Configuring File and Share Access

Questions and Answers

Which of the following protocols is NOT used for folder sharing in Windows?

• Network File System (NFS)
• Server Message Block (SMB)
• File Transfer Protocol (FTP) (correct)
• Common Internet File System (CIFS)

What must be determined before creating a folder share?

• The type of server hardware being used
• The folders to share and their permissions (correct)
• The maximum file size allowed in the share
• The specific user accounts that can access the share

Which interface provides greater control when sharing folders?

• Advanced Sharing dialog box
• File Sharing dialog box
• Properties sheet Sharing tab (correct)
• New Share Wizard

Which service is required on a server to use the Server Message Block (SMB) protocol?

File Server role service (C)

What is an adjustable setting when creating a folder share for offline files?

The type of offline caching (A)

What does the Full Control share permission allow a user to do?

Change file permissions and delete folders and files (D)

During NTFS authorization, what does the system compare when a user attempts to access a file or folder?

User's SIDs with the ACEs stored in the element (B)

Which permission allows users to create folders within a shared directory?

Full Control (A)

What is the primary function of the Security Principals in NTFS?

To identify users and groups using security identifiers (D)

What action is NOT permitted by the Change permission in shared folders?

Take ownership of files (A)

What is the primary purpose of the Access Control List (ACL) in Windows Permissions Architecture?

To define the permissions for security principals on a resource. (B)

What is an example of an Advanced Permission in Windows Permissions?

Change Permissions (C)

Which statement about Deny permissions in effective access is true?

Deny permissions always take precedence over Allow permissions. (D)

What describes the nature of Basic Permissions in Windows Permissions?

They are preconfigured permission combinations for ease of use. (C)

In inheriting permissions, what is the primary effect of the permissions hierarchy?

Permissions run downward, allowing approaches such as additive and subtractive methods. (D)

Flashcards

Server Message Block (SMB)

A technology used by Windows servers to share files across a network, allowing users to access files remotely.

Network File System (NFS)

A technology used by Unix and Linux servers to share files across a network. It enables users on different systems to access and modify files on a shared server.

Creating a Folder Share

A process that involves creating a shared folder on a server, allowing multiple users to access files stored within it simultaneously.

File Sharing Dialog Box

A dialog box within the Windows server interface used to configure the creation of new folder shares.

Advanced Sharing Dialog Box

This dialog box expands the options available for creating new shares. It allows for advanced settings, such as permission control and quota management.

Access Control List (ACL)

A set of rules that determines who has access to a resource and what actions they can perform.

Access Control Entries (ACEs)

Individual entries within an ACL that grant or deny specific permissions to a security principal.

Security Principal

A user, group, or service account that is granted or denied access to resources.

Permission

The specific actions a security principal is allowed or denied to perform on a resource.

Subtractive Permissions

A method of assigning permissions where you start by granting permission and then restrict access by denying specific actions.

What is Effective Access in Windows?

In Windows, "Effective Access" refers to the permissions a user or group has when accessing a file or folder. It considers all granted permissions, including those inherited from parent folders, to determine the user's ultimate access level.

What does "Full Control" access permission mean in a shared folder?

When configuring share access permissions, the "Full Control" option grants users the highest level of access. This includes all permissions like reading, writing, modifying, and deleting files, along with the ability to change permissions and take ownership of the shared resource.

What does "Read" access permission mean in a shared folder?

The "Read" permission allows users to view the contents of a shared folder and its files without modifying them. It grants access to read, view, or run files but prevents changes or deletions.

Explain NTFS Access Control Lists (ACLs).

NTFS Access Control Lists (ACLs) hold specific permissions for user accounts and groups accessing files or folders on a NTFS drive. Each entry in the ACL, called an Access Control Entry (ACE), defines the permissions for a specific user or group.

What is NTFS "Full Control" permission?

The NTFS permission called "Full Control" grants users the highest level of access to folders or files. They can modify permissions, take ownership, delete data, create new content, and even modify file attributes.

Study Notes

Configuring File and Share Access

• Chapter objectives include configuring file and share access, designing a file sharing strategy, creating folder shares, assigning permissions, and configuring NTFS quotas.
• Network users require shares to access disks on servers.
• Determining what folders to share, assigning names, specifying permissions, and defining offline file settings are crucial.
• Creators/owners can share their folders through the simplified interface accessed by right-clicking and the 'Share with Specific People' option.
• Alternatively, more control over folder sharing can be achieved using the sharing tab within the folder's Properties sheet.
• The File Sharing dialog box enables choices for the user to share with and assign permission levels.
• The Advanced Sharing dialog box allows for share name configuration, limiting simultaneous users, comments, permissions, and caching settings.
• Server Message Blocks (SMB) is the standard file-sharing protocol used by Windows versions. Requires the File Server role service.
• Network File System (NFS) is a standard file-sharing protocol used primarily by UNIX and Linux distributions, requiring the Server to have an NFS role service.
• The Shares homepage in Server Manager displays all shares, and provides tools to manage them.
• To create a new share, the New Share Wizard is used, including the options for share name, description in local and remote paths, additional settings, permissions, and confirmation.
• Implementing share profiles is often a faster approach with more basic options for SMB share creations.
• The wizard enables selection of the server and path for the share, including choosing from the volume or specifying a custom path.
• Different configuration profile choices may result in certain options being available or not available during the creation process within the steps on the wizard.

Assigning Permissions

• Access Control Lists (ACLs), Access Control Entries (ACEs), and Security Principal concepts facilitate permissions management.
• ACL is the folder definition and specifies permissions related to sales, managers (full control), and a particular user.
• Permissions allow specific access degrees to security principals.
• Basic permissions are preconfigured combinations of permissions, while advanced permissions are more granular and applied individually.
• Additive permission, or preferred method, starts with no permissions and grants allow permissions.
• Subtractive permission starts with granting allowed permissions and grants deny permissions.
• Permissions inherit downward through a hierarchy effectively controlling access. Explicit permission overrides inherited attributes and is prioritized.
• The Security tab of a properties sheet enables permission management allowing to edit permissions for everyone.
• NTFS authorization defines how the system regulates user permission to files & folders using security identifiers (SIDs).
• Basic NTFS permissions, like full control, modify, delete, read, and execute, define specific actions associated with different permission levels for files and folders.
• Combining share and NTFS permissions affects access control, with local NTFS permissions affecting file & folder access, and shared permissions affecting network access to files & folders. The more restrictive of the permissions settings (local or remote) is the one that actually takes precedence.

NTFS Authorization

• NTFS and ReFS systems support permissions.
• Every file and folder has an ACL (Access Control List) with ACEs (Access Control Entries) specifying permissions for security principals.
• Security principals are users and groups identified by Windows using Security Identifiers (SIDs).
• During authorization, the system checks the user's SIDs against the element's ACEs to verify access.

Volume Shadow Copies

• Maintaining previous versions of files on a server.
• Enables access to a file even if accidentally deleted or overwritten.
• Implemented only for entire volumes.

Configuring NTFS Quotas

• Administrators can set storage limits for users on a volume.
• Users exceeding the quota limit might be denied access or receive a warning.
• Space consumption is measured by the size of files owned or created by the user.

Lesson Summary

• Creating folder shares makes data on file servers accessible to users.
• Permissions operate independently, including NTFS, share, registry, and Active Directory permissions.
• NTFS permissions enable granular control over access levels, including what tasks users can perform.
• Share permissions provide rudimentary, basic access control for files on a network share.
• Access-based enumeration controls access based on individual permissions and determines which resources are visible to the user.
• Offline Files store local copies of files accessed from server shares.
• Volume Shadow Copies enable the preservation of file versions.

Description

This quiz covers the essential concepts of configuring file and share access, including designing a file sharing strategy, creating folder shares, and assigning permissions. Learn about utilizing the File Sharing dialog box and Advanced Sharing options to enhance file accessibility. Test your understanding of share configurations and management techniques.