ITEC1420 Chapter 7 Configuring File and Access Permissions PDF

Chapter 7 Configuring File and Share Access Overview Chapter Objectives: Configure File and Share Access Designing a File Sharing Strategy Creating Folder Shares Assigning Permissions Configuring NTFS Quotas Creating Folder Shares Shares must be created in order for network users to be able to access the disks on the servers. You must determine: o What folders you will share o What names you will assign to the shares o What permissions you will grant users to the shares o What Offline Files settings you will use for the shares 3 Creator/Owner You can share your own folders. Right-click and select Share with > Specific People to access a simplified interface. Use Sharing tab of the folder’s Properties sheet for greater control. 4 Creating Folder Shares The File Sharing dialog box 5 Creating Folder Shares The Advanced Sharing dialog box 6 Types of Folder Shares Server Message Blocks (SMB) o The standard file-sharing protocol used by all versions of Windows. o Requires the File Server role service. Network File System (NFS) o The standard file sharing protocol used by most UNIX and Linux distributions. o Requires the Server to have NFS role service installed. 7 Create a Folder Share The Shares homepage 8 Create a Folder Share The Select the profile for this share page in the New Share Wizard 9 Create a Folder Share The Select the server and path for this share page of the New Share Wizard 10 Create a Folder Share cont.. The Specify share name page of the New Share Wizard 11 Create a Folder Share The Configure share settings page of the New Share Wizard 12 Create a Folder Share The Specify permissions to control access page of the New Share Wizard 13 Create a Folder Share The Confirm selections page of the New Share Wizard 14 Create a Folder Share The new share on the Shares homepage in Server Manager 15 Assigning Permissions Configuring File and Share Access Windows Permissions Architecture Access Control List (ACL) Access Control Entries (ACEs) Security principal Permission ACL Sales – Read Managers – Full control ACEs JSmith – Deny Access Folder Folder Security Principal 17 Windows Permissions The Security tab of a Properties sheet 18 Basic and Advanced Permissions Permissions allow you to grant specific degrees of access to security principals. Preconfigured permission combinations are called Basic Permissions. Advanced Permissions are more granular and can be applied individually, but are rarely used. 19 Allowing and Denying Permissions Additive o Start with no permissions and then grant Allow permissions (preferred method). Subtractive o Start by granting Allow permissions and then grant Deny permissions. 20 Inheriting Permissions Permissions run downward through a hierarchy 21 Effective Access The combination of Allow permissions and Deny permissions that a security principal receives for a system element: Allow permissions are cumulative. Deny permissions override Allow permissions. Explicit permissions take precedence over inherited permissions. 22 Effective Access The Effective Access tab of the Advanced Security Settings dialog box 23 Setting Share Permissions The Share Permissions tab for a shared folder 24 Share Permissions Share permission Allows or denies security principals the ability to: Change file permissions. Full Control Take ownership of files. Perform all tasks allowed by the Change permission. Create folders. Add files to folders. Change data in files. Change Append data to files. Change file attributes. Delete folders and files. Perform all actions permitted by the Read permission. Display folder names, filenames, file data, and attributes. Read Execute program files. Access other folders within the shared folder. 25 Set Share Permissions The Permissions page of a share’s Properties sheet in Server Manager 26 Set Share Permissions The Share tab of the Advanced Security Settings dialog box for a share in Server Manager 27 Set Share Permissions A Permission Entry dialog box for a share in Server Manager 28 Set Share Permission A new share permission entry in a share’s access control list 29 NTFS Authorization NTFS and ReFS support permissions. Every file and folder on an NTFS or ReFS drive has an ACL with ACEs, each of which contains a security principal and their permissions. Security Principals are users and groups identified by Windows using security identifiers (SIDs). During authorization, when a user accesses a file/folder, the system compares the user’s SIDs to those stored in the element’s ACEs to determine that user’s access. 30 NTFS Basic Permissions— Full Control Folder File Modify the folder Modify the file permissions. permissions. Take ownership of the Take ownership of folder. Delete subfolders and the file. files contained in the Perform all actions folder. associated with all Perform all actions other NTFS file associated with all other NTFS folder permissions. permissions. 31 NTFS Basic Permissions—Modify Folder File Delete the folder. Modify the file. Perform all actions Delete the file. associated with the Perform all actions Write and the Read associated with the & Execute Write and the Read permissions. & Execute permissions. 32 NTFS Basic Permissions— Read & Execute Folder File Navigate through Perform all actions restricted folders to associated with the reach other files Read permission. and folders. Run applications. Perform all actions associated with the Read and List Folder Contents permissions. 33 NTFS Basic Permissions—List Folder Contents Folder File View the names of Not applicable the files and subfolders contained in the folder. 34 NTFS Basic Permissions— Read Folder File See the files and Read the contents subfolders of the file. contained in the View the folder. ownership, View the permissions, and ownership, attributes of the permissions, and file. attributes of the folder. 35 NTFS Basic Permissions— Write Folder File Create new files Overwrite the file. and subfolders Modify the file inside the folder. attributes. Modify the folder View the ownership attributes. and permissions of View the ownership the file. and permissions of the folder. 36 Assign Basic NTFS Permissions The Advanced Security Settings dialog box for a share in Server Manager 37 Assigning Advanced NTFS Permissions The Permission Entry dialog box displaying Advanced Permissions 38 Resource Ownership Every file and folder on an NTFS drive has an owner. The owner always has the ability to modify the permissions, even if current permissions settings deny them access. The owner is the person who created the file or folder. Others with the Take Ownership permission can become the owner. 39 Combining Share and NTFS Permissions Shared Shared Share Permissions Folder Folder FC Everyone File A NTFS Permissions R File B NTFS Permissions FC NTFS Volume 40 Assigning Permissions The four permissions systems: Share permissions: Control access to folders over a network. NTFS permissions: Control access to the files and folders stored on disk volumes formatted with the NTFS file system. Registry permissions: Control access to specific parts of the Windows registry. Active Directory permissions: Control access to specific parts of an Active Directory Domain Services (AD DS) hierarchy. 41 How NTFS Security and Shared Permissions Work Together When you set up a shared folder, you need to set up shared permissions on that folder. If you’re using NTFS, you will also need to set up NTFS security on the folder. Since both shared permissions and NTFS security are in effect when the user is remote, what happens when the two conflict? 42 These are the two basic rules of thumb: The local permission is the NTFS permission. The remote permission is the more restrictive set of permissions between NTFS and shared. 43 Work out the effective permission for wpanek who belongs to three groups of Marketing, Sales and R & D. What will the Local and Remote permissions be? 44 Volume Shadow Copies Allow you to maintain previous versions of files on a server. A copy of a file can be accessed even if a file has been accidentally deleted or overwritten. Can be implemented for entire volumes only. 45 Configuring NTFS Quotas Enable administrators to set a storage limit for users of a particular volume. Users exceeding the limit can be denied access or just receive a warning. Space consumed by users is measured by the size of the files they own or create. 46 Configure NTFS Quotas The Quota tab of a volume’s Properties sheet 47 Lesson Summary Creating folder shares makes the data stored on a file server’s disks accessible to network users. Windows Server 2012 R2 has several sets of permissions that operate independently of each other, including NTFS permissions, share permissions, registry permissions, and Active Directory permissions. NTFS permissions enable you to control access to files and folders by specifying the tasks individual users can perform on them. Share permissions provide rudimentary access control for all of the files on a network share. Network users must have the proper share and NTFS permissions to access file server shares. Access-based enumeration (ABE) applies filters to shared folders based on individual user’s permissions to the files and subfolders in the share. Users who cannot access a particular shared resource are unable to see that resource on the network. Lesson Summary Offline Files is a Windows feature that enables client systems to maintain local copies of files they access from server shares. Volume Shadow Copies is a Windows Server 2012 feature that enables you to maintain previous versions of files on a server, so that if users accidentally delete or overwrite a file, they can access a copy. You can only implement Shadow Copies for an entire volume; you cannot select specific shares, folders, or files. NTFS quotas enable administrators to set a storage limit for users of a particular volume. Depending on how you configure the quota, users exceeding the limit can be denied disk space, or just receive a warning. Thank You 50

ITEC1420 Chapter 7 Configuring File and Access Permissions PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue