• No results found

Lesson 14: Configuring File and Folder Access. MOAC : Configuring Windows 8.1

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Lesson 14: Configuring File and Folder Access. MOAC : Configuring Windows 8.1"

Copied!
39
0
0

Loading.... (view fulltext now)

Download now ( 39 Page )

Full text

(1)

Lesson 14: Configuring File

and Folder Access

(2)

Overview

• Exam Objective 4.2: Configure file and

folder access

o Encrypt files and folders by using Encrypting File

System (EFS)

o Configure NTFS permissions o Configure disk quotas

(3)

Security Principal:

Managing Permissions

Lesson 14: Configuring File and Folder Access

(4)

Permissions

• Permissions are privileges granted to specific

system entities, such as users, groups, or

computers, enabling them to perform a task or access a resource.

• As an administrator, you should be familiar with

the operation of the following four permission systems:

o NTFS permissions o Share permissions o Registry permissions

(5)

Understanding the Windows

Permission Architecture

• To store permissions, each of these elements

has an access control list (ACL). An ACL is a collection of individual permissions, in the

form of access control entries (ACEs).

• To manage permissions in Windows 8.1, you

use the controls in the Security tab of the element’s Properties dialog box with the security principals listed at the top and the permissions associated with them at the

(6)

Understanding the Windows Permission Architecture

(7)

Understanding Basic and

Advanced Permissions

• When you open the Properties dialog box

for a system element and look at its Security tab, the permissions you are seeing are

called basic permissions.

• Basic permissions are combinations of

advanced permissions, which provide the most granular control over the element.

(8)

Understanding Basic and Advanced Permissions

(9)

Allowing and Denying

Permissions

• When you assign permissions to a system

element, you are, in effect, creating a new ACE in the element’s ACL.

• There are two basic types of ACEs: o Allow

o Deny

• This makes it possible to approach permission

management tasks from two directions:

o Additive o Subtractive

(10)

Inheriting Permissions

• The most important principle in permission

management is that permissions tend to run downwards through a hierarchy.

• The tendency of permissions to flow

downwards through a file system or other hierarchy is called permission inheritance.

• Permission inheritance means that parent

elements pass their permissions down to their subordinate elements.

(11)

Inheriting Permissions

(12)

Inheriting Permissions

(13)

Inheriting Permissions

(14)

Copying NTFS Files and

Folders

• When you copy NTFS files or folders from one

location to another, whether the destination is on the same or a different NTFS volume,

the new copy does not take the permissions from its original location with it.

• Instead, the new copy new inherits

permissions from its parent folder at the new location.

(15)

Moving NTFS Files and

Folders

• If you move files or folders to a new location

on the same NTFS volume, their existing permissions move with them.

• If you move files or folders to a different

volume, they leave their existing permissions behind and inherit permissions from the

(16)

Understanding Effective

Access

• Effective access is the combination of Allow

permissions and Deny permissions that a

security principal receives for a given system element, whether explicitly assigned,

inherited, or received through a group membership.

(17)

Understanding Effective Access

The Effective Access tab of the Advanced Security Settings dialog box

(18)

Managing NTFS

Permissions

• New Technology File System (NTFS), the primary

Windows file system, is required to implement various security and administrative features in Windows.

• NTFS permissions are available to drives

formatted with NTFS.

• The advantage with NTFS permissions is that

they affect local users as well as network users and they are based on the permission granted to each individual user at the Windows logon, regardless of where the user is connecting.

(19)

Assigning Basic NTFS

Permissions

• Most Windows system administrators work

with basic NTFS permissions almost exclusively.

• This is because there is no need to work

directly with advanced permissions for most common access control tasks.

(20)

Assign Basic NTFS Permissions

(21)

Assign Advanced NTFS Permissions

(22)

Using Icacls.exe

• Using Icacls.exe, you can grant or revoke

basic or advanced permissions by allowing or denying them to specific security

principals.

• The syntax for granting permissions is:

icacls.exe filespec /grant[:r] security_id:(permissions)

(23)

Understanding Resource

Ownership

• Every file and folder on an NTFS drive has an

owner.

• The owner can always modify the permissions

for the file or folder, even if the owner has no permissions.

• By default, the owner of a file or folder is the

user account that created it. However, any account possessing the Take Ownership

advanced permission (or the Full Control basic permission) can take ownership of the file or folder.

(24)

Using the Encrypting File

System

(25)

Encrypting File System

(EFS)

• The EFS is a feature of NTFS that encodes the

files on a computer so that even if an

intruder can obtain a file, he or she will be unable to read it.

• The entire system is keyed to a specific user

account, using the public and private keys that are the basis of the Windows public key infrastructure (PKI).

• The user who creates a file is the only person

(26)

Encrypting a Folder with

EFS

• In Windows 8.1, you can use File Explorer to

encrypt or disable EFS on any individual files or folders, as long as they are on an NTFS

(27)

Encrypt a Folder

(28)

Determining Whether a File

or Folder Is Encrypted

• Administrators commonly receive calls from

users who are unable to access their files

because they have been encrypted using EFS and the user is unaware of this fact.

• To resolve the problem, you must first determine

whether their files are encrypted or not, and whether the user has the proper NTFS

permissions.

• File Explorer displays the names of encrypted

files in green, by default, but this setting is easily changed in the Folder Options dialog box.

(29)

Configuring Disk Quotas

Lesson 14: Configuring File and Folder Access

(30)

NTFS Quotas

• NTFS quotas enable administrators to set a

storage limit for users of a particular volume.

• Depending on how you configure the

quota, users exceeding the limit can be

denied disk space, or just receive a warning.

• The space consumed by individuals users is

measured by the size of the files they own or create.

(31)

Configure Disk Quotas

(32)

Configuring Object Access

Auditing

(33)

Auditing

• Tracking events that take place on the local

computer, a process referred to as auditing, is an important part of monitoring and managing activities on a computer running Windows 8.1.

• The Audit Policy section of a Group Policy

object (GPO) enables administrators to log successful and failed security events, such as logons and logoffs, account access, and

object access.

• You can use auditing to track both user

(34)

Configuring Object Access Auditing

(35)

Audit Policy

• You must decide which computers,

resources, and events you want to audit.

• The following guidelines can help you to

plan your audit policy:

o Audit only pertinent items.

o Archive security logs to provide a documented

history.

(36)

Configure an Audit Policy

(37)

Configure Files and Folders for Auditing

(38)

Lesson Summary

• Windows 8.1 has several sets of permissions, which operate independently of each other, including NTFS permissions, share permissions, registry permissions, and Active Directory permissions.

• NTFS permissions enable you to control access to files and folders by specifying just what tasks individual users can perform on them.

• The Encrypting File System (EFS) is a feature of NTFS that

encodes the files on a computer so that even if an intruder can obtain a file, he or she will be unable to read it.

• NTFS quotas enable administrators to set a storage limit for

users of a particular volume. Depending on how you configure the quota, users exceeding the limit can be denied disk

(39)

Copyright 2013 John Wiley & Sons, Inc..

All rights reserved. Reproduction or translation of this work beyond that named in Section 117 of the 1976 United States Copyright Act without the express written consent of the copyright owner is unlawful. Requests for

further information should be addressed to the Permissions Department, John Wiley & Sons, Inc.. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no

responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.

References

Download now ( PDF - 39 Page - 2.40 MB )

Related documents

Web Hosting. CMS Development. Domain registrations. DNS Pointing. Website Publishing. SMB Starter Package. Static Website Development

 Supported OS: Windows® XP, Windows Vista®, Windows® 7, Windows® 8  File sharing in Windows® environments (CIFS).  Users & Groups access and modification

HP CIFS Server Administrator's Guide Version A HP-UX 11i v2 and HP-UX 11i v3

Chapter 3 Managing HP-UX File Access Permissions from Windows NT/XP Use this chapter to understand how to use Windows NT and XP clients to view and change UNIX file permissions

SystemTools Software Inc. NTFS and Share Permissions Reporting

Check the box to Export Security Information to enable this export, enter an Output File Name, and choose the share types to export from under Export security settings for these

Simbirsk Technologies Ltd.

In order to set the same file access permissions on a Windows-based server, you may need to give full permissions for the files and directories to the user with the IUSR

Access Manager. Help scenarios. Home. Access and permissions: Assigning or modifying access and permissions Copy permissions Manage Access

Whose business I can access View permissions granted to business View authorised credential holders Modify credential holder permissions Save Remove Confirm – Remove

Tai Chi Apeldoorn book

Mijn naam is Douwe Geluk en ik ben docent bij Tai Chi Apeldoorn Fu Yuan de Bron van Geluk de school voor Tai Chi Chuan, Qi Qong, Meditatie, Mindfulness, Chan, Zen meditatie en

Bioequivalence Recommendations For Iron Sucrose

Enter the treatment of recommendations iron sucrose injection by isotope studies of pk data were excluded from the bioequivalence of generic iv iron pharmacokinetics and suggest

State of Connecticut Department of Social Services Medicaid SBCH Program

Physical Therapist Means a person licensed pursuant to 20-70 or 20-71 of the Connecticut General Statutes Physical Therapist Assistant Has the same meaning as provided in