Confguring Shares and Permissions

TOPIC 6: CONFIGURING SHARES

AND PERMISSIONS
ITP4112 Network and Virtualized Systems
Administration Project

VTC 2012
 LESSON INTENDED LEARNING OUTCOMES
On completion of the lesson, students are expected to:
Know how to configure a file server with disk quotas.

Confguring Shares and Permissions

Know how to assign share permissions.

Know how to make use of the NTFS permissions.

VTC 2012
 CONFIGURE A FILE SERVER
Before configuring a file server, configure the drives
and volumes that will be used to hold the shared fo
lders.

Confguring Shares and Permissions

Use the NTFS file format on the drives and volumes
to take advantage of NTFS permissions and also mo
nitoring of NTFS volumes.
You can assign the file services role to your server r

unning Windows Server 2008 via the Server Manage

r (with the Roles node selected), by running the Add
Roles wizard.

VTC 2012
 CONFIGURE A FILE SERVER
You can assign the file services role to your server
running Windows Server 2008 via the Server Mana
ger (with the Roles node selected), by running the
Add Roles wizard.

Confguring Shares and Permissions

4

VTC 2012
 Confguring Shares and Permissions
5
SELECT SERVER ROLES

VTC 2012
 Confguring Shares and Permissions
6
SELECT ROLE SERVICES

VTC 2012
 CONFIGURE STORAGE USAGE MONITORING

Confguring Shares and Permissions

7

VTC 2012
 Confguring Shares and Permissions
8
SET REPORT OPTIONS

VTC 2012
 CONFIRM INSTALLATION SELECTIONS
The Confirmation page appears with a summary of t
he roles and role services that will be installed.

Confguring Shares and Permissions

When the installation is complete, the Installation Re
sults page appears.
The File Services role appears in the Server Manager
windows (when the Roles node expanded).
When you expand the File Services node you can acc
ess the Share and Storage Management node, which
provides access to the File Server Resource Manager.
Expanding the File Server Resource Manager provide
s access to the Quota Management snap-in. 9

VTC 2012
 FILE SERVER DISK QUOTAS
Expand the Quota Management node and then select the
Quotas node. Any existing quotas appear in the Quotas de
tail pane.

Confguring Shares and Permissions

10

VTC 2012
 FILE SERVER DISK QUOTAS
You can control and track shared volume usage on a per-
volume and per-user basis.
Quotas can be created that are specific to a volume or fol

Confguring Shares and Permissions

der; you can also create auto-apply quotas that also appl
y to any subfolders in a volume or folder to which you as
sign the auto-apply quota.
Notifications can also be built into the quota settings, ale
rting you or folder owner when a particular threshold ha
s been reached.
Two types of quotas are available: hard quotas and soft q
uotas. Hard quotas dictate a size limit that users cannot
exceed. A soft quota allows users to exceed the limit and
11
is used to monitor volume (or folder) use by your users.

VTC 2012
 SHARE AND STORAGE MANAGEMENT
Share and Storage Management snap-in also allows you
to manage storage disks on a server, like extend a volu
me, format a volume, or delete a volume.

Confguring Shares and Permissions

You can manage all the parameters related to shares by
using the Share and Storage Management snap-in and t
he File Server Resource Manager.
You can configure new shares and volumes directly fro
m the Share and Storage Management snap-in, by clicki
ng the Provision Share link and Provision Storage links r
espectively in the Actions pane.
You can manage quotas, file screening and storage repo
rts via the File Server Resource Manager. 12

VTC 2012
 SHARE AND STORAGE MANAGEMENT

Confguring Shares and Permissions

13

VTC 2012
 Confguring Shares and Permissions
14
CONFIGURE NEW SHARE

VTC 2012
 CONFIGURE NEW SHARE

Confguring Shares and Permissions

Then, select all the default settings to create the new shared 15
folder User-Data.

VTC 2012
 SHARE PERMISSIONS
To view the permissions for a share, right-click a share in
the Details pane and then select Properties.

Confguring Shares and Permissions

16

VTC 2012
 Click the Permissions tab on t
SHARE PERMISSIONS

he Properties dialog box.
To view share permissions, cli
ck the Share Permissions butt
on. A dialog box shows users
and groups that have been as

Confguring Shares and Permissions

signed permissions.

17

VTC 2012
 SHARE PERMISSIONS
Share permissions can be set at three different levels
: Full Control, Change, and Read.
Full Control: enables the user to modify file permission

Confguring Shares and Permissions

s and perform all the tasks permitted by the Change an
d Read permission levels; i.e. the same access that an a
dministrator would have to the share.
Change: enables the user to create folders in the share
and add new files, and modify existing files.
Read: enables the user to display folders and files in th
e share, open the files (in read-only mode), and run pro
gram files contained in the share.
18

VTC 2012
 SHARE PERMISSIONS
The Deny setting is used to fine-tune permission level
s, it always overrides any granted permissions for the
object.

Confguring Shares and Permissions

Typically, you will want to assign share access levels b
y domain groups, i.e. create groups for users and the
n assign share permissions to the groups.
You might want to assign a group or user the No Acce
ss permission level, which allows a connection to the
shared folder (the folder can be seen on the network)
, but access to the folder and its contents are denied.
To assign No Access, clear all the Allow check boxes fo
r a particular group or user. 19

VTC 2012
 NTFS PERMISSIONS
Folders and files on NTFS volumes can be assigned NTFS
permissions. This differs from share permissions, which
can be applied only to drives and folders.

Confguring Shares and Permissions

NTFS permissions can secure a folder of file on the local
computer (affecting local users on the computer), and als
o can secure the object in respect to users who access th
e folder or file over the network.
As with share permissions, you set NTFS permissions by
selecting either Allow or Deny next to a particular permis
sion.

20

VTC 2012
Confguring Shares and Permissions
21

VTC 2012
 NTFS PERMISSIONS
A file can have different NTFS permissions than its parent fold
er.
NTFS permissions can become confusing because they can be
assigned to both groups and users.

Confguring Shares and Permissions

NTFS permissions are cumulative. A users final NTFS permissi
on is a combination of the NTFS permissions assigned to grou
ps of which the user is a member and NTFS permissions assig
ned directly to the user.
NTFS file permissions actually override NTFS folder permission
s.
Using Deny effectively overrides any other cumulative NTFS pe
rmissions that a user might have for a folder or file.
NTFS permissions are inherited from parent folders by default,
i.e. subfolders and files contained in a parent folder inherit th 22
e permissions that you set for the parent folder.

VTC 2012
 NTFS PERMISSIONS
Copying or moving files from one location to another can
be problematic with NTFS permissions.

Confguring Shares and Permissions

The final NTFS permissions depend on whether you are c
opying or moving, and whether you are copying or movin
g within or between NTFS partitions or volumes.
Using groups (instead of users) to assign NTFS permission
s is likely to make the entire process a little less confusing
.
NTFS permissions can be assigned to shares (folders) via t
he Share and Storage Management snap-in. When assigni
ng NTFS permissions to a file, you need to use the Compu
ter folder to access the files Properties dialog box.
23

VTC 2012
 NTFS FOLDER PERMISSIONS
Right-click a share in the Details pane and then select Pr
operties.

Confguring Shares and Permissions

24

VTC 2012
 NTFS FOLDER PERMISSIONS

Confguring Shares and Permissions

25

VTC 2012
 EFFECTIVE NTFS PERMISSIONS
It can be confusing when you are trying to sort out wh
at actual permissions a user has in relation to a partic
ular share or a specific file in a share.

Confguring Shares and Permissions

Effective permissions for a file or folder are the permi
ssions that are afforded a user or group based entirel
y on group membership (remember that groups can b
e nested inside other groups in the AD).
Viewing effective permissions can help you sort out th
e bottom-line access that a user or group has to a part
icular shared file or folder. This information can be ve
ry useful when fine-tuning resource access on the net
work. 26

VTC 2012
 EFFECTIVE NTFS PERMISSIONS

Confguring Shares and Permissions

27

VTC 2012
 MIXING SHARE AND NTFS PERMISSIONS
Both NTFS permissions and share permissions can be assi
gned to a shared folder, the resulting access level that a u
ser or group has is the most restrictive permission provid

Confguring Shares and Permissions

ed by the combined settings.
Only NTFS permissions can be assigned to shared files, de
termining what you can do with them.
So, you might want to use share permissions to control fol
der access, and then use NTFS permissions to drill down y
our security settings to the file level.
When planning how you want to supply access to shares o
n the network, determine how you will use group member
ship to determine an individual users access to a particul
28
ar folder or file.

VTC 2012