Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] - نسخه متنی

Roberta Bragg

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

اذهب
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Table of Contents
Index
Reviews
Reader Reviews
Errata

Windows Server 2003 in a Nutshell
By Publisher: O''Reilly
Pub Date: September 2003
ISBN: 0-596-00404-4
Pages: 662

Microsoft has introduced the right server for a world now dominated by highly distributed systems and web-based server applications, and O''Reilly

Windows Server 2003 in a Nutshell is the most thorough and practical reference to this important new server. With complete coverage of both the GUI and Command line features, functions and commands, as well as tips and notes detailing subtle points and potential "gotchas", this book will quickly earn a permanent place on your desk top.

توضیحات
افزودن یادداشت جدید









PermissionsNotes

NTFS Permissions


Always give users and

groups
just enough access to meet their needs. For example,
don't assign Modify permission to a folder if you
want users only to read files in the folder and not to change or
delete them.

Never assign Full Control permission to folders used by ordinary
users (except their home folder). Otherwise, a user might modify the
permissions on the folder and cause difficulties for other users. Use
Modify permission instead when you want to give the widest range of
access to a folder for ordinary users. Modify will allow them to
create, modify, and delete files and subfolders within the folder
under consideration, which is pretty well all they will ever need to
do.

If you want users to be able to do everything except delete files,
assign Read & Execute and Write permissions to the folder instead
of Modify.

By assigning Full Control to Creator Owner, users who create a
subfolder or file within the given folder will have Full Control over
that subfolder or file and will thus be able to delete it even if the
Users group is assigned Read & Execute and Write permissions, as
described earlier.

A suitable NTFS permission for a folder where applications will be
stored is Read & Execute. Folders used to store data shared by
different users should have Modify permission (or Read & Execute
and Write, as described earlier). Home folders for users should be
owned by users, and they should have Full Control.

Assign the Administrators group Full Control of all folders except
users' home folders, to which they should have no
access.

Assign permissions to groups, not users. To grant a user access to a
resource, add the user to the group that has the suitable
permissions.

When you copy a file or folder on an NTFS volume, you become the
owner of the copy.

Denying a permission for a user takes precedence over any allowed
permissions assigned to groups to which that user belongs.

You can deny all access for a user or group to a folder or file by
denying Full Control permission for that user or group.

Always assign NTFS permissions to a folder first before sharing it.
If you share the folder first, there is a chance someone might access
the share before you have properly secured its contents.

You can also use the built-in system groups called Network and
Interactive to control access to shared resources:

  • Any permissions you assign to the Network group apply to all users
    who try to access the resource from other machines over the network.

  • Any permissions you assign to the Interactive group apply to all
    users who try to access the resource from the local machine where the
    resource is located.


If a user or group has Full Control permission on a folder, the user
or group can delete any files within the folder regardless of the
permissions on that file.

For information on what happens to NTFS permissions on a file when
you copy or move the file, see

Files

and

Folders earlier in this
chapter.

Don't assign special permissions unless absolutely
necessary. Keep permissions simple to ease troubleshooting when
things go wrong.

In the Access Control Settings dialog box, which appears when you
click Advanced on the Security tab, users or groups for which some
permissions are allowed while others are denied show up twice, once
with a key icon (allowed permissions) and once with a lock icon
(denied permissions). Also, the permissions column either displays
standard file or folder permissions or the word Special when special
permissions have been assigned.

You can manage NTFS permissions on a remote computer as well. Either
browse My Network Places for the file or folder (if shared) or map a
drive to the hidden administrative share for the remote drive on
which the file or folder whose permissions you want to manage is
located. Once the file or folder icon is displayed, right-click on it
and select Properties Security in the usual way.

Shared-Folder Permissions


To assign shared-folder permissions,

the folder must of course be shared.

Unlike NTFS and print permissions, there are no advanced (special)
shared-folder permissions you can configure.

To learn more about how to create and manage shared folders on the
network, see

Shared

Folders
later in this chapter.

If you do modify the default shared-folder permissions, make sure you
understand how NTFS and shared-folder permissions combine.

See Also


Files and Folders ,

Shared
Folders


/ 415