<p/> <BODY bgcolor="#ffffff" text="#000000"> <a class='inlineblock cb lh2 dr tr p5' href='86'>[Previous]</a> <a class='inlineblock cb lh2 dr tr p5' href='88'>[Next]</a><p/><A NAME="520"><H1>Lesson 1: Understanding Shared Folders</H1></A> <p/>You use <i>shared folders</i> to provide network users with access to file resources. When a folder is shared, users can connect to the folder over the network and gain access to the files that it contains. However, to gain access to the files, users must have permissions to access the shared folders.<p/><blockquote> <b>After this lesson, you will be able to</b> <ul> <p/><li>Use shared folders to provide access to network resources.</li><p/><li>Describe how permissions affect access to shared folders.</li><p/></ul> <p/><b>Estimated lesson time: 15 minutes</b><p/></blockquote><p/><A NAME="521"><H2>Shared Folder Permissions</H2></A> <p/>A shared folder can contain applications, data, or a user's personal data, called a <i>home folder.</i> Each type of data requires different shared folder permissions.<p/>The following are characteristics of shared folder permissions:<p/><ul> <p/><li>Shared folder permissions apply to folders, not individual files. Since you can apply shared folder permissions only to the entire shared folder, and not to individual files or subfolders in the shared folder, shared folder permissions provide less detailed security than NTFS permissions.</li><p/><li>Shared folder permissions don't restrict access to users who gain access to the folder at the computer where the folder is stored. They apply only to users who connect to the folder over the network.</li><p/><li>Shared folder permissions are the only way to secure network resources on a FAT volume. NTFS permissions aren't available on FAT volumes.</li><p/><li>The default shared folder permission is Full Control, and it is assigned to the Everyone group when you share the folder.</li><p/></ul> <p/><blockquote><b>NOTE</b><HR>A shared folder appears in Windows Explorer as an icon of a hand holding the shared folder. (Figure 15.1 shows the sharing icon.)</blockquote><p/>To control how users gain access to a shared folder, you assign shared folder permissions.<p/>Table 15.1 explains what each of the shared folder permissions allows a user to do. The permissions are presented from most restrictive to least restrictive.<p/><A HREF="'F15tk01x')"> <img src="/image/library/english/10219_F15tk01.JPG" width=404 height=226 border=0 > </A> <p/><!-- caption --><b>Figure 15.1</b> <i>Shared folders in Windows Explorer</i><!-- /caption --> <p/><b>Table 15.1</b> <i>Shared Folder Permissions</i><p/><table valign="top" cellpadding="5" width="95%"> <tr> <th>Shared folder permission</th> <th>Allows the user to</th> </tr> <tr> <td valign="top">Read </td><td valign="top">Display folder names, filenames, file data, and attributes; run program files; and change folders within the shared folder.</td> </tr> <tr> <td valign="top">Change </td><td valign="top">Create folders, add files to folders, change data in files, append data to files, change file attributes, delete folders and files, plus, it allows the user to perform actions permitted by the Read permission.</td> </tr> <tr> <td valign="top">Full Control </td><td valign="top">Change file permissions, take ownership of files, and perform all tasks permitted by the Change permission.</td> </tr> </table> <p/>You can allow or deny shared folder permissions. Generally, it is best to allow permissions and to assign permissions to a group rather than to individual users. You deny permissions only when it is necessary to override permissions that are otherwise applied. In most cases, you should deny permissions only when it is necessary to deny permission to a specific user who belongs to a group to which you have given the permission. If you deny a shared folder permission to a user, the user won't have that permission. For example, to deny <i>all</i> access to a shared folder, deny the Full Control permission.<p/><A NAME="522"><H2>How Shared Folder Permissions Are Applied</H2></A> <p/>Applying shared permissions to user accounts and groups affects access to a shared folder. Denying permission takes precedence over the permissions that you allow. The following list describes the effects of applying permissions.<p/><ul> <p/><li>Multiple Permissions Combine. A user can be a member of multiple groups, each with different permissions that provide different levels of access to a shared folder. When you assign permission to a user for a shared folder, and that user is a member of a group to which you assigned a different permission, the user's effective permissions are the combination of the user and group permissions. For example, if a user has Read permission and is a member of a group with Change permission, the user's effective permission is Change, which includes Read.</li><p/><li>Denying Permissions Overrides Other Permissions. Denied permissions take precedence over any permissions that you otherwise allow for user accounts and groups. If you deny a shared folder permission to a user, the user won't have that permission, even if you allow the permission for a group of which the user is a member.</li><p/><li>NTFS Permissions Are Required on NTFS Volumes. Shared folder permissions are sufficient to gain access to files and folders on a FAT volume but not on an NTFS volume. On a FAT volume, users can gain access to a shared folder for which they have permissions, as well as all of the folder's contents. When users gain access to a shared folder on an NTFS volume, they need the shared folder permission and also the appropriate NTFS permissions for each file and folder to which they gain access.</li><p/><li>Copied or Moved Shared Folders Are No Longer Shared. When you copy a shared folder, the original shared folder is still shared, but the copy is not shared. When you move a shared folder, it is no longer shared.</li><p/></ul> <A NAME="523"><H2>Guidelines for Shared Folder Permissions</H2></A> <p/>The following list provides some general guidelines for managing your shared folders and assigning shared folder permissions:<p/><ul> <p/><li>Determine which groups need access to each resource and the level of access that they require. Document the groups and their permissions for each resource.</li><p/><li>Assign permissions to groups instead of user accounts to simplify access administration.</li><p/><li>Assign to a resource the most restrictive permissions that still allow users to perform required tasks. For example, if users need only to read information in a folder, and they will never delete or create files, assign the Read permission.</li><p/><li>Organize resources so that folders with the same security requirements are located within a folder. For example, if users require Read permission for several application folders, store the application folders within the same folder. Then share this folder instead of sharing each individual application folder.</li><p/><li>Use intuitive share names so that users can easily recognize and locate resources. For example, for the Application folder, use Apps for the share name. You should also use share names that all client operating systems can use.</li><p/></ul> <p/>Although Windows 2000 allows for very long share names, try to keep share names short, about 12 characters. Shorter names are easier to remember and type. Products such as MS-DOS, Windows 3<i>.x</i>, and Windows for Workgroups require an 8.3-character share name.<p/>Microsoft Windows 2000 provides 8.3-character equivalent names, but the resulting names might not be intuitive to users. For example, a Windows 2000 folder named Accountants Database would appear as Account~1 on client computers running MS-DOS, Windows 3.<i>x</i>, and Windows for Workgroups.<p/><img src="/image/library/english/10219_practic.JPG" width=92 height=74 border="0"><p/><A NAME="524"><H2>Practice: Applied Permissions</H2></A> <p/>In the following practice, User101 has been assigned permissions to gain access to resources as an individual and as a member of a group, as shown in Figure 15.2. Determine which effective permissions User101 has in each situation:<p/><ol> <p/><li> User101 is a member of Group1, Group2, and Group3. Group1 has Read permission and Group3 has Full Control permission for FolderA. Group2 has no permissions assigned for FolderA. What are User101's effective permissions for FolderA? </li><p/><a class='inlineblock cb lh2 dr tr p5' href='149'>Answer</a><p/><li> User101 is also a member of the Sales group, which has the Read permission for FolderB. User101 has been denied the shared folder permission Full Control for FolderB as an individual user. What are User101's effective permissions for FolderB?</li><p/><a class='inlineblock cb lh2 dr tr p5' href='149'>Answer</a><p/></ol> <p/><A HREF="'F15tk02x')"> <img src="/image/library/english/10219_F15tk02.JPG" width=404 height=312 border=0 > </A> <p/><!-- caption --><b>Figure 15.2</b> <i>Applied permissions</i><!-- /caption --> <p/><A NAME="525"><H2>Lesson Summary</H2></A> <p/>In this lesson, you learned that you can make a folder and its contents available to other users over the network by sharing the folder. Using shared folder permissions is the only way to secure file resources on FAT volumes. Shared folder permissions apply to folders, not individual files. Shared folder permissions don't restrict access to users who gain access to the folder at the computer where the folder is stored. Shared folder permissions apply only to users who connect to the folder over the network.<p/>You also learned about the three shared folder permissions: Read, Change, and Full Control. The Read permission allows users to display folder names, filenames, file data, and attributes. The Read permission also allows users to run program files and to change folders within the shared folder. The Change permission allows users to create folders, add files to folders, change data in files, append data to files, change file attributes, and delete folders and files, plus it allows the user to perform actions permitted by the Read permission. The Full Control permission allows users to change file permissions, take ownership of files, and perform all tasks permitted by the Change permission. The default shared folder permission is Full Control, and it is assigned to the Everyone group when you share the folder.<p/> - Microsoft Windows 1002000 Professional E2 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Microsoft Windows 1002000 Professional E2 [Electronic resources] - نسخه متنی

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Sitemap

    Cover

    LOC Page

    About This Book

    Chapter 1 -- Introduction to Windows 2000

    Lesson 1: Overview of the Windows 2000 Platform

    Lesson 2: Windows 2000 Professional

    Lesson 3: Windows 2000 Workgroups and Domains

    Lesson 4: Logging On to Windows 2000

    Lesson 5: The Windows Security Dialog Box

    Review

    Chapter 2 -- Installing Windows 2000 Professional

    Lesson 1: Getting Started

    Lesson 2: Installing Windows 2000 from a CD-ROM

    Lesson 3: Installing Windows 2000 over the Network

    Lesson 4: Troubleshooting Windows 2000 Setup

    Review

    Chapter 3 -- Using Microsoft Management Console and Task Scheduler

    Lesson 1: Introducing the Microsoft Management Console

    Lesson 2: Using Consoles

    Lesson 3: Using Task Scheduler

    Review

    Chapter 4 -- Using Windows Control Panel

    Lesson 1: Configuring Hardware Settings

    Lesson 2: Configuring the Display

    Lesson 3: Configuring Operating System Settings

    Lesson 4: Installing Hardware Automatically

    Lesson 5: Installing Hardware Manually

    Lesson 6: Configuring and Troubleshooting the Desktop Environment

    Review

    Chapter 5 -- Using the Registry

    Lesson 1: Understanding the Registry

    Lesson 2: Using Registry Editor

    Review

    Chapter 6 -- Managing Disks

    Lesson 1: Introduction to Disk Management

    Lesson 2: Common Disk Management Tasks

    Review

    Chapter 7 -- Installing and Configuring Network Protocols

    Lesson 1: TCP/IP

    Lesson 2: NWLink

    Lesson 3: Other Protocols Supported by Windows 2000

    Lesson 4: Network Bindings

    Review

    Chapter 8 -- Using the DNS Service

    Lesson 1: Understanding DNS

    Lesson 2: Understanding Name Resolution

    Lesson 3: Configuring a DNS Client

    Review

    Chapter 9 -- Introducing Active Directory Directory Services

    Lesson 1: Understanding Active Directory Directory Services

    Lesson 2: Active Directory Structure and Replication

    Lesson 3: Understanding Active Directory Concepts

    Review

    Chapter 10 -- Setting Up and Managing User Accounts

    Lesson 1: Understanding User Accounts

    Lesson 2: Planning New User Accounts

    Lesson 3: Creating User Accounts

    Lesson 4: Setting Properties for User Accounts

    Review

    Chapter 11 -- Setting Up and Managing Groups

    Lesson 1: Implementing Local Groups

    Lesson 2: Implementing Built-In Local Groups

    Review

    Chapter 12 -- Setting Up and Configuring Network Printers

    Lesson 1: Introducing Windows 2000 Printing

    Lesson 2: Setting Up Network Printers

    Lesson 3: Connecting to Network Printers

    Lesson 4: Configuring Network Printers

    Lesson 5: Troubleshooting Network Printers

    Review

    Chapter 13 -- Administering Network Printers

    Lesson 1: Understanding Printer Administration

    Lesson 2: Managing Printers

    Lesson 3: Managing Documents

    Lesson 4: Administering Printers Using a Web Browser

    Lesson 5: Troubleshooting Common Printing Problems

    Review

    Chapter 14 -- Securing Resouces with NTFS Permissions

    Lesson 1: Understanding NTFS Permissions

    Lesson 2: Applying NTFS Permissions

    Lesson 3: Assigning NTFS Permissions

    Lesson 4: Assigning Special Access Permissions

    Lesson 5: Copying and Moving Files and Folders

    Lesson 6: Solving Permissions Problems

    Review

    Chapter 15 -- Administering Shared Folders

    Lesson 1: Understanding Shared Folders

    Lesson 2: Planning Shared Folders

    Lesson 3: Sharing Folders

    Lesson 4: Combining Shared Folder Permissions and NTFS Permissions

    Review

    Chapter 16 -- Auditing Resources and Events

    Lesson 1: Understanding Auditing

    Lesson 2: Planning an Audit Policy

    Lesson 3: Implementing an Audit Policy

    Lesson 4: Using Event Viewer

    Review

    Chapter 17 -- Configuring Group Policy and Local Security Policy

    Lesson 1: Configuring Account Policies

    Lesson 2: Configuring Security Options

    Review

    Chapter 18 -- Managing Data Storage

    Lesson 1: Managing NTFS Compression

    Lesson 2: Managing Disk Quotas

    Lesson 3: Increasing Security with EFS

    Lesson 4: Using Disk Defragmenter

    Review

    Chapter 19 -- Backing Up and Restoring Data

    Lesson 1: Understanding How to Back Up and Restore Data

    Lesson 2: Backing Up Data

    Lesson 3: Restoring Data

    Lesson 4: Changing Windows Default Backup Options

    Review

    Chapter 20 -- Monitoring Access to Network Resources

    Lesson 1: Monitoring Network Resources

    Lesson 2: Monitoring Access to Shared Folders

    Lesson 3: Sharing a Folder Using the Shared Folders Snap-In

    Lesson 4: Monitoring Network Users

    Review

    Chapter 21 -- Configuring Remote Access

    Lesson 1: Understanding the New Authentication Protocols in Windows 2000

    Lesson 2: Configuring Inbound Connections

    Lesson 3: Configuring Outbound Connections

    Review

    Chapter 22 - The Windows 2000 Boot Process

    Lesson 1: The Boot Process

    Lesson 2: Control Sets in the Registry

    Lesson 3: Advanced Boot Options

    Lesson 4: The Boot.ini File

    Lesson 5: Using the Recovery Console

    Review

    Chapter 23 -- Deploying Windows 2000

    Lesson 1: Automating Installations

    Lesson 2: Using Disk Duplication to Deploy Windows 2000

    Lesson 3: Performing Remote Installations

    Lesson 4: Upgrading Previous Versions of Windows to Windows 2000

    Lesson 5: Installing Service Packs

    Review

    Chapter 24 -- Configuring Windows 2000 for Mobile Computers

    Lesson 1: Using Offline Folders and Files

    Lesson 2: Configuring Power Options

    Review

    Chapter 25 -- Implementing, Managing, and Troubleshooting Hardware Devices and Drivers

    Lesson 1: Using Device Manager and System Information

    Lesson 2: Configuring, Monitoring, and Troubleshooting Driver Signing

    Lesson 3: Configuring Computers with Multiple Processors and Monitoring System Performance

    Lesson 4: Installing, Managing, and Troubleshooting Devices

    Review

    Appendix A -- Questions and Answers

    Appendix B -- Creating Setup Boot Disks

    Appendix C -- Understanding the DHCP Service

    Appendix D -- Managing Backup Tapes

    Glossary

    A

    B

    C

    D

    E

    F

    G

    H

    I

    J

    K

    L

    M

    N

    O

    P

    R

    S

    T

    U

    V

    W

    Z

    About This Electronic Book

    About Microsoft Press

    • توضیحات
    افزودن یادداشت جدید






    [Previous] [Next]

    Lesson 1: Understanding Shared Folders


    You use shared folders to provide network users with access to file resources. When a folder is shared, users can connect to the folder over the network and gain access to the files that it contains. However, to gain access to the files, users must have permissions to access the shared folders.


    After this lesson, you will be able to

    • Use shared folders to provide access to network resources.

    • Describe how permissions affect access to shared folders.


    Estimated lesson time: 15 minutes

    Shared Folder Permissions


    A shared folder can contain applications, data, or a user's personal data, called a home folder. Each type of data requires different shared folder permissions.

    The following are characteristics of shared folder permissions:


    • Shared folder permissions apply to folders, not individual files. Since you can apply shared folder permissions only to the entire shared folder, and not to individual files or subfolders in the shared folder, shared folder permissions provide less detailed security than NTFS permissions.

    • Shared folder permissions don't restrict access to users who gain access to the folder at the computer where the folder is stored. They apply only to users who connect to the folder over the network.

    • Shared folder permissions are the only way to secure network resources on a FAT volume. NTFS permissions aren't available on FAT volumes.

    • The default shared folder permission is Full Control, and it is assigned to the Everyone group when you share the folder.


    NOTE
    A shared folder appears in Windows Explorer as an icon of a hand holding the shared folder. (Figure 15.1 shows the sharing icon.)

    To control how users gain access to a shared folder, you assign shared folder
    permissions.

    Table 15.1 explains what each of the shared folder permissions allows a user to do. The permissions are presented from most restrictive to least restrictive.


    Figure 15.1 Shared folders in Windows Explorer

    Table 15.1 Shared Folder Permissions













    Shared folder permission Allows the user to
    Read Display folder names, filenames, file data, and
    attributes; run program files; and change folders
    within the shared folder.
    Change Create folders, add files to folders, change data in
    files, append data to files, change file attributes,
    delete folders and files, plus, it allows the user to
    perform actions permitted by the Read permission.
    Full Control Change file permissions, take ownership of files,
    and perform all tasks permitted by the Change
    permission.

    You can allow or deny shared folder permissions. Generally, it is best to allow permissions and to assign permissions to a group rather than to individual users. You deny permissions only when it is necessary to override permissions that are otherwise applied. In most cases, you should deny permissions only when it is necessary to deny permission to a specific user who belongs to a group to which you have given the permission. If you deny a shared folder permission to a user, the user won't have that permission. For example, to deny all access to a shared folder, deny the Full Control permission.

    How Shared Folder Permissions Are Applied


    Applying shared permissions to user accounts and groups affects access to a shared folder. Denying permission takes precedence over the permissions that you allow. The following list describes the effects of applying permissions.


    • Multiple Permissions Combine. A user can be a member of multiple groups, each with different permissions that provide different levels of access to a shared folder. When you assign permission to a user for a shared folder, and that user is a member of a group to which you assigned a different permission, the user's effective permissions are the combination of the user and group permissions. For example, if a user has Read permission and is a member of a group with Change permission, the user's effective permission is Change, which includes Read.

    • Denying Permissions Overrides Other Permissions. Denied permissions take precedence over any permissions that you otherwise allow for user accounts and groups. If you deny a shared folder permission to a user, the user won't have that permission, even if you allow the permission for a group of which the user is a member.

    • NTFS Permissions Are Required on NTFS Volumes. Shared folder permissions are sufficient to gain
      access to files and folders on a FAT volume but not on an NTFS volume. On a FAT volume, users can gain access to a shared folder for which they have permissions, as well as all of the folder's contents. When users gain access to a shared folder on an NTFS volume, they need the shared folder permission and also the appropriate NTFS permissions for each file and folder to which they gain access.

    • Copied or Moved Shared Folders Are No Longer Shared. When you copy a shared folder, the original shared folder is still shared, but the copy is not shared. When you move a shared folder, it is no longer shared.


    Guidelines for Shared Folder Permissions


    The following list provides some general guidelines for managing your shared folders and assigning shared folder permissions:


    • Determine which groups need access to each resource and the level of access that they require.
      Document the groups and their permissions for each resource.

    • Assign permissions to groups instead of user accounts to simplify access administration.

    • Assign to a resource the most restrictive permissions that still allow users to perform required tasks. For example, if users need only to read information in a folder, and they will never delete or create files, assign the Read permission.

    • Organize resources so that folders with the same security requirements are located within a folder. For example, if users require Read permission for several application folders, store the application folders within the same folder. Then share this folder instead of sharing each individual application folder.

    • Use intuitive share names so that users can easily recognize and locate
      resources. For example, for the Application folder, use Apps for the share name. You should also use share names that all client operating systems can use.


    Although Windows 2000 allows for very long share names, try to keep share names short, about 12 characters. Shorter names are easier to remember and type. Products such as MS-DOS, Windows 3.x, and Windows for Workgroups require an 8.3-character share name.

    Microsoft Windows 2000 provides 8.3-character equivalent names, but the resulting names might not be intuitive to users. For example, a Windows 2000 folder named Accountants Database would appear as Account~1 on client computers running MS-DOS, Windows 3.x, and Windows for Workgroups.

    Practice: Applied Permissions


    In the following practice, User101 has been assigned permissions to gain access to resources as an individual and as a member of a group, as shown in Figure 15.2. Determine which effective permissions User101 has in each situation:


    1. User101 is a member of Group1, Group2, and Group3. Group1 has Read permission and Group3 has Full Control permission for FolderA. Group2 has no permissions assigned for FolderA. What are User101's effective permissions for FolderA?

      2. Answer

    2. User101 is also a member of the Sales group, which has the Read permission for FolderB. User101 has been denied the shared folder permission Full Control for FolderB as an individual user. What are User101's effective permissions for FolderB?

      3. Answer



    Figure 15.2 Applied permissions

    Lesson Summary


    In this lesson, you learned that you can make a folder and its contents available to other users over the network by sharing the folder. Using shared folder permissions is the only way to secure file resources on FAT volumes. Shared folder permissions apply to folders, not individual files. Shared folder permissions don't restrict access to users who gain access to the folder at the computer where the folder is stored. Shared folder permissions apply only to users who connect to the folder over the network.

    You also learned about the three shared folder permissions: Read, Change,
    and Full Control. The Read permission allows users to display folder names, filenames, file data, and attributes. The Read permission also allows users to
    run program files and to change folders within the shared folder. The Change permission allows users to create folders, add files to folders, change data in files, append data to files, change file attributes, and delete folders and files, plus it allows the user to perform actions permitted by the Read permission. The Full Control permission allows users to change file permissions, take ownership of files, and perform all tasks permitted by the Change permission. The default shared folder permission is Full Control, and it is assigned to the Everyone group when you share the folder.

    / 156