Lesson 4: Configuring File and Share Access MOAC

Lesson 4: Configuring File and Share Access MOAC

Lesson 4: Configuring File and Share Access MOAC 70-410: Installing and Configuring Windows Server 2012 Overview Exam Objective 2.1: Configure File and Share Access Designing a File Sharing Strategy Creating Folder Shares Assigning Permissions Configuring Volume Shadow Copies Configuring NTFS Quotas

2013 John Wiley & Sons, Inc. 2 Creating Folder Shares Lesson 4: Configuring File and Share Access 2013 John Wiley & Sons, Inc. 3 Creating Folder

Shares Shares must be created in order for network users to be able to access the disks on the servers. You must determine: o What folders you will share o What names you will assign to the shares o What permissions you will grant users to the shares o What Offline Files settings you will use for the shares 2013 John Wiley & Sons, Inc.

4 Creator/Owner You can share your own folders. Right-click and select Share with > Specific People to access a simplified interface. Use Sharing tab of the folders Properties sheet for greater control. 2013 John Wiley & Sons, Inc. 5

Creating Folder Shares The File Sharing dialog box 2013 John Wiley & Sons, Inc. 6 Creating Folder Shares The Advanced Sharing dialog box 2013 John Wiley & Sons, Inc.

7 Types of Folder Shares Server Message Blocks (SMB) o The standard file-sharing protocol used by all versions of Windows. o Requires the File Server role service. Network File System (NFS) o The standard file sharing protocol used by most UNIX and Linux distributions. o Requires the Server for NFS role service.

2013 John Wiley & Sons, Inc. 8 Create a Folder Share The Shares homepage 2013 John Wiley & Sons, Inc. 9 Create a Folder Share

The Select the profile for this share page in the New Share Wizard 2013 John Wiley & Sons, Inc. 10 Create a Folder Share The Select the server and path for this share page of the New Share Wizard 2013 John Wiley & Sons, Inc. 11

Create a Folder Share The Specify share name page of the New Share Wizard 2013 John Wiley & Sons, Inc. 12 Create a Folder Share The Configure share settings page of the New Share Wizard

2013 John Wiley & Sons, Inc. 13 Create a Folder Share The Specify permissions to control access page of the New Share Wizard 2013 John Wiley & Sons, Inc. 14 Create a Folder Share

The Confirm selections page of the New Share Wizard 2013 John Wiley & Sons, Inc. 15 Create a Folder Share The new share on the Shares homepage in Server Manager 2013 John Wiley & Sons, Inc. 16

Assigning Permissions Lesson 4: Configuring File and Share Access 2013 John Wiley & Sons, Inc. 17 Assigning Permissions The four permissions systems: Share permissions: Control access to folders over a network. NTFS permissions: Control access to the files

and folders stored on disk volumes formatted with the NTFS file system. Registry permissions: Control access to specific parts of the Windows registry. Active Directory permissions: Control access to specific parts of an Active Directory Domain Services (AD DS) hierarchy. 2013 John Wiley & Sons, Inc. 18 Windows Permissions Architecture

Access Control List (ACL) Access Control Entries (ACEs) Security principal Permission ACL Sales Read Managers Full Control JSmith Deny Access ACEs

Folder Folder Security Principal 2013 John Wiley & Sons, Inc. 19 Windows Permissions The Security tab of a Properties sheet 2013 John Wiley & Sons, Inc. 20

Basic and Advanced Permissions Permissions allow you to grant specific degrees of access to security principals. Preconfigured permission combinations are called Basic Permissions. Advanced Permissions are more granular and can be applied individually, but are rarely used. 2013 John Wiley & Sons, Inc.

21 Allowing and Denying Permissions Additive o Start with no permissions and then grant Allow permissions (preferred method). Subtractive o Start by granting Allow permissions and then grant Deny permissions. 2013 John Wiley & Sons, Inc.

22 Inheriting Permissions Permissions run downward through a hierarchy 2013 John Wiley & Sons, Inc. 23 Effective Access The combination of Allow permissions and Deny permissions that a security principal

receives for a system element: Allow permissions are cumulative. Deny permissions override Allow permissions. Explicit permissions take precedence over inherited permissions. 2013 John Wiley & Sons, Inc. 24 Effective Access

The Effective Access tab of the Advanced Security Settings dialog box 2013 John Wiley & Sons, Inc. 25 Setting Share Permissions The Share Permissions tab for a shared folder 2013 John Wiley & Sons, Inc. 26

Share Permissions Share permission Allows or denies security principals the ability to: Full Control Change file permissions. Take ownership of files. Perform all tasks allowed by the Change permission. Change

Create folders. Add files to folders. Change data in files. Append data to files. Change file attributes. Delete folders and files. Perform all actions permitted by the Read permission. Read Display folder names, filenames, file data, and attributes. Execute program files. Access other folders within the shared folder.

2013 John Wiley & Sons, Inc. 27 Set Share Permissions The Permissions page of a shares Properties sheet in Server Manager 2013 John Wiley & Sons, Inc. 28

Set Share Permissions The Share tab of the Advanced Security Settings dialog box for a share in Server Manager 2013 John Wiley & Sons, Inc. 29 Set Share Permissions A Permission Entry dialog box for a share in Server Manager 2013 John Wiley & Sons, Inc.

30 Set Share Permission A new share permission entry in a shares access control list 2013 John Wiley & Sons, Inc. 31 NTFS Authorization NTFS and ReFS support permissions.

Every file and folder on an NTFS or ReFS drive has an ACL with ACEs, each of which contains a security principal and their permissions. Security Principals are users and groups identified by Windows using security identifiers (SIDs). During authorization, when a user accesses a file/folder, the system compares the users SIDs to those stored in the elements ACEs to determine that users access. 2013 John Wiley & Sons, Inc. 32

PermissionsFull Control Folder Modify the folder permissions. Take ownership of the folder. Delete subfolders and files contained in the folder. Perform all actions associated with all other

NTFS folder permissions. 2013 John Wiley & Sons, Inc. File Modify the file permissions. Take ownership of the file. Perform all actions associated with all other NTFS file permissions.

33 NTFS Basic PermissionsModify Folder Delete the folder. Perform all actions associated with the Write and the Read & Execute permissions. 2013 John Wiley & Sons, Inc.

File Modify the file. Delete the file. Perform all actions associated with the Write and the Read & Execute permissions. 34 PermissionsRead &

Execute Folder Navigate through restricted folders to reach other files and folders. Perform all actions associated with the Read and List Folder Contents permissions. 2013 John Wiley & Sons, Inc.

File Perform all actions associated with the Read permission. Run applications. 35 PermissionsList Folder Contents Folder View the names of the files and

subfolders contained in the folder. 2013 John Wiley & Sons, Inc. File Not applicable 36 NTFS Basic PermissionsRead

Folder See the files and subfolders contained in the folder. View the ownership, permissions, and attributes of the folder. 2013 John Wiley & Sons, Inc. File

Read the contents of the file. View the ownership, permissions, and attributes of the file. 37 NTFS Basic PermissionsWrite Folder

Create new files and subfolders inside the folder. Modify the folder attributes. View the ownership and permissions of the folder. 2013 John Wiley & Sons, Inc. File Overwrite the file. Modify the file

attributes. View the ownership and permissions of the file. 38 Assign Basic NTFS Permissions The Advanced Security Settings dialog box for a share in Server Manager 2013 John Wiley & Sons, Inc.

39 Assigning Advanced NTFS Permissions The Permission Entry dialog box displaying Advanced Permissions 2013 John Wiley & Sons, Inc. 40 Resource Ownership

Every file and folder on an NTFS drive has an owner. The owner always has the ability to modify the permissions, even if current permissions settings deny them access. The owner is the person who created the file or folder. Others with the Take Ownership permission can become the owner. 2013 John Wiley & Sons, Inc. 41

Combining Share and NTFS Permissions Shared Shared Folder Folder Share Permissions FC Everyone File A

NTFS Permissions R File B NTFS Permissions FC NTFS Volume 2013 John Wiley & Sons, Inc. 42

Configuring Volume Shadow Copies Lesson 4: Configuring File and Share Access 2013 John Wiley & Sons, Inc. 43 Volume Shadow Copies Allow you to maintain previous versions of files on a server.

A copy of a file can be accessed even if a file has been accidentally deleted or overwritten. Can be implemented for entire volumes only. 2013 John Wiley & Sons, Inc. 44 Configure Shadow Copies The Shadow Copies dialog box

2013 John Wiley & Sons, Inc. 45 Configure Shadow Copies The Settings dialog box 2013 John Wiley & Sons, Inc. 46 Configuring NTFS Quotas

Lesson 4: Configuring File and Share Access 2013 John Wiley & Sons, Inc. 47 NTFS Quotas Enable administrators to set a storage limit for users of a particular volume. Users exceeding the limit can be denied access or just receive a warning. Space consumed by users is measured by the size of the files they own or create.

2013 John Wiley & Sons, Inc. 48 Configure NTFS Quotas The Quota tab of a volumes Properties sheet 2013 John Wiley & Sons, Inc. 49 Configuring Work

Folders Work Folders is a Windows Server 2012 R2 feature that enables administrators to provide their users with synchronized access to their files on multiple workstations and devices, while storing them on a network file server. To set up the Work Folders environment, you install the Work Folders role service in the File and Storage Services role on a server running Windows Server 2012 R2, and create a new type of share called a sync share . o This installs the IIS Hostable Web Core feature , which makes it possible for the server to respond to incoming

HTTP requests from Work Folders clients on the network. 2013 John Wiley & Sons, Inc. 50 Configuring Work Folders On the client side, you configure Work Folders in the Windows 8.1 Control Panel, specifying the email address of the user and the location of the Work Folders on the local disk. o The system also creates a system folder called Work Folders, which appears in File Explorer and in

file management dialogs. o When the user saves files to the Work Folders on the client system, they are automatically synchronized with the users folder on the Work Folders server. 2013 John Wiley & Sons, Inc. 51 Lesson Summary Creating folder shares makes the data stored on a file servers disks accessible to network users. Windows Server 2012 R2 has several sets of permissions that

operate independently of each other, including NTFS permissions, share permissions, registry permissions, and Active Directory permissions. NTFS permissions enable you to control access to files and folders by specifying the tasks individual users can perform on them. Share permissions provide rudimentary access control for all of the files on a network share. Network users must have the proper share and NTFS permissions to access file server shares. Access-based enumeration (ABE) applies filters to shared folders based on individual users permissions to the files and subfolders in the share. Users who cannot access a particular shared resource are unable to see that resource on the network. 2013 John Wiley & Sons, Inc.

52 Lesson Summary Offline Files is a Windows feature that enables client systems to maintain local copies of files they access from server shares. Volume Shadow Copies is a Windows Server 2012 feature that enables you to maintain previous versions of files on a server, so that if users accidentally delete or overwrite a file, they can access a copy. You can only implement Shadow Copies for an entire volume; you cannot select specific shares, folders, or files.

NTFS quotas enable administrators to set a storage limit for users of a particular volume. Depending on how you configure the quota, users exceeding the limit can be denied disk space, or just receive a warning. 2013 John Wiley & Sons, Inc. 53 Copyright 2013 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that named in Section 117 of the 1976 United States Copyright Act without the express written consent of the copyright owner is unlawful. Requests for further information should be addressed to

the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.

Recently Viewed Presentations

  • Common Process Issues are Really Common

    Common Process Issues are Really Common

    Goals, objectives, and strategies for integrating a holistic approach to substance abuse prevention into primary health care settings - Input on how you see prevention fitting into primary care and what types of prevention services could occur in a primary...
  • MINI-CASE STUDY Microsoft Azure Batch Makes Scalable Video

    MINI-CASE STUDY Microsoft Azure Batch Makes Scalable Video

    Iolo Jones, CEO, TV Everywhere, owners of . Vidcoding. MINI-CASE STUDY. SOLUTION. Using the new Azure Batch facility, TV Everywhere's technical team developed an application layer that manages multiple processes simultaneously. TV Everywhere also utilizes Azure Web Apps and VMs.
  • When the Federal Government Comes Knocking on Your Virtual ...

    When the Federal Government Comes Knocking on Your Virtual ...

    12 years as a Senior Trial Attorney with the U.S. Department of Justice. Helped shape the government's policies for the Americans with Disabilities Act and Section 508 of the Rehabilitation Act. Helps organizations manage the change towards accessibility in all...
  • Leisure and Recreation - crestwoodpe - Home

    Leisure and Recreation - crestwoodpe - Home

    Leisure. Leisure time is quite simply the time when you can choose what you want to do. You have to establish some sort of balance in your life as there is a certain amount of time when you have to...
  • Graphical Solution of Simultaneous Equations y 10 9

    Graphical Solution of Simultaneous Equations y 10 9

    Simultaneous Equations can be solved using a graphical method if needed. ... Each equation should be rearranged in the form y = mx + c then plotted on a grid. The co-ordinates of the point of intersection of each line...
  • Classic North American City Models - Mr. Moody

    Classic North American City Models - Mr. Moody

    Sector Model, H. Hoyt (1930s, Chicago) model assumes the land use is conditioned by transportation routes radiating outward from the city center. industrial, retailing, and residential districts extend out from the CBD like wedges. Hoyt saw the best housing extending...
  • Programming II (CS300)Chapter 02: Using Objects

    Programming II (CS300)Chapter 02: Using Objects

    Java ArrayList Class. Java ArrayList Class inJava.utilpackage. uses a dynamic array for storing a set of elements . inherits AbstractList class and implements List interface. Main Properties. Java ArrayList class can contain duplicate elements. Java ArrayList class maintains insertion order....
  • Plasma Cutter - thomas.k12.ga.us

    Plasma Cutter - thomas.k12.ga.us

    Oxy-Acetylene Torches PPE Shade 5 (minumum) goggles or face shield Appropriate Footwear Leather Gloves and Apron Welding Screens RISKS Eye injuries - flash burn Burns - Hot molten metal Cutting Fumes Small projectiles - slag / debris Secure cylinders properly...