<p/> <HEAD> </HEAD> <BODY BGCOLOR="#ffffff" TEXT="#000000"> <a class="libraryIndexlink" href="index.aspx?pid=31159&BookID=23931&PageIndex=79&Language=3">[Previous]</A> <a class="libraryIndexlink" href="index.aspx?pid=31159&BookID=23931&PageIndex=81&Language=3">[Next]</A><p/><A NAME="474"><H1>Lesson 2: Applying NTFS Permissions</H1></A> <p/>Administrators, the owners of files or folders, and users with Full Control permission can assign NTFS permissions to users and groups to control access to files and folders.<p/><blockquote> <b>After this lesson, you will be able to</b> <ul> <p/><li>Describe the result when you combine user account and group permissions.</li><p/><li>Describe the result when folder permissions are different from those of the files in the folder.</li><p/></ul> <p/><b>Estimated lesson time: 5 minutes</b><p/></blockquote><p/><A NAME="475"><H2>Access Control List</H2></A> <p/>NTFS stores an <i>access control list (ACL)</i> with every file and folder on an NTFS volume. The ACL contains a list of all user accounts and groups that have been granted access for the file or folder, as well as the type of access that they have been granted. When a user attempts to gain access to a resource, the ACL must contain an entry, called an <i>access control entry (ACE),</i> for the user account or a group to which the user belongs. The entry must allow the type of access that is requested (for example, Read access) for the user to gain access. If no ACE exists in the ACL, the user can't gain access to the resource.<p/><A NAME="476"><H2>Multiple NTFS Permissions</H2></A> <p/>You can assign multiple permissions to a user account and to each group in which the user is a member. To assign permissions, you must understand the rules and priorities regarding how NTFS assigns and combines multiple permissions and NTFS permission inheritance.<p/><A NAME="477"><H3>Cumulative Permissions</H3></A> <p/>A user's <i>effective permissions</i> for a resource are the sum of the NTFS permissions that you assign to the individual user account and to all of the groups to which the user belongs. If a user has Read permission for a folder and is a member of a group with Write permission for the same folder, the user has both Read and Write permission for that folder.<p/><A NAME="478"><H3>Overriding Folder Permissions with File Permissions</H3></A> <p/>NTFS file permissions take priority over NTFS folder permissions. A user with access to a file will be able to gain access to the file even if he or she doesn't have access to the folder containing the file. A user can gain access to the files for which he or she has permissions by using the full <i>universal naming convention (UNC)</i> or local path to open the file from its respective application, even though the folder in which it resides will be invisible if the user has no corresponding folder permission. In other words, if you don't have permission to access the folder containing the file you want to access, you will have to know the full path to the file to access it. Without permission to access the folder, you can't see the folder, so you can't browse for the file you want to access.<p/><A NAME="479"><H3>Overriding Other Permissions with Deny</H3></A> <p/>You can deny permission to a user account or group for a specific file, although this is not the recommended way to control access to resources. Denying a permission overrides all instances where that permission is allowed. Even if a user has permission to gain access to the file or folder as a member of a group, denying permission to the user blocks any other permission that the user might have (see Figure 14.1).<p/><A HREF="'F14tk01x')"> <img src="/image/library/english/10219_F14tk01.JPG" width=404 height=291 border=0 > </A> <p/><!-- caption --><b>Figure 14.1</b> <i>Multiple NTFS permissions</i><!-- /caption --> <p/>In Figure 14.1, User1 has Read permission for FolderA and is a member of Group A and Group B. Group B has Write permission for FolderA. Group A has been denied Write permission for File2.<p/>The user can read and write to File1. The user can also read File2, but she cannot write to File2 because she is a member of Group A, which has been denied Write permission for File 2.<p/><A NAME="480"><H2>NTFS Permissions Inheritance</H2></A> <p/>By default, permissions that you assign to the parent folder are inherited by and propagated to the subfolders and files that are contained in the parent folder. However, you can prevent permissions inheritance, as shown in Figure 14.2.<p/><A HREF="'F14tk02x')"> <img src="/image/library/english/10219_F14tk02.JPG" width=404 height=268 border=0 > </A> <p/><!-- caption --><b>Figure 14.2</b> <i>Inheritance</i><!-- /caption --> <p/><A NAME="481"><H3>Understanding Permissions Inheritance</H3></A> <p/>Whatever permissions you assign to the parent folder also apply to subfolders and files that are contained within the parent folder. When you assign NTFS permissions to give access to a folder, you assign permissions for the folder and for any existing files and subfolders, as well as for any new files and subfolders that are created in the folder.<p/><A NAME="482"><H3>Preventing Permissions Inheritance</H3></A> <p/>You can prevent permissions that are assigned to a parent folder from being inherited by subfolders and files that are contained within the folder. That is, the subfolders and files will not inherit permissions that have been assigned to the parent folder containing them.<p/>The folder for which you prevent permissions inheritance becomes the new parent folder, and permissions that are assigned to this folder will be inherited by the subfolders and files that are contained within it.<p/><A NAME="483"><H2>Lesson Summary</H2></A> <p/>This lesson showed you that administrators, the owners of files or folders, and users with Full Control permission can assign NTFS permissions to users and groups to control access to files and folders. NTFS stores an ACL with every file and folder on an NTFS volume. The ACL contains a list of all user accounts and groups that have been granted access to the file or folder, as well as the type of access that they have been granted. A user attempting to gain access to a resource must have permission for the type of access that is requested for the user to gain access.<p/>You also learned that you can assign multiple permissions to a user account by assigning permissions to his or her individual user account and to each group of which the user is a member. Rules and priorities control how NTFS assigns and combines multiple permissions; for example, NTFS file permissions take priority over NTFS folder permissions. A user's effective permissions for a resource are based on the NTFS permissions that you assign to the individual user account and to all of the groups to which the user belongs.<p/> - Microsoft Windows 1002000 Professional E2 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Microsoft Windows 1002000 Professional E2 [Electronic resources] - نسخه متنی

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Sitemap

    Cover

    LOC Page

    About This Book

    Chapter 1 -- Introduction to Windows 2000

    Lesson 1: Overview of the Windows 2000 Platform

    Lesson 2: Windows 2000 Professional

    Lesson 3: Windows 2000 Workgroups and Domains

    Lesson 4: Logging On to Windows 2000

    Lesson 5: The Windows Security Dialog Box

    Review

    Chapter 2 -- Installing Windows 2000 Professional

    Lesson 1: Getting Started

    Lesson 2: Installing Windows 2000 from a CD-ROM

    Lesson 3: Installing Windows 2000 over the Network

    Lesson 4: Troubleshooting Windows 2000 Setup

    Review

    Chapter 3 -- Using Microsoft Management Console and Task Scheduler

    Lesson 1: Introducing the Microsoft Management Console

    Lesson 2: Using Consoles

    Lesson 3: Using Task Scheduler

    Review

    Chapter 4 -- Using Windows Control Panel

    Lesson 1: Configuring Hardware Settings

    Lesson 2: Configuring the Display

    Lesson 3: Configuring Operating System Settings

    Lesson 4: Installing Hardware Automatically

    Lesson 5: Installing Hardware Manually

    Lesson 6: Configuring and Troubleshooting the Desktop Environment

    Review

    Chapter 5 -- Using the Registry

    Lesson 1: Understanding the Registry

    Lesson 2: Using Registry Editor

    Review

    Chapter 6 -- Managing Disks

    Lesson 1: Introduction to Disk Management

    Lesson 2: Common Disk Management Tasks

    Review

    Chapter 7 -- Installing and Configuring Network Protocols

    Lesson 1: TCP/IP

    Lesson 2: NWLink

    Lesson 3: Other Protocols Supported by Windows 2000

    Lesson 4: Network Bindings

    Review

    Chapter 8 -- Using the DNS Service

    Lesson 1: Understanding DNS

    Lesson 2: Understanding Name Resolution

    Lesson 3: Configuring a DNS Client

    Review

    Chapter 9 -- Introducing Active Directory Directory Services

    Lesson 1: Understanding Active Directory Directory Services

    Lesson 2: Active Directory Structure and Replication

    Lesson 3: Understanding Active Directory Concepts

    Review

    Chapter 10 -- Setting Up and Managing User Accounts

    Lesson 1: Understanding User Accounts

    Lesson 2: Planning New User Accounts

    Lesson 3: Creating User Accounts

    Lesson 4: Setting Properties for User Accounts

    Review

    Chapter 11 -- Setting Up and Managing Groups

    Lesson 1: Implementing Local Groups

    Lesson 2: Implementing Built-In Local Groups

    Review

    Chapter 12 -- Setting Up and Configuring Network Printers

    Lesson 1: Introducing Windows 2000 Printing

    Lesson 2: Setting Up Network Printers

    Lesson 3: Connecting to Network Printers

    Lesson 4: Configuring Network Printers

    Lesson 5: Troubleshooting Network Printers

    Review

    Chapter 13 -- Administering Network Printers

    Lesson 1: Understanding Printer Administration

    Lesson 2: Managing Printers

    Lesson 3: Managing Documents

    Lesson 4: Administering Printers Using a Web Browser

    Lesson 5: Troubleshooting Common Printing Problems

    Review

    Chapter 14 -- Securing Resouces with NTFS Permissions

    Lesson 1: Understanding NTFS Permissions

    Lesson 2: Applying NTFS Permissions

    Lesson 3: Assigning NTFS Permissions

    Lesson 4: Assigning Special Access Permissions

    Lesson 5: Copying and Moving Files and Folders

    Lesson 6: Solving Permissions Problems

    Review

    Chapter 15 -- Administering Shared Folders

    Lesson 1: Understanding Shared Folders

    Lesson 2: Planning Shared Folders

    Lesson 3: Sharing Folders

    Lesson 4: Combining Shared Folder Permissions and NTFS Permissions

    Review

    Chapter 16 -- Auditing Resources and Events

    Lesson 1: Understanding Auditing

    Lesson 2: Planning an Audit Policy

    Lesson 3: Implementing an Audit Policy

    Lesson 4: Using Event Viewer

    Review

    Chapter 17 -- Configuring Group Policy and Local Security Policy

    Lesson 1: Configuring Account Policies

    Lesson 2: Configuring Security Options

    Review

    Chapter 18 -- Managing Data Storage

    Lesson 1: Managing NTFS Compression

    Lesson 2: Managing Disk Quotas

    Lesson 3: Increasing Security with EFS

    Lesson 4: Using Disk Defragmenter

    Review

    Chapter 19 -- Backing Up and Restoring Data

    Lesson 1: Understanding How to Back Up and Restore Data

    Lesson 2: Backing Up Data

    Lesson 3: Restoring Data

    Lesson 4: Changing Windows Default Backup Options

    Review

    Chapter 20 -- Monitoring Access to Network Resources

    Lesson 1: Monitoring Network Resources

    Lesson 2: Monitoring Access to Shared Folders

    Lesson 3: Sharing a Folder Using the Shared Folders Snap-In

    Lesson 4: Monitoring Network Users

    Review

    Chapter 21 -- Configuring Remote Access

    Lesson 1: Understanding the New Authentication Protocols in Windows 2000

    Lesson 2: Configuring Inbound Connections

    Lesson 3: Configuring Outbound Connections

    Review

    Chapter 22 - The Windows 2000 Boot Process

    Lesson 1: The Boot Process

    Lesson 2: Control Sets in the Registry

    Lesson 3: Advanced Boot Options

    Lesson 4: The Boot.ini File

    Lesson 5: Using the Recovery Console

    Review

    Chapter 23 -- Deploying Windows 2000

    Lesson 1: Automating Installations

    Lesson 2: Using Disk Duplication to Deploy Windows 2000

    Lesson 3: Performing Remote Installations

    Lesson 4: Upgrading Previous Versions of Windows to Windows 2000

    Lesson 5: Installing Service Packs

    Review

    Chapter 24 -- Configuring Windows 2000 for Mobile Computers

    Lesson 1: Using Offline Folders and Files

    Lesson 2: Configuring Power Options

    Review

    Chapter 25 -- Implementing, Managing, and Troubleshooting Hardware Devices and Drivers

    Lesson 1: Using Device Manager and System Information

    Lesson 2: Configuring, Monitoring, and Troubleshooting Driver Signing

    Lesson 3: Configuring Computers with Multiple Processors and Monitoring System Performance

    Lesson 4: Installing, Managing, and Troubleshooting Devices

    Review

    Appendix A -- Questions and Answers

    Appendix B -- Creating Setup Boot Disks

    Appendix C -- Understanding the DHCP Service

    Appendix D -- Managing Backup Tapes

    Glossary

    A

    B

    C

    D

    E

    F

    G

    H

    I

    J

    K

    L

    M

    N

    O

    P

    R

    S

    T

    U

    V

    W

    Z

    About This Electronic Book

    About Microsoft Press

    • توضیحات
    افزودن یادداشت جدید






    [Previous] [Next]

    Lesson 2: Applying NTFS Permissions


    Administrators, the owners of files or folders, and users with Full Control permission can assign NTFS permissions to users and groups to control access to files and folders.


    After this lesson, you will be able to

    • Describe the result when you combine user account and group permissions.

    • Describe the result when folder permissions are different from those of the files in the folder.


    Estimated lesson time: 5 minutes

    Access Control List


    NTFS stores an access control list (ACL) with every file and folder on an NTFS volume. The ACL contains a list of all user accounts and groups that have been granted access for the file or folder, as well as the type of access that they have been granted. When a user attempts to gain access to a resource, the ACL must contain an entry, called an access control entry (ACE), for the user account or a group to which the user belongs. The entry must allow the type of access that is requested (for example, Read access) for the user to gain access. If no ACE exists in the ACL, the user can't gain access to the resource.

    Multiple NTFS Permissions


    You can assign multiple permissions to a user account and to each group in which the user is a member. To assign permissions, you must understand the rules and priorities regarding how NTFS assigns and combines multiple permissions and NTFS permission inheritance.

    Cumulative Permissions


    A user's effective permissions for a resource are the sum of the NTFS permissions that you assign to the individual user account and to all of the groups to which the user belongs. If a user has Read permission for a folder and is a member of a group with Write permission for the same folder, the user has both Read and Write permission for that folder.

    Overriding Folder Permissions with File Permissions


    NTFS file permissions take priority over NTFS folder permissions. A user with access to a file will be able to gain access to the file even if he or she doesn't have access to the folder containing the file. A user can gain access to the files for which he or she has permissions by using the full universal naming convention (UNC) or local path to open the file from its respective application, even though the folder in which it resides will be invisible if the user has no corresponding folder permission. In other words, if you don't have permission to access the folder containing the file you want to access, you will have to know the full path to the file to access it. Without permission to access the folder, you can't see the folder, so you can't browse for the file you want to access.

    Overriding Other Permissions with Deny


    You can deny permission to a user account or group for a specific file, although this is not the recommended way to control access to resources. Denying a permission overrides all instances where that permission is allowed. Even if a user has permission to gain access to the file or folder as a member of a group, denying permission to the user blocks any other permission that the user might have (see Figure 14.1).


    Figure 14.1 Multiple NTFS permissions

    In Figure 14.1, User1 has Read permission for FolderA and is a member of Group A and Group B. Group B has Write permission for FolderA. Group A has been denied Write permission for File2.

    The user can read and write to File1. The user can also read File2, but she cannot write to File2 because she is a member of Group A, which has been denied Write permission for File 2.

    NTFS Permissions Inheritance


    By default, permissions that you assign to the parent folder are inherited by and propagated to the subfolders and files that are contained in the parent folder. However, you can prevent permissions inheritance, as shown in Figure 14.2.


    Figure 14.2 Inheritance

    Understanding Permissions Inheritance


    Whatever permissions you assign to the parent folder also apply to subfolders and files that are contained within the parent folder. When you assign NTFS permissions to give access to a folder, you assign permissions for the folder and for any existing files and subfolders, as well as for any new files and subfolders that are created in the folder.

    Preventing Permissions Inheritance


    You can prevent permissions that are assigned to a parent folder from being inherited by subfolders and files that are contained within the folder. That is, the subfolders and files will not inherit permissions that have been assigned to the parent folder containing them.

    The folder for which you prevent permissions inheritance becomes the new parent folder, and permissions that are assigned to this folder will be inherited by the subfolders and files that are contained within it.

    Lesson Summary


    This lesson showed you that administrators, the owners of files or folders, and users with Full Control permission can assign NTFS permissions to users and groups to control access to files and folders. NTFS stores an ACL with every file and folder on an NTFS volume. The ACL contains a list of all user accounts and groups that have been granted access to the file or folder, as well as the type of access that they have been granted. A user attempting to gain access to a resource must have permission for the type of access that is requested for the user to
    gain access.

    You also learned that you can assign multiple permissions to a user account by assigning permissions to his or her individual user account and to each group of which the user is a member. Rules and priorities control how NTFS assigns and combines multiple permissions; for example, NTFS file permissions take priority over NTFS folder permissions. A user's effective permissions for a resource are based on the NTFS permissions that you assign to the individual user account and to all of the groups to which the user belongs.

    / 156