files and folders

Files and Folders

Objectives

File Server Access Control Permissions Ownership of objects Inheritance of permissions User rights and privileges Object auditing How to Share a Folder How to Configure Share Permissions

File Server a file server is a computer attached to a

network that has the primary purpose of providing a location for shared disk access, i.e. shared storage of computer files (such as documents, sound files, photographs, movies, images, databases, etc.) that can be accessed by the workstations that are attached to the same computer network.

File Server

A file server is not intended to perform computational tasks, and does not run programs on behalf of its clients.

It is designed primarily to enable the storage and retrieval of data while the computation is carried out by the workstations.

Access Control Access control is the process of authorizing

users, groups, and computers to access objects on the network or computer.

Access Control

Access Control

Permissions Permissions define the type of access

granted to a user or group for an object or object property.

For example, the Finance group can be granted Read and Write permissions for a file named Payroll.xls.

Permissions

Permissions (cont’d)

For any object, you can grant permissions to: Groups, users, and other objects with security

identifiers in the domain. Groups and users in that domain and any

trusted domains. Local groups and users on the computer

where the object resides.

Permissions (cont’d) The permissions attached to an object

depend on the type of object. For example, the permissions that can be

attached to a file are different from those that can be attached to a registry key.

Some permissions, however, are common to most types of objects.

Common Permissions Read Modify Change owner Delete

Ownership of objects An owner is assigned to an object when that

object is created. By default, the owner is the creator of the

object. No matter what permissions are set on an

object, the owner of the object can always change the permissions on an object.

Ownership of objects

Inheritance of permissions Inheritance allows administrators to easily

assign and manage permissions. This feature automatically causes objects

within a container to inherit all the inheritable permissions of that container.

For example, the files within a folder, when created, inherit the permissions of the folder.

Only permissions marked to be inherited will be inherited.

Inheritance of permissions (cont’d)

User rights and privileges Administrators can assign specific rights to

group accounts or to individual user accounts.

These rights authorize users to perform specific actions, such as logging on to a system interactively or backing up files and directories.

User rights and privileges

User rights are different from permissions because user rights apply to user accounts, and permissions are attached to objects.

Although user rights can apply to individual user accounts, user rights are best administered on a group account basis.

User rights and privileges There is no support in the access control user

interface to grant user rights; however, user rights assignment can be administered through the Local Security Policy snap-in under Local Policies\User Rights Assignment.

Local Policies\User Rights Assignment

Object auditing With administrator's rights, you can audit

users' successful or failed access to objects. You can then view these security-related

events in the Security log in Event Viewer.

Object auditing (cont’d) You can select which object access to audit

by using the access control user interface, but first you must enable the audit policy by selecting Audit object access under Local Policy\Audit Policy\Local Policies in the Local Security Policy snap-in.

Object auditing (cont’d)

Share a Folder Before you share a folder, you must configure

the file and folder permissions to prevent users with restricted access from connecting to the folder over the network.

How to Share a Folder Log on to the computer as Administrator

or as a member of the Administrators group. Click Start, point to All Programs, point to

Accessories, and then click Windows Explorer.

Expand My Computer, and then click the drive or folder in which you want to create a new folder.

How to Share a Folder On the File menu, point to New, and then

click Folder. Type a name for the new folder, and then

press ENTER. Right-click the folder, and then click Sharing

and Security. Click Share this folder.

How to Configure Share Permissions

On the Sharing tab, click Permissions. Click Add. In the Select Users or Groups dialog box,

double-click the appropriate user accounts or groups (for example, the Accountants and Sales groups) that you want.

How to Configure Share Permissions (cont’d) When you finish selecting the users and

groups to which you want to grant permissions, click OK.

The groups and users that you added, and the Everyone group, are displayed in the Group or user names list.

How to Configure Share Permissions (cont’d) In the Group or user names list, click each

user or group, and then grant the permissions that you want to the user or group.

How to Configure Share Permissions (cont’d) After you set the appropriate permissions for

the user or groups that you want, click the Everyone group, and then click Remove.

Click OK.

References http://technet.microsoft.com http://support.microsoft.com http://en.wikipedia.org

Summary File Server. Access Control Permissions Ownership of objects Inheritance of permissions User rights and privileges Object auditing How to Share a Folder How to Configure Share Permissions

Review Questions

1. [5 pts.] Explain the use of File Server in a network environment.

2. [5 pts.] Discuss User rights and privileges.3. [10 pts.] Discuss the following:

Permissions Access Control