarchy of folders and files - Child elements inherit permissions from parent elements.

Effective Access

• The combined result of Allow and Deny permissions a security principal receives.
• Allow permissions accumulate; Deny permissions override Allow permissions. Explicit permissions take precedence over inherited permissions.

NTFS Authorization

• NTFS and ReFS use permissions, defined in ACEs for each file/folder in an ACL.
• Every file/folder includes an ACL containing ACEs specifying security principal and permissions.
• Security Principals are identified by Security Identifiers (SIDs) - used to uniquely identify a principal.

NTFS Basic Permissions:

• Full Control: Modify permissions, take ownership, delete subfolders/files, and perform all other associated actions. (All permissions included)
• Modify: Modify the file/folder (Delete, modify attributes, read/write/execute).
• Read & Execute: Navigate restricted folders, perform actions associated with read and list folder contents. (Read and Execute)
• List Folder Contents: View folder names, filenames, file data, and attributes. (Listing contents)
• Read: View files, folders, and subfolders, along with ownerships, permissions, and attributes.
• Write: Create new files/folders, modify folder attributes. (Write)
• Overwrite, modify attributes; view ownership, permissions (Write and modify)

Resource Ownership

• Every file/folder on an NTFS drive has an owner.
• Owners have full access.
• Others with "Take Ownership" can inherit ownership rights.

Combining Share and NTFS Permissions

• Share permits network level access; NTFS permissions allow control to files and folders.

Assigning Permissions (Systems) - Updated

• Share Permissions: Control network access to folders.
• NTFS Permissions: Control access to files and folders on a disk volume formatted with NTFS - Controls file level permissions.
• Registry Permissions: Control access to specific registry parts of Windows - Less common
• Active Directory Permissions: Control access to specific Active Directory Domain Services (AD DS) hierarchy parts - Controlling access to resources and data on a network scale.

How NTFS Security and Shared Permissions Work Together

• Setting shared permissions is needed when setting up a shared folder.
• NTFS security is needed if NTFS is being used for the folder.
• The local permission (NTFS) overrides the remote permissions (shared).

Volume Shadow Copies

• Allows maintaining previous versions of files on a server.
• Copies allow access to files/folders even if inadvertently overwritten/deleted.
• Only applicable to entire volumes (not individual folders/files)

Configuring NTFS Quotas

• Administrators use NTFS quotas to set storage limits for users on a specified volume.
• Configuration determines how users exceeding limits are handled.

Lesson Summary - Updated

• Creating folder shares. Access to server-based data.
• Windows functions (Offline files, Volume Shadow Copies). Admin functions (NTFS quotas). Expands on earlier summary information.

Description

This quiz assesses your knowledge on configuring file and share access, including the design of effective file sharing strategies. You'll explore creating folder shares, assigning user permissions, and managing NTFS quotas. Test your understanding of the key concepts related to file sharing in network environments.