4. NTFS Permissions
Specific Permissions Required to Assign Permissions
Permissions Assigned to User Accounts and Groups
Permission Can Be Denied NTFS Partition
C:
User1 Read
User2 No Permission
Assigned
5. NTFS Folder Permissions
Folder
Permissions
Read
Write
List Folder Contents
Read & Execute
Modify
Full Control
6. NTFS File Permissions
File ~~~~~~
Permissions ~~~~~~
~~~~~~
Read ~~~~~~
Write ~~~~
Read & Execute
Modify
Full Control
7. How Windows 2003 Applies NTFS Permissions
Multiple NTFS Permissions
NTFS Permissions Inheritance
Default NTFS Permissions
Class Discussion: Applying NTFS Permissions
9. NTFS Permissions Inheritance
Read / Write FolderA Inherit Permissions
Access to FolderB FolderB
Read / Write FolderA
Prevent Inheritance
FolderB
No access to FolderB
FolderC
10. Default NTFS Permissions
NTFS Permissions Automatically Assigned
When a partition is formatted with NTFS
When a folder or file is created
When a user account is added to a folder
11. Class Discussion: Applying NTFS Permissions
Users Group NTFS Partition
Write to Folder1 C:
Sales Group
Read to Folder1
Folder1
Users Group
Users Group
Read to Folder1 Doc1
User1 Sales Group
Write to Folder2
Folder2
Users Group
Modify to Folder1
Doc2 should only be Doc2
accessible to Sales
Sales Group Group, and only for
read access
13. Guidelines for Assigning NTFS Permissions
Group Resources to Simplify Administration
Assign Only the Permissions That Users Need
Create Groups According to Resource Access Needs
Assign Read & Execute Permissions for Application Folders
Assign Appropriate Permissions to Users and File Owner for Public Data
Assign Permissions Rather Than Deny Permissions
14. Setting NTFS Permissions
Folder1 Properties
General Web Sharing Sharing Security
Name Add...
Everyone
Select Users, Computers, or Groups
Remove
Look in: Entire Directory
Name In Folder
BATCH
Full Control INTERACTIVE
Modify SERVICE
Read & Execute Administrator nwtraders. com
Guest nwtraders. com
List Folder Contents
IUSR_SERVER1 nwtraders. com
Read
Write
Name:
Advanced... Check Names
You have selected the following objects:
Allow inheritable permissions from parent to propagate
to this object. Name In Folder
Administrator nwtraders.com
OK Cancel Apply
15. Controlling Permissions Inheritance
Folder1 Properties
General Web Sharing Sharing Security
Name Add...
Everyone
Remove
Security
You are preventing any inheritable permissions from propagating to this
object. What do you want to do?
Full Control - To copy previously inherited permissions to this object, click Copy.
Modify - To Remove the inherited permissions and keep only the permissions
Read & Execute explicitly specified on this object, click Remove.
List Folder Contents - To abort this operation, click Cancel.
Read
Write
Copy Remove Cancel
Advanced...
Allow inheritable permissions from parent to propagate
to this object.
OK Cancel Apply
16. Copying and Moving Files and Folders
Copying Files and Folders
Moving Files and Folders
Class Discussion: Copying and Moving Files
17. Copying Files and Folders
NTFS Partition NTFS Partition NTFS Partition
C: C: D:
Copy Copy
Permissions = Permissions = Permissions = Permissions =
Full Control Destination Folder Full Control Destination Folder
NTFS Partition Non-NTFS Partition
C:
Copy
Permissions = Lose NTFS
Read, Write Permission Full Control Permissions
18. Moving Files and Folders
NTFS Partition NTFS Partition NTFS Partition
C: C: D:
Move Move
Permissions = Permissions = Permissions = Permissions =
Full Control Full Control Full Control Destination Folder
NTFS Partition Non-NTFS Partition
C:
Move
Permissions = Lose NTFS
Write, Modify Permissions Full Control Permissions
19. Class Discussion: Copying and Moving Files
NTFS Partition NTFS Partition
(C:) (D:)
FC
Users Data
None
Mary
Move FileA
FileA
Public
M
Copy
FileA
Move
Group 1
20. Sharing Resources
Using Shared Folders
Applying Shared Folder Permissions
How Shared Folder Permissions Are Applied
Guidelines for Administering Shared Folders
21. Using Shared Folders
Apply Shared Folders Permissions Only to Entire Folder
Provide Only Network Security
Provide Security on Non-NTFS Volumes
Default Shared Folder Permission Is Full Control
A User Added to a Shared Folder Gets Read Permission
A Copy of a Shared Folder Is Not Shared
A Shared Folder Appears As an Icon of a Hand
Holding a Folder
Applications Data
22. Applying Shared Folder Permissions
Shared Folder
Permissions Data
Read
Change
Full Control
You Can Allow or Deny Shared Folder Permissions
23. How Shared Folder Permissions Are Applied
Multiple Shared Folder Permissions Combine
Deny Overrides Other Permissions
Data
Group Change (Read)
Change
User File
Read
24. Guidelines for Administering Shared Folders
Replace the Default Everyone Group with the Users Group
Organize Resources According to Security Requirements
Use Intuitive Share Names That All Client Computers Can Use
26. Requirements for Sharing Folders
Operating system and role of computer Group
Administrators or
Windows 2003 Server As Domain Controller
Server Operators
Windows 2003 Server As Member Server Administrators or
Windows 2003 Professional As Client Computer Power Users
27. Sharing a Folder
Applications Properties
General Web Sharing Sharing Security
You can share this folder among other users on your
network. To enable sharing for this folder, click
Share this folder.
Do not share this folder
Share this folder
Required
Share name: Applications
Comment: Application files
User Limit: Maximum allowed
Allow Users
To set permissions for how users access
this folder over the network, click Permissions. Permissions
To configure settings for offline access to
Caching
this shared folder, click Caching.
OK Cancel Apply
28. Assigning Shared Folder Permissions
Permissions for Applications
Security
Name Add...
Everyone
Remove
Select Users, Computers, or Groups
Classroom1
Name In Folder
Account Operators Classroom1
Permissions: Allow Deny Print Operators Classroom1
ANONYMOUS LOGON Classroom1
Full Control Authenticated Users Classroom1
Change BATCH Classroom1
Read CREATOR GROUP Classroom1
CREATOR OWNER Classroom1
Name:
Check Names
You have selected the following objects:
OK Cancel Apply
Name In Folder
Account Operators Classroom1
29. Modifying Shared Folders
Applications Properties
General Web Sharing Sharing Security
You can share this folder among other users on your
network. To enable sharing for this folder, click
Share this folder.
Do not share this folder
Share this folder
Applications
Share name:
Application files
Comment:
Maximum allowed
User Limit:
Allow 25 Users
To set permissions for how users access Permissions
this folder over the network, click Permissions.
To configure settings for offline access to
Caching
this shared folder, click Caching.
New Share
OK Cancel Apply
30. Connecting to Shared Folders
Open and Save Dialog Boxes
of Most Applications
My Network
Open Places Run on the Start Menu
Explore
Search for Computers… Map Network Drive
Windows can help you connect to a shared network folder
Map NetworkDrive…
Network Drive… and assign a drive letter to the connection so that you can
access the folder using My Computer.
Disconnect Network Drive…
Specify the drive letter for the connection and the folder
that you want to connect to:
Create Shortcut
Drive: E:
Rename
Path: instructor1public Browse...
Properties Example: servershare
Reconnect at logon
Connect using a different user name.
Connect to a Web folder or FTP site.
<Back Finish Cancel
31. Administrative Shared Folders
Share Purpose
C$, D$, E$ The root of each partition is automatically shared
Admin$ The C:Winnt folder is shared as Admin$
When the first printer is created, the folder
Print$
containing the printer driver files is shared as Print$
32. NTFS Permissions and Shared Folders
Combining NTFS Permissions with Shared Folders
Securing Resources with NTFS Permissions
Class Discussion: Shared Folders and NTFS
Permissions
33. Combining NTFS Permissions with Shared Folders
Shared Folder Permissions Provide Less Security Than
NTFS Permissions
Different NTFS Permissions Can Be Assigned for Each
File and Folder in a Shared Folder
Shared Folder Permissions and NTFS Permissions Are
Needed to Gain Access to Files on NTFS Volumes
Using Shared Folder Permissions to Control Access
Increases Administrative Overhead
NTFS Permissions and Shared Folder Permissions
Combine According to Different Rules
34. Securing Resources with NTFS Permissions
Four Steps
Identify File Resources to Share
Add These Files to a Folder
Secure Folder with NTFS Permissions
Share the Folder
35. Class Discussion: Shared Folders
and NTFS Permissions
NTFS Partition C:
Users
Group FC Home
User1 FC NTFS Permission User1
User2 FC NTFS Permission User2
36. Troubleshooting Access Problems
Err or No Access Permission Assigned to User or Group
Err or Permissions May Have Changed
Err or Changed Permissions Do Not Take Effect
37. Best Practices
Assign NTFS Permissions Before You Share a Folder
Use Share Names Accessible by All Client Computers
Organize Resources to Simplify Permission Assignments
Assign Permissions to Groups Rather Than to Individual Users
Remove Everyone Group and Assign Permissions to Users Group
Document Locations of Shared Folders and Permissions
Assign the Most Restrictive Permissions
38. Review
Using NTFS Permissions
How Windows 2003 Applies NTFS Permissions
Assigning NTFS Permissions
Copying and Moving Files and Folders
Sharing Resources
Creating Shared Folders
NTFS Permissions and Shared Folders
Troubleshooting Access Problems
Best Practices