Beruflich Dokumente
Kultur Dokumente
Preliminary Setup
2. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ►
Active Directory Users and Computers (Figure 0313).
Figure 0314 : Active Directory Users and Computers – Intranet Users Group
Figure 0315 : Active Directory Users and Computers – Intranet Users Properties
6. Now repeat steps 5 to add zul.akmal and ain.syahmi as a member of Intranet Users
group.
7. After finish adding all the user to Intranet Users group, your Intranet Users properties
should be same as figure below (Figure 0322).
Figure 0322 : Active Directory Users and Computers – Intranet Users Properties
In this exercise, you will use Windows Explorer to create a folder and verify the NTFS file
permissions. The folder will then be shared and permissions assigned. You will then access this
shared resource from the client computer.
5. Open the temp21 folder properties. Right-click temp21 folder ► select Properties
(Figure 0328).
6. Click the Security tab. A list of security permissions is displayed. Note that the group
Administrators is given Full Control access at the folder level (Figure 0329).
Now you will restrict permissions at the share level. Remember that user permissions to a
network resource are made up of the share permissions and the NTFS permissions.
12.1. Select the Everyone group from the list (Figure 0335).
14. Add the Tech Support group with permissions of Full Control.
14.3. Select the Technical Support from the list of Search results (Figure 0340).
14.6. Click the Full Control allow box to enable the Full Control permission (Figure
0342).
15. Repeat steps 13 to 14 to add the Intranet Users group with Read permissions.
16. The share permissions should look like same as figure below (Figure 0343).
18. Click OK to close the advanced sharing dialog box for folder temp21 (Figure 0344).
20. In the Explorer window you will note a small double head icon on the folder
D:\temp21, which indicates the folder is now shared (Figure 0346).
Figure 0346 : Windows Explorer – temp21 Folder
22. Log on the client computer as ali.zul and ali as password (Figure 0347).
28. Double-click the Server21 and view the available resources (Figure 0353).
Figure 0353 : Myserver Workgroup
29. You should see the Common resource listed (Figure 0354).
30. Double-click the Common resources so that you are connected to it (Figure 0354).
31. A new window will open up and display the contents of the folder (it will be empty as
there are no files in the folder) (Figure 0355).
39. Double-click the Server21 and view the available resources (Figure 0363).
Figure 0363 : Myserver Workgroup
40. You should see the Common resource listed (Figure 0364).
41. Double-click the Common resources so that you are connected to it (Figure 0364).
42. A new window will open up and display the contents of the folder (Figure 0365).
YES / NO
Before we begin this exercise, we have done some preliminary setup. We add
mad.akmal, ocah.blue and ain.syahmi to the Intranet Users group and we set
permissions to the folder temp21 as Read only for Intranet Users. But for Tech
Support group, we set Full Control permissions.
In the earlier exercise, we add ali.zul as member of the Tech Support group.
That’s why user ali.zul can create new text document in the Common folder on
the Server21.
EXERCISE 11.2
Creating Network Drive Mapping
Instead of using My Network Places, you can map a drive letter to the resource. This is an
alternative way of accessing the resource, but requires that you know the location of the
resource (you can use My Network Places to view the available resources, so you don’t really
need to know the location)
45. Log on the client computer as ali.zul and ali as password (Figure 0367).
You must specify the name of the server and the share name.
49. A new window will open up and display the contents of the Common folder (Figure
0370).
50.1. Right-click in the windows and select New Text Document (Figure 0371).
YES / NO
EXERCISE 11.3
Publishing a Shared Resource in Active Directory
One of the problems of publishing shares in the way you have just done (which is the way they
done in NT 4 or 98) is that you have to browse the network or know which server the resource is
located on in order to find it. This can be time-consuming and frustrating for users.
Resources can be published in Active Directory, making them easy to find. In the next exercise
you will publish the resource into Active Directory.
53. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ►
Active Directory Users and Computers (Figure 0373).
54. Right-click domain (myserver.com) and select New ► Shared Folder (Figure 0374).
Figure 0374 : Launch Shared Folder Wizard
55. Enter the name as Common Files and the Network path as your server name and
share name – in this exercise it is \\Server21\Common (Figure 0375).
57. The new shared folder appears in the right windows pane of Active Directory (Figure
0376).
Now that the shared folder is published in Active Directory, it is easy for users to locate and
connect to the resource.
63. In the Find drop box, select Shared Folders and in the In drop box, select you domain
- myserver (Figure 0381).
Figure 0381 : Find Shared Folders
66. Right-slick the Common Files shared folder from the list and select Map Network
Drive (Figure 0384).
Figure 0384 : Find Shared Folders - Map Network Drive
67. Select U as drive and enter the location of the network resource in the Folder: box
(Figure 0385).
Note how the location for the server share is filled in automatically.
71. There are now one additional drive appears at the bottom (Figure 0387).
Summary
Permissions are assigned at the SHARE and at the File system level. By default, Windows
Server 2003 places every use created into the group EVERYONE, and, when creating a new
directory or share, automatically assigns rights to that resource so the group EVERYONE can
access it.
If you want to secure any resources by restricting access, you should ensure that the
appropriate permissions have been set at both the share and file system level.
Publishing shared folders in Active Directory simplifies the task of locating resources.