You are on page 1of 37

Module 4: Managing Access to Resources

Overview
Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and Folders Using NTFS Permissions Determining Effective Permissions Managing Access to Shared Files Using Offline Caching

Lesson: Overview of Managing Access to Resources
Multimedia: Access Control in Microsoft Windows Server 2003 What Are Permissions? What Are Standard and Special Permissions? Practice: Examining NTFS Permissions Multimedia: Permission States

Multimedia: Access Control in Microsoft Windows Server 2003
This presentation explains how Active Directory uses security principals and identifiers to provide access to objects Important point to watch for: If you delete a security principle and then create it again with the same name, what is the effect on the permissions?

What Are Permissions?
Permissions define the type of access granted to a user, group, or computer for an object You apply permissions to objects such as files, folders, and printers You assign permissions to users and groups in Active Directory or on a local computer

What Are Standard and Special Permissions?
Standard Permissions Special Permissions

Practice: Examining NTFS Permissions
In this practice, you will: Examine the NTFS default permissions on system folders Examine the NTFS default permissions on a newly created folder

Multimedia: Permission States
In this activity, you will learn the differences between the permission states and then test your knowledge

Lesson: Managing Access to Shared Folders
What Are Shared Folders? What Are Administrative Shared Folders? Tools to Create and Manage Shared Folders Shared Folder Permissions Methods to Connect to Shared Folders What Are Published Shared Folders? How Published Shared Folders Are Used Best Practices For Using Shared Folders

What Are Shared Folders?
Shared folders show an icon of a hand holding the folder You can share only folders, not files Default permission on shared folders is Everyone, Read When you copy or move a shared folder, the folder is no longer shared To hide a shared folder, include a $ after the name of the shared folder Users access hidden shares by typing the UNC path

What Are Administrative Shared Folders?

Tools to Create and Manage Shared Folders
Who can create shared folders?
 Administrators group  Server Operators group

On Windows Server 2003 domain controllers

On Windows Server 2003 member or stand-alone servers
 Administrators group  Power Users group

Tools used to create and manage shared folders  Computer Management
 Window Explorer or My Computer  The Net Share command

Shared Folder Permissions
Permission Read (Default, applied to the Everyone group) Change (Includes all Read permissions) Full Control (Includes all Read and Change permissions) Description Allows you to view data in files and attributes Allows you to view file names and subfolder names Allows you to run program files Allows you to add files and subfolders Allows you to change data in files Allows you to delete subfolders and files Allows you to change NTFS file and folder permissions

Methods to Connect to Shared Folders

What Are Published Shared Folders?
A published shared folder:  Is a shared folder object in Active Directory  Can maintain static friendly names Clients:  Can search Active Directory for published shared folders  Do not need to know the name of the server to connect to a shared folder  Can search by using keywords if they do not know the exact name of the share

How Published Shared Folders Are Used
Administrators can use Active Directory Users and Computers to find shared folders Windows XP Professional clients can search Active Directory from My Network Places

Best Practices for Using Shared Folders
Use the Authenticated Users group instead of Everyone Share folders with the appropriate level of permission Use groups to grant access rather than individual users Publish shared folders in larger environments

Practice: Managing Access to Shared Folders
In this practice, you will: Connect to an administrative share Create a shared folder and grant permissions Publish a shared folder and create keywords Map a drive letter to the shared folder and test permissions

Lesson: Managing Access to Files and Folders Using NTFS Permissions
What Is NTFS? NTFS File and Folder Permissions What Is NTFS Permissions Inheritance? Effects on NTFS Permissions When Copying and Moving Files and Folders Best Practices for Managing Access to Files and Folders Using NTFS Permissions Practice: Managing Access to Files and Folders Using NTFS Permissions

What Is NTFS?
NTFS is a file system that provides: Reliability Security at the file level and folder level Improved management of storage growth Multiple user permissions

NTFS File and Folder Permissions
File permissions Folder permissions
Full Control Modify Read & Execute Write Read Full Control Modify Read & Execute Write Read List Folder Contents

What Is NTFS Permissions Inheritance?
Inherit permissions
FolderA Read / Write FolderB

Access to FolderB Prevent inheritance
Read / Write FolderA FolderB FolderC

No access to FolderB

Effects on NTFS Permissions When Copying and Moving Files and Folders

NTFS Partition C:\ NTFS Partition D:\

C opy Mo ve NTFS Partition E:\

C opy or Mo ve

When you copy files and folders, they inherit the permissions of the destination folder When you move files and folders within the same partition, they retain their permissions When you move files and folders to a different partition, they inherit the

Best Practices for Managing Access to Files and Folders Using NTFS Permissions
Grant permissions to domain local groups instead of to users Group resources to simplify administration Allow users only the level of access that they require Grant Read & Execute permission for application folders

Practice: Managing Access to Files and Folders Using NTFS Permissions
In this practice, you will: Examine and configure NTFS permissions Block NTFS permission inheritance and set permissions Test NTFS permissions Test the effects of copying and moving files or folders

Lesson: Determining Effective Permissions
What Are Effective Permissions on NTFS Files and Folders? Class Discussion: Applying NTFS Permissions Effects of Combined Shared Folder and NTFS Permissions Class Discussion: Determining Effective NTFS and Shared Folder Permissions Practice: Determining Effective NTFS and Shared Folder Permissions

What Are Effective Permissions on NTFS Files and Folders?
NTFS permissions are cumulative File permissions override folder permissions Deny overrides all permissions Creators of files and folders are their owners

Class Discussion: Applying NTFS Permissions
1
Users group Write for Folder1 Sales group Read for Folder1 Users group Read for Folder1 Sales group Write for Folder2 Users group Modify for Folder1 File2 should only be accessible to Sales group with Read permission

NTFS Partition
Folder1 File1

Users Group

2

User1

3

Folder2 File2

Sales Group

Effects of Combined Shared Folder and NTFS Permissions

Full Contr ol

Public

NTFS Volume Users Read

File1

Chan ge

File2

Class Discussion: Determining Effective NTFS and Shared Folder Permissions
Class discussion: Determine effective NTFS permissions
1

Determine shared folder Volume NTFS Volume 2 NTFS permissions
Sales Group Users F C F C F C User1 User2 User3 R Sales Group F C Data Sales HR Pubs F C User1 User2 User3

Users Group

Practice: Determining Effective NTFS and Shared Folder Permissions
In this practice, you will: Share the Legal folder Determine the effective NTFS permissions Determine the effective combined permissions

Lesson: Managing Access to Shared Files Using Offline Caching
What Is Offline Files? How Offline Files Are Synchronized Offline File Caching Options Practice: Using Offline Caching

What Is Offline Files?
Offline Files is a documentmanagement feature that provides the user with consistent online and offline access to files Advantages of using Offline Files:  Support for mobile users  Automatic synchronization  Performance advantages  Backup advantages

How Offline Files Are Synchronized
Disconnected from the network  Files are synchronized at logoff. The user works with the locally cached copy Logged on to the network  Files are synchronized at logon. The user works with the network version of the files If a file has been modified in both locations  The user must choose which version of the file to keep or to rename one file and keep both versions

Offline File Caching Options

Practice: Using Offline Caching
In this practice, you will: Manually cache a document in the Legal shared folder Set synchronization options

Lab: Managing Access to Resources
In this lab, you will: Create and share folders Configure NTFS security Publish shared folders Test permissions Configure automatic caching