Module 4:

Managing Access
to Resources
Overview

Overview of Managing Access to

Resources
Managing Access to Shared Folders
Managing Access to Files and Folders
Using
NTFS Permissions
Determining Effective Permissions
Managing Access to Shared Files Using
Offline Caching
Lesson: Overview of Managing
Access to Resources

Multimedia: Access Control in

Microsoft
Windows Server 2003
What Are Permissions?
What Are Standard and Special
Permissions?
Practice: Examining NTFS Permissions
Multimedia: Permission States
Multimedia: Access Control in
Microsoft Windows Server 2003

This presentation explains

how Active Directory uses
security principals and
identifiers to provide access
to objects
Important point to watch for:
If you delete a security
principle and then create it
again with the same name,
what is the effect on the
permissions?
What Are Permissions?

Permissions define the type of access

granted to a user, group, or computer
for an object
You apply permissions to objects such
as files, folders, and printers
You assign permissions to users and
groups in
Active Directory or on a local computer
 What Are Standard and Special
Permissions?

Standard Permissions Special Permissions

Practice: Examining NTFS
Permissions

In this practice, you will:

Examine the NTFS default
permissions on system
folders
Examine the NTFS default
permissions on a newly
created folder
Multimedia: Permission States

In this activity, you will learn

the differences between the
permission states and then
test your knowledge
Lesson: Managing Access to Shared
Folders

What Are Shared Folders?

What Are Administrative Shared
Folders?
Tools to Create and Manage Shared
Folders
Shared Folder Permissions
Methods to Connect to Shared Folders
What Are Published Shared Folders?
How Published Shared Folders Are
Used
Best Practices For Using Shared
Folders
What Are Shared Folders?

Shared folders show an icon of a hand

holding the folder
You can share only folders, not files
Default permission on shared folders is
Everyone, Read
When you copy or move a shared
folder, the folder is no longer shared
To hide a shared folder, include a $
after the name of the shared folder
Users access hidden shares by typing
the UNC path
What Are Administrative Shared
Folders?
Tools to Create and Manage Shared
Folders

Who can create shared folders?

On Windows Server 2003 domain
controllers
 Administrators group
 Server Operators group
On Windows Server 2003 member or
stand-alone servers
 Administrators group
 Power Users group

Tools used to create and manage shared

folders
 Computer Management
 Window Explorer or My Computer
 The Net Share command
 Shared Folder Permissions

Permission Description
Read Allows you to view data in files and
(Default, attributes
applied to the Allows you to view file names and
Everyone subfolder names
group) Allows
Change Allows you
you to
to run
add program
files and files
subfolders
(Includes all Allows you to change data in files
Read Allows you to delete subfolders and
permissions) files
Full Control
(Includes all
Allows you to change NTFS file and
Read and folder permissions
Change
permissions)
Methods to Connect to Shared
Folders
What Are Published Shared
Folders?

A published shared folder:

 Is a shared folder object in Active
Directory
 Can maintain static friendly names
Clients:
 Can search Active Directory for published
shared folders
 Do not need to know the name of the
server to connect to a shared folder
 Can search by using keywords if they do
not know the exact name of the share
How Published Shared Folders Are
Used

Administrators can use Active Directory

Users and Computers to find shared
folders
Windows XP Professional clients can
search Active Directory from My Network
Places
Best Practices for Using Shared
Folders

Use the Authenticated Users group

instead of Everyone
Share folders with the appropriate
level of permission
Use groups to grant access rather than
individual users
Publish shared folders in larger
environments
Practice: Managing Access to
Shared Folders

In this practice, you will:

Connect to an administrative
share
Create a shared folder and
grant permissions
Publish a shared folder and
create keywords
Map a drive letter to the
shared folder and test
permissions
Lesson: Managing Access to Files
and Folders Using NTFS
Permissions

What Is NTFS?
NTFS File and Folder Permissions
What Is NTFS Permissions Inheritance?
Effects on NTFS Permissions When
Copying and Moving Files and Folders
Best Practices for Managing Access to
Files and Folders Using NTFS
Permissions
Practice: Managing Access to Files and
Folders Using NTFS Permissions
What Is NTFS?

NTFS is a file system that provides:

Reliability
Security at the file level and folder
level
Improved management of storage
growth
Multiple user permissions
NTFS File and Folder Permissions

File permissions Folder permissions

Full Control
Full Control
Modify
Modify
Read &
Read & Execute
Execute
Write
Write
Read
Read
List Folder
Contents
What Is NTFS Permissions
Inheritance?

Inherit
permissions
FolderA
Read /
Write
FolderB
Access to FolderB
Prevent
inheritance
FolderA

Read /
Write FolderB

No access to FolderB FolderC

Effects on NTFS Permissions When
Copying and Moving Files and
Folders

C
NTFS Partition C
opy
C:\ opy
NTFS Partition or
NTFS Partition Mo
E:\ Mo
D:\ ve
ve

When you copy files and folders, they

inherit the permissions of the destination
folder
When you move files and folders within the
same partition, they retain their
permissions
When you move files and folders to a
different partition, they inherit the
Best Practices for Managing Access
to Files and Folders Using NTFS
Permissions

Grant permissions to domain local

groups instead of to users

Group resources to simplify

administration

Allow users only the level of access

that they require

Grant Read & Execute permission

for application folders
Practice: Managing Access to Files
and Folders Using NTFS
Permissions

In this practice, you will:

Examine and configure NTFS
permissions
Block NTFS permission
inheritance and set
permissions
Test NTFS permissions
Test the effects of copying
and moving files or folders
Lesson: Determining Effective
Permissions

What Are Effective Permissions on

NTFS
Files and Folders?
Class Discussion: Applying NTFS
Permissions
Effects of Combined Shared
Folder and NTFS Permissions
Class Discussion: Determining
Effective NTFS and Shared Folder
Permissions
Practice: Determining Effective
NTFS and Shared Folder
Permissions
What Are Effective
Permissions on NTFS Files
and Folders?

NTFS permissions are cumulative

File permissions override folder
permissions
Deny overrides all permissions
Creators of files and folders are their
owners
 Class Discussion: Applying NTFS
Permissions

Users group
1 Write for NTFS
Folder1 Partition
Sales group
Read for Folder1
Users Group Folder1
Users group
2 Read for
Folder1 File1
User1 Sales group
Write for
Folder2 Folder2
Users group
3 Modify for
Folder1
File2
File2 should
only be
Sales Group accessible
to Sales
group with
Read
permission
Effects of Combined Shared
Folder and NTFS Permissions

Full Public
Contr
ol

NTFS Volume
Users

Read
File1

Chan
ge File2
Class Discussion: Determining
Effective NTFS and Shared Folder
Permissions

Class discussion:
Determine effective NTFS
permissions
Determine shared folder
1 NTFS Volume 2 NTFS Volume
permissions
Users Group Sales Group

F
Users R Data
C

F F
User1 C User1 Sales Group C Sales

F
User2 C User2 HR

F
User3 C User3 Pubs
Practice: Determining Effective
NTFS and Shared Folder
Permissions

In this practice, you will:

Share the Legal folder
Determine the effective NTFS
permissions
Determine the effective
combined permissions
Lesson: Managing Access to Shared
Files Using Offline Caching

What Is Offline Files?

How Offline Files Are Synchronized
Offline File Caching Options
Practice: Using Offline Caching
What Is Offline Files?

Offline Files is a document-

management feature that provides the
user with consistent online and offline
access to files
Advantages of using Offline Files:
 Support for mobile users
 Automatic synchronization
 Performance advantages
 Backup advantages
How Offline Files Are Synchronized

Disconnected from the network

 Files are synchronized at logoff. The user
works with the locally cached copy
Logged on to the network
 Files are synchronized at logon. The user
works with the network version of the
files
If a file has been modified in both
locations
 The user must choose which version of
the file to keep or to rename one file and
keep both versions
Offline File Caching Options
Practice: Using Offline Caching

In this practice, you will:

Manually cache a document
in the Legal shared folder
Set synchronization options
Lab: Managing Access to Resources

In this lab, you will:

Create and share folders
Configure NTFS security
Publish shared folders
Test permissions
Configure automatic caching