<p/> <HEAD> </HEAD> <BODY BGCOLOR="#ffffff" TEXT="#000000"> <a class="libraryIndexlink" href="index.aspx?pid=31159&BookID=23931&PageIndex=81&Language=3">[Previous]</A> <a class="libraryIndexlink" href="index.aspx?pid=31159&BookID=23931&PageIndex=83&Language=3">[Next]</A><p/><A NAME="495"><H1>Lesson 4: Assigning Special Access Permissions</H1></A> <p/>The standard NTFS permissions generally provide all of the access control that you need to secure your resources. However, sometimes the standard NTFS permissions don't provide the specific level of access that you might want to assign to users. To create a specific level of access, you can assign NTFS special access permissions.<p/><blockquote> <b>After this lesson, you will be able to</b> <ul> <p/><li>Give users the ability to change permissions on files or folders.</li><p/><li>Give users the ability to take ownership of files and folders.</li><p/></ul> <p/><b>Estimated lesson time: 5 minutes</b><p/></blockquote><p/><A NAME="496"><H2>Using Special Access Permissions</H2></A> <p/>There are 14 special access permissions. Two of them, shown in Figure 14.5, are particularly useful for controlling access to resources: Change Permissions and Take Ownership.<p/><A HREF="'F14tk05x')"> <img src="/image/library/english/10219_F14tk05.JPG" width=404 height=285 border=0 > </A> <p/><!-- caption --><b>Figure 14.5</b> <i>The Change Permissions and Take Ownership special access permissions</i><!-- /caption --> <p/>When you assign special access permissions to folders, you can choose where to apply the permissions down the tree to subfolders and files.<p/><A NAME="497"><H2>Changing Permissions</H2></A> <p/>You can give other administrators and users the ability to change permissions for a file or folder without giving them the Full Control permission over the file or folder. In this way, the administrator or user can't delete or write to the file or folder but can assign permissions to the file or folder.<p/>To give administrators the ability to change permissions, assign Change Permissions to the Administrators group for the file or folder.<p/><A NAME="498"><H2>Taking Ownership</H2></A> <p/>You can transfer ownership of files and folders from one user account or group to another user account or group. You can give someone the ability to take ownership and, as an administrator, you can take ownership of a file or folder.<p/>The following rules apply for taking ownership of a file or folder:<p/><ul> <p/><li>The current owner or any user with Full Control permission can assign the Full Control standard permission or the Take Ownership special access permission to another user account or group, allowing the user account or a member of the group to take ownership.</li><p/><li>An administrator can take ownership of a folder or file, regardless of assigned permissions. If an administrator takes ownership, the Administrators group becomes the owner and any member of the Administrators group can change the permissions for the file or folder and assign the Take Ownership permission to another user account or group.</li><p/>For example, if an employee leaves the company, an administrator can take ownership of the employee's files, assign the Take Ownership permission to another employee, and then that employee can take ownership of the former employee's files.<p/></ul> <p/><blockquote><b>NOTE</b><HR>You cannot <i>assign</i> anyone ownership of a file or folder. The owner of a file, an administrator, or anyone with Full Control permission can assign Take Ownership permission to a user account or group, allowing them to take ownership. To become the owner of a file or folder, a user or group member with Take Ownership permission must explicitly take ownership of the file or folder, as explained later in this chapter.</blockquote><p/><A NAME="499"><H2>Setting Special Access Permissions</H2></A> <p/>You assign special access permissions to enable users to change permissions and take ownership of files and folders, as follows:<p/><ol> <p/><li>In the Access Control Settings dialog box for a file or folder, on the Permissions tab, select the user account or group for which you want to apply NTFS special access permissions.</li><p/><li>Click View/Edit to open the Permissions Entry dialog box (see Figure 14.6).</li><p/><A HREF="'F14tk06x')"> <img src="/image/library/english/10219_F14tk06.JPG" width=404 height=347 border=0 > </A> <p/><!-- caption --><b>Figure 14.6</b> <i>The Permissions Entry dialog box</i><!-- /caption --> <p/></ol> <p/>The options in the Permissions Entry dialog box are described in Table 14.5.<p/><b>Table 14.5</b> <i>Options in the Permissions Entry Dialog Box</i><p/><table cellpadding=5 width="95%"><tr> <th>Option</th><th>Description</th> </tr><tr> <td valign="top">Name</td> <td valign="top">The user account or group name. To select a different user account or group, click Change.</td> </tr><tr> <td valign="top">Apply Onto</td> <td valign="top">The level of the folder hierarchy at which the special NTFS permissions are inherited. The default is This Folder, Subfolders And Files.</td> </tr><tr> <td valign="top">Permissions</td> <td valign="top">The special access permissions. To allow the Change Permissions permission or Take Ownership permission, select the Allow check box.</td> </tr><tr> <td valign="top">Apply These Permissions To Objects And/Or Containers Within This Container Only</td><td valign="top">Specify whether subfolders and files within a folder inherit the special access permissions from the folder. Select this check box to propagate the special access permissions to files and subfolders. Clear this check box to prevent permissions inheritance.</td> </tr><tr> <td valign="top">Clear All</td> <td valign="top">Click this button to clear all selected permissions.</td> </tr></table><p/><blockquote><b>NOTE</b><HR>In the Access Control Settings dialog box, on the Permissions tab, you can view the permissions that are applied to the file or folder, the owner, and where the permissions apply. When special access permissions have been assigned, Windows 2000 displays Special under Permissions.</blockquote><p/><A NAME="500"><H2>Taking Ownership of a File or Folder</H2></A> <p/>To take ownership of a file or folder, the user or a group member with Take Ownership permission must explicitly take ownership of the file or folder, as follows:<p/><ol> <p/><li>In the Access Control Settings dialog box, on the Owner tab, in the Change Owner To list, select your name.</li><p/><li>Select the Replace Owner On Subcontainers And Objects check box to take ownership of all subfolders and files that are contained within the folder.</li><p/></ol> <A NAME="501"><H2>Lesson Summary</H2></A> <p/>In this lesson, you learned that there are 13 special access permissions, and two of them are especially useful: Change Permissions and Take Ownership. You can give administrators and other users the ability to change permissions for a file or folder without giving them the Full Control permission over the file or folder. This prevents the administrator or user from deleting or writing to the file or folder, but it allows them to assign permissions to the file or folder.<p/>You also learned that you can transfer ownership of files and folders from one user account or group to another user account or group. The current owner or any user with Full Control permission can assign the Full Control standard permission or the Take Ownership special access permission to another user account or group, allowing the user account or a member of the group to take ownership. An administrator can take ownership of a folder or file, regardless of assigned permissions. When an administrator takes ownership of a file or folder, the Administrators group becomes the owner, and any member of the Administrators group can change the permissions for the file or folder and assign the Take Ownership permission to another user account or group.<p/> - Microsoft Windows 1002000 Professional E2 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Microsoft Windows 1002000 Professional E2 [Electronic resources] - نسخه متنی

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Sitemap

    Cover

    LOC Page

    About This Book

    Chapter 1 -- Introduction to Windows 2000

    Lesson 1: Overview of the Windows 2000 Platform

    Lesson 2: Windows 2000 Professional

    Lesson 3: Windows 2000 Workgroups and Domains

    Lesson 4: Logging On to Windows 2000

    Lesson 5: The Windows Security Dialog Box

    Review

    Chapter 2 -- Installing Windows 2000 Professional

    Lesson 1: Getting Started

    Lesson 2: Installing Windows 2000 from a CD-ROM

    Lesson 3: Installing Windows 2000 over the Network

    Lesson 4: Troubleshooting Windows 2000 Setup

    Review

    Chapter 3 -- Using Microsoft Management Console and Task Scheduler

    Lesson 1: Introducing the Microsoft Management Console

    Lesson 2: Using Consoles

    Lesson 3: Using Task Scheduler

    Review

    Chapter 4 -- Using Windows Control Panel

    Lesson 1: Configuring Hardware Settings

    Lesson 2: Configuring the Display

    Lesson 3: Configuring Operating System Settings

    Lesson 4: Installing Hardware Automatically

    Lesson 5: Installing Hardware Manually

    Lesson 6: Configuring and Troubleshooting the Desktop Environment

    Review

    Chapter 5 -- Using the Registry

    Lesson 1: Understanding the Registry

    Lesson 2: Using Registry Editor

    Review

    Chapter 6 -- Managing Disks

    Lesson 1: Introduction to Disk Management

    Lesson 2: Common Disk Management Tasks

    Review

    Chapter 7 -- Installing and Configuring Network Protocols

    Lesson 1: TCP/IP

    Lesson 2: NWLink

    Lesson 3: Other Protocols Supported by Windows 2000

    Lesson 4: Network Bindings

    Review

    Chapter 8 -- Using the DNS Service

    Lesson 1: Understanding DNS

    Lesson 2: Understanding Name Resolution

    Lesson 3: Configuring a DNS Client

    Review

    Chapter 9 -- Introducing Active Directory Directory Services

    Lesson 1: Understanding Active Directory Directory Services

    Lesson 2: Active Directory Structure and Replication

    Lesson 3: Understanding Active Directory Concepts

    Review

    Chapter 10 -- Setting Up and Managing User Accounts

    Lesson 1: Understanding User Accounts

    Lesson 2: Planning New User Accounts

    Lesson 3: Creating User Accounts

    Lesson 4: Setting Properties for User Accounts

    Review

    Chapter 11 -- Setting Up and Managing Groups

    Lesson 1: Implementing Local Groups

    Lesson 2: Implementing Built-In Local Groups

    Review

    Chapter 12 -- Setting Up and Configuring Network Printers

    Lesson 1: Introducing Windows 2000 Printing

    Lesson 2: Setting Up Network Printers

    Lesson 3: Connecting to Network Printers

    Lesson 4: Configuring Network Printers

    Lesson 5: Troubleshooting Network Printers

    Review

    Chapter 13 -- Administering Network Printers

    Lesson 1: Understanding Printer Administration

    Lesson 2: Managing Printers

    Lesson 3: Managing Documents

    Lesson 4: Administering Printers Using a Web Browser

    Lesson 5: Troubleshooting Common Printing Problems

    Review

    Chapter 14 -- Securing Resouces with NTFS Permissions

    Lesson 1: Understanding NTFS Permissions

    Lesson 2: Applying NTFS Permissions

    Lesson 3: Assigning NTFS Permissions

    Lesson 4: Assigning Special Access Permissions

    Lesson 5: Copying and Moving Files and Folders

    Lesson 6: Solving Permissions Problems

    Review

    Chapter 15 -- Administering Shared Folders

    Lesson 1: Understanding Shared Folders

    Lesson 2: Planning Shared Folders

    Lesson 3: Sharing Folders

    Lesson 4: Combining Shared Folder Permissions and NTFS Permissions

    Review

    Chapter 16 -- Auditing Resources and Events

    Lesson 1: Understanding Auditing

    Lesson 2: Planning an Audit Policy

    Lesson 3: Implementing an Audit Policy

    Lesson 4: Using Event Viewer

    Review

    Chapter 17 -- Configuring Group Policy and Local Security Policy

    Lesson 1: Configuring Account Policies

    Lesson 2: Configuring Security Options

    Review

    Chapter 18 -- Managing Data Storage

    Lesson 1: Managing NTFS Compression

    Lesson 2: Managing Disk Quotas

    Lesson 3: Increasing Security with EFS

    Lesson 4: Using Disk Defragmenter

    Review

    Chapter 19 -- Backing Up and Restoring Data

    Lesson 1: Understanding How to Back Up and Restore Data

    Lesson 2: Backing Up Data

    Lesson 3: Restoring Data

    Lesson 4: Changing Windows Default Backup Options

    Review

    Chapter 20 -- Monitoring Access to Network Resources

    Lesson 1: Monitoring Network Resources

    Lesson 2: Monitoring Access to Shared Folders

    Lesson 3: Sharing a Folder Using the Shared Folders Snap-In

    Lesson 4: Monitoring Network Users

    Review

    Chapter 21 -- Configuring Remote Access

    Lesson 1: Understanding the New Authentication Protocols in Windows 2000

    Lesson 2: Configuring Inbound Connections

    Lesson 3: Configuring Outbound Connections

    Review

    Chapter 22 - The Windows 2000 Boot Process

    Lesson 1: The Boot Process

    Lesson 2: Control Sets in the Registry

    Lesson 3: Advanced Boot Options

    Lesson 4: The Boot.ini File

    Lesson 5: Using the Recovery Console

    Review

    Chapter 23 -- Deploying Windows 2000

    Lesson 1: Automating Installations

    Lesson 2: Using Disk Duplication to Deploy Windows 2000

    Lesson 3: Performing Remote Installations

    Lesson 4: Upgrading Previous Versions of Windows to Windows 2000

    Lesson 5: Installing Service Packs

    Review

    Chapter 24 -- Configuring Windows 2000 for Mobile Computers

    Lesson 1: Using Offline Folders and Files

    Lesson 2: Configuring Power Options

    Review

    Chapter 25 -- Implementing, Managing, and Troubleshooting Hardware Devices and Drivers

    Lesson 1: Using Device Manager and System Information

    Lesson 2: Configuring, Monitoring, and Troubleshooting Driver Signing

    Lesson 3: Configuring Computers with Multiple Processors and Monitoring System Performance

    Lesson 4: Installing, Managing, and Troubleshooting Devices

    Review

    Appendix A -- Questions and Answers

    Appendix B -- Creating Setup Boot Disks

    Appendix C -- Understanding the DHCP Service

    Appendix D -- Managing Backup Tapes

    Glossary

    A

    B

    C

    D

    E

    F

    G

    H

    I

    J

    K

    L

    M

    N

    O

    P

    R

    S

    T

    U

    V

    W

    Z

    About This Electronic Book

    About Microsoft Press

    • توضیحات
    افزودن یادداشت جدید






    [Previous] [Next]

    Lesson 4: Assigning Special Access Permissions


    The standard NTFS permissions generally provide all of the access control that you need to secure your resources. However, sometimes the standard NTFS permissions don't provide the specific level of access that you might want to assign to users. To create a specific level of access, you can assign NTFS special access permissions.


    After this lesson, you will be able to

    • Give users the ability to change permissions on files or folders.

    • Give users the ability to take ownership of files and folders.


    Estimated lesson time: 5 minutes

    Using Special Access Permissions


    There are 14 special access permissions. Two of them, shown in Figure 14.5, are particularly useful for controlling access to resources: Change Permissions and Take Ownership.


    Figure 14.5 The Change Permissions and Take Ownership special access permissions

    When you assign special access permissions to folders, you can choose where to apply the permissions down the tree to subfolders and files.

    Changing Permissions


    You can give other administrators and users the ability to change permissions for a file or folder without giving them the Full Control permission over the file or folder. In this way, the administrator or user can't delete or write to the file or folder but can assign permissions to the file or folder.

    To give administrators the ability to change permissions, assign Change Permissions to the Administrators group for the file or folder.

    Taking Ownership


    You can transfer ownership of files and folders from one user account or group to another user account or group. You can give someone the ability to take ownership and, as an administrator, you can take ownership of a file or folder.

    The following rules apply for taking ownership of a file or folder:


    • The current owner or any user with Full Control permission can assign the Full Control standard permission or the Take Ownership special access permission to another user account or group, allowing the user account or a member of the group to take ownership.

    • An administrator can take ownership of a folder or file, regardless of assigned permissions. If an administrator takes ownership, the Administrators group becomes the owner and any member of the Administrators group can change the permissions for the file or folder and assign the Take Ownership permission to another user account or group.

      • For example, if an employee leaves the company, an administrator can take ownership of the employee's files, assign the Take Ownership permission to another employee, and then that employee can take ownership of the former employee's files.


    NOTE
    You cannot assign anyone ownership of a file or folder. The owner of a file, an administrator, or anyone with Full Control permission can assign Take Ownership permission to a user account or group, allowing them to take ownership. To become the owner of a file or folder, a user or group member with Take Ownership permission must explicitly take ownership of the file or folder, as explained later in this chapter.

    Setting Special Access Permissions


    You assign special access permissions to enable users to change permissions and take ownership of files and folders, as follows:


    1. In the Access Control Settings dialog box for a file or folder, on the Permissions tab, select the user account or group for which you want to apply NTFS special access permissions.

    2. Click View/Edit to open the Permissions Entry dialog box (see Figure 14.6).


      3. Figure 14.6 The Permissions Entry dialog box


    The options in the Permissions Entry dialog box are described in Table 14.5.

    Table 14.5 Options in the Permissions Entry Dialog Box













    OptionDescription
    Name The user account or group name. To select a different user account or group, click Change.
    Apply Onto The level of the folder hierarchy at which the special NTFS permissions are inherited. The default is This Folder, Subfolders And Files.
    Permissions The special access permissions. To allow the Change Permissions permission or Take Ownership permission, select the Allow check box.
    Apply These Permissions To Objects And/Or Containers Within This Container OnlySpecify whether subfolders and files within a folder inherit the special access permissions from the folder. Select this check box to propagate the special access permissions to files and subfolders. Clear this check box to prevent
    permissions inheritance.
    Clear All Click this button to clear all selected permissions.

    NOTE
    In the Access Control Settings dialog box, on the Permissions tab, you can view the permissions that are applied to the file or folder, the owner, and where the permissions apply. When special access permissions have been assigned, Windows 2000 displays Special under Permissions.

    Taking Ownership of a File or Folder


    To take ownership of a file or folder, the user or a group member with Take Ownership permission must explicitly take ownership of the file or folder, as follows:


    1. In the Access Control Settings dialog box, on the Owner tab, in the Change Owner To list, select your name.

    2. Select the Replace Owner On Subcontainers And Objects check box to take ownership of all subfolders and files that are contained within the folder.


    Lesson Summary


    In this lesson, you learned that there are 13 special access permissions, and two of them are especially useful: Change Permissions and Take Ownership. You can give administrators and other users the ability to change permissions for a file or folder without giving them the Full Control permission over the file or folder. This prevents the administrator or user from deleting or writing to the file or folder, but it allows them to assign permissions to the file or folder.

    You also learned that you can transfer ownership of files and folders from one user account or group to another user account or group. The current owner or any user with Full Control permission can assign the Full Control standard permission or the Take Ownership special access permission to another user account or group, allowing the user account or a member of the group to take ownership. An administrator can take ownership of a folder or file, regardless of assigned permissions. When an administrator takes ownership of a file or folder, the Administrators group becomes the owner, and any member of the Administrators group can change the permissions for the file or folder and assign the Take Ownership permission to another user account or group.

    / 156