- Shopping Bag ( 0 items )
Ships from: pembroke pines, FL
Usually ships in 1-2 business days
In Chapter 14, "Securing Resources with NTFS Permissions," you learned about Microsoft Windows 2000 File System (NTFS) permissions. You use NTFS permissions to specify which users and groups can gain access to files and folders, and what these permissions allow users to do with the contents of the file or folder. NTFS permissions are available only on NTFS volumes. NTFS security is effective whether a user gains access to the file or folder at the computer or over the network.
In this chapter, you will learn how to make folders accessible over the network. You can access a computer's folders and their contents only by physically sitting at the computer and logging on to it or by accessing a shared folder on a remote computer. Sharing folders is the only way to make folders and their contents available over the network. Shared folders also provide another way to secure file resources, one that can be used on FAT or FAT32 partitions. In this chapter, you will also learn how to share file resources, secure them with permissions, and provide access to them.
To complete this chapter, you must have
You use shared folders to provide network users with access to file resources. When a folder is shared, users can connect to the folder over the network and gain accessto the files that it contains. However, to gain access to the files, users must have permissions to access the shared folders.
After this lesson, you will be able to
Estimated lesson time: 15 minutes
A shared folder can contain applications, data, or a user's personal data, called a home folder. Each type of data requires different shared folder permissions.
The following are characteristics of shared folder permissions:
A shared folder appears in Windows Explorer as an icon of a hand holding the shared folder. (Figure 15.1 shows the sharing icon.)
To control how users gain access to a shared folder, you assign shared folder permissions.
Table 15.1 explains what each of the shared folder permissions allows a user to do. The permissions are presented from most restrictive to least restrictive.
Figure 15.1 Shared folders in Windows Explorer
Table 15.1 Shared Folder Permissions
|Shared folder permission||Allows the user to|
|Read||Display folder names, filenames, file data, and attributes; run program files; and change folders within the shared folder.|
|Change||Create folders, add files to folders, change data in files, append data to files, change file attributes, delete folders and files, plus, it allows the user to perform actions permitted by the Read permission.|
|Full Control||Change file permissions, take ownership of files, and perform all tasks permitted by the Change permission.|
You can allow or deny shared folder permissions. Generally, it is best to allow permissions and to assign permissions to a group rather than to individual users. You deny permissions only when it is necessary to override permissions that are otherwise applied. In most cases, you should deny permissions only when it is necessary to deny permission to a specific user who belongs to a group to which you have given the permission. If you deny a shared folder permission to a user, the user won't have that permission. For example, to deny all access to a shared folder, deny the Full Control permission.
Applying shared permissions to user accounts and groups affects access to a shared folder. Denying permission takes precedence over the permissions that you allow. The following list describes the effects of applying permissions.
The following list provides some general guidelines for managing your shared folders and assigning shared folder permissions:
Although Windows 2000 allows for very long share names, try to keep share names short, about 12 characters. Shorter names are easier to remember and type. Products such as MS-DOS, Windows 3.x, and Windows for Workgroups require an 8.3-character share name.
Microsoft Windows 2000 provides 8.3-character equivalent names, but the resulting names might not be intuitive to users. For example, a Windows 2000 folder named Accountants Database would appear as Account~1 on client computers running MS-DOS, Windows 3.x, and Windows for Workgroups.
In the following practice, User101 has been assigned permissions to gain access to resources as an individual and as a member of a group, as shown in Figure 15.2. Determine which effective permissions User101 has in each situation:
Figure 15.2 Applied permissions
In this lesson, you learned that you can make a folder and its contents available to other users over the network by sharing the folder. Using shared folder permissions is the only way to secure file resources on FAT volumes. Shared folder permissions apply to folders, not individual files. Shared folder permissions don't restrict access to users who gain access to the folder at the computer where the folder is stored. Shared folder permissions apply only to users who connect to the folder over the network.
You also learned about the three shared folder permissions: Read, Change, and Full Control. The Read permission allows users to display folder names, filenames, file data, and attributes. The Read permission also allows users to run program files and to change folders within the shared folder. The Change permission allows users to create folders, add files to folders, change data in files, append data to files, change file attributes, and delete folders and files, plus it allows the user to perform actions permitted by the Read permission. The Full Control permission allows users to change file permissions, take ownership of files, and perform all tasks permitted by the Change permission. The default shared folder permission is Full Control, and it is assigned to the Everyone group when you share the folder.
When you plan shared folders, you can reduce administrative overhead and ease user access. You can organize resources that will be shared and put them into folders according to common access requirements. You can also determine which resources you want shared, organize resources according to function and use, and decide how you will administer the resources.
Shared folders can contain applications and data. Use shared application folders to centralize administration. Use shared data folders to provide a central location for users to store and gain access to common files. If all data files are centralized in one shared folder, users will find them easily. You will be able to back up data folders more easily if data folders are centralized, and you will be able to upgrade application software more easily if applications are centralized.
After this lesson, you will be able to
Estimated lesson time: 5 minutes
Shared application folders are used for applications that are installed on a network server and can be used from client computers. The main advantage of shared applications is that you don't need to install and maintain most components of the applications on each computer. While program files for applications can be stored on a server, configuration information for most network applications is often stored on each client computer. The exact way in which you share application folders will vary depending on the application and your particular network environment and company organization.
When you share application folders, consider the points in Figure 15.3. These points are explained in more detail as follows:
Figure 15.3 Creating and sharing application folders
Users on a network use data folders to exchange public and working data. Working data folders are used by members of a team who need access to shared files. Public data folders are used by larger groups of users who all need access to common data.
When you use data folders, create and share common data folders on a volume that is separate from the operating system and applications. Data files should be backed up frequently, and with data folders on a separate volume, you can conveniently back them up. If the operating system requires reinstallation, the volume containing the data folder remains intact.Public Data
When you share a common public data folder, do the following:
Figure 15.4 Public data and working data shared folders
When you share a data folder for working files, do the following:
For an example, see Figure 15.4. To protect data in the Accountants folder, which is a subfolder of the Data folder, share the Accountants folder and assign the Change permission only to the Accountants group so that only members of the Accountants group can gain access to the Accountants folder.
In this lesson, you learned that you use shared application folders to centralize administration and make it easier to upgrade application software. When you use shared application folders, you should assign the Administrators group the Full Control permission for the applications folder so that members of this group can manage the application software and control user permissions. You should also remove the Full Control permission from the Everyone group and assign Read permission to the Users group. This provides more security because the Users group includes only user accounts that you created, whereas the Everyone group includes anyone who has access to network resources, including the Guest account.
You also learned that you use shared data folders to provide a central location for users to store and gain access to common files. When you use data folders, create and share common data folders on a volume that is separate from the operating system and applications. Data files should be backed up frequently, and with data folders on a separate volume, you can conveniently back them up.
You can share resources with others by sharing folders containing those resources. To share a folder, you must be a member of one of several groups, depending on the role of the computer where the shared folder resides. When you share a folder, you can control access to the folder by limiting the number of users who can simultaneously gain access to it, and you can also control access to the folder and its contents by assigning permissions to selected users and groups. Once you have shared a folder, users must connect to the shared folder and must have the appropriate permissions to gain access to it. After you have shared a folder, you might want to modify it. You can stop sharing it, change its share name, and change user and group permissions to gain access to it.
After this lesson, you will be able to
Estimated lesson time: 20 minutes
In Windows 2000 Professional, members of the built-in Administrators and Power Users groups are able to share folders. Which groups can share folders and on which machines they can share them depends on whether it is a workgroup or a domain and the type of computer on which the shared folders reside:
If the folder to be shared resides on an NTFS volume, users must also have at least the Read permission for that folder to be able to share it.
Windows 2000 automatically shares folders for administrative purposes. These shares are appended with a dollar sign ($), which hides the shared folder from users who browse the computer. The root of each volume, the system root folder, and the location of the printer drivers are all hidden shared folders that you can gain access to across the network.
Table 15.2 describes the purpose of the administrative shared folders that Windows 2000 automatically provides.
Table 15.2 Windows 2000 Administrative Shared Folders
|C$, D$, E$, and so on||The root of each volume on a hard disk is automatically shared, and the share name is the drive letter appended with a dollar sign ($). When you connect to this folder, you have access to the entire volume. You use the administrative shares to remotely connect to the computer to perform administrative tasks. Windows 2000 assigns the Full Control permission to the Administrators group.
Windows 2000 also automatically shares CD-ROM drives and creates the share name by appending the dollar sign to the CD-ROM drive letter.
Posted June 22, 2000
this is a very well written primer for the 2000 Professional exam. The author included a good amount of redundancy and restatements which help commit the information to memory. At times it was a little vague for the actual test, but, it is a must read for exam preparationWas this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.