Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] - نسخه متنی

Roberta Bragg

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Table of Contents
Index
Reviews
Reader Reviews
Errata

Windows Server 2003 in a Nutshell
By Publisher: O''Reilly
Pub Date: September 2003
ISBN: 0-596-00404-4
Pages: 662

Microsoft has introduced the right server for a world now dominated by highly distributed systems and web-based server applications, and O''Reilly

Windows Server 2003 in a Nutshell is the most thorough and practical reference to this important new server. With complete coverage of both the GUI and Command line features, functions and commands, as well as tips and notes detailing subtle points and potential "gotchas", this book will quickly earn a permanent place on your desk top.

توضیحات
افزودن یادداشت جدید









Shared FoldersNotes

Sharing Files


If the folder you want to

share is on an NTFS volume, you must
have a minimum NTFS permission of Read for the folder in order to
share it.

If you copy a shared folder, the copy is not shared. However, the
original shared folder remains shared.

If you move a shared folder, the moved folder is not shared.

Folders can be shared multiple times, each time with a different
share name and different shared-folder permissions.

To temporarily prevent all users from accessing a shared folder, stop
sharing it. This will immediately disconnect any users who had
connected to the folder to access its contents.

You can change the share name of a shared folder without stopping it
from being shared first. If you change the actual name of the folder
itself, however, it will no longer be shared.

You can also share printers over the network. See

Printing earlier in this chapter for more
information.

Shared folders and shared printers are often simply called

shares in Microsoft parlance.

When you are mapping a network drive, you can connect as a different
user if desired. For example, if you are an administrator working at
an ordinary user's desktop machine and you need to
access the contents of a share whose permissions are restricted to
Administrators, you can connect to the share using your Administrator
credentials and the Map Network Drive Wizard.

Keep the share name the same as the folder name to simplify
administration of shared folders.

If you add a dollar sign ($) as a suffix to the share name for a
shared folder, it becomes a hidden folder that
doesn't appear in My Network Places or Windows
Explorer. A user can still access the folder, though, if he knows the
exact share nameso this method should not be used to secure a
shared folder. Use permissions instead to control access to the
folder.

To make things easier for users when there are a large number of
shared folders on the network, specify a Comment for each shared
folder that describes what the folder is used for or what it
contains. These comments are visible to users in My Network Places
and Windows Explorer.

A good suggestion is to create all shared folders on NTFS volumes.
Then leave the shared-folder permissions at their default setting
(Full Control for Everyone), and manage folder access using the more
granular NTFS permissions. For more information on shared-folder and
NTFS permissions and how they combine, see

Permissions earlier in this chapter.

There is little reason to create multiple shares for a single folder
using New Share. Keep things simple when you are creating and
managing shared folders.

If you have shared a folder more than once, an additional option
called Remove a Share appears on the Sharing tab of the
folder's properties sheet.

Do not stop sharing a folder while users are connected to it, or they
may lose their data. Instead, first send a console message to all
users connected to the share, indicating that they should save their
work. Do this by opening the Computer Management console and
selecting System Tools Shared Folders Action
Send Console Message.

If you modify the permissions on a shared folder to grant users or
groups access to the folder, but users complain that they still
don't have the access you promised them, tell them
to either:

  • Log off and then log on again (simplest).

  • Close all network connections from the client to the server where the
    share resides (for example, by disconnecting network drives to that
    machine), and then make new connections to the server.


Other things you can check if this doesn't work
include:

  • Their network connection.

  • Which groups the user belongs to and the level of access to the
    resource these groups have.

  • If the resource is located on an NTFS volume, make sure the user has
    NTFS permissions explicitly assigned to his user account or to a
    group to which he belongs.


Note that the information displayed in Shared Folders is not updated
automatically. To update the display, use Action Refresh.

If you stop sharing an administrative share, it may disrupt network
communications with the server and remote management of the server.
If you do stop an administrative share, you should reboot the server
to restore the appropriate permissions on the share.

When you create a custom Shared Folders console, you specify in
advance which computer this console will manage. You
can't switch the focus to a different computer once
the console has been created, though you have the option to do this
if you launch the console from the command line. If you are using
Shared Folders as part of Computer Management, however, you can
switch the focus to a different computer using the Action menu.

When you create a custom Shared Folders console, you also have the
option of displaying all three subnodes or any single subnode you
specify. In this way, for example, you can create a Shared Folders
console that displays only the open sessions on the server.

Open Files displays files opened by other users on the network but
not files opened by yourself.

A

named pipe is a mechanism by which local or
remote processes can exchange information. Sessions display
administrative connections to remote computers as named pipes, and
these sessions can't be closed using Shared Folders
(since to do so would interfere with the operation of the Shared
Folders console itself).

Offline Files


Offline files let you make
any shared files or folders on a Microsoft
network available for offline use, provided the computer supports the
Server Message Block (SMB) protocol for file sharing. This includes
WS2003, W2K, XP, NT 4.0, Windows 98, and Windows 95 computers, but
doesn't include Novell NetWare servers.

You can make shared folders, specific files within shared folders, or
mapped network drives available for offline use on WS2003 clients.

Heavy use of offline files can slow down the logon and logoff process
for users. Enable this feature only when needed, such as for laptop
computers or when the network connection is unreliable.

To enable and configure offline files on the server, you need to be
an administrator.

If a shortcut to a file is made available offline, you will be able
to access that file offline. If a shortcut to a folder is made
available offline, however, you will not be able to access the
contents of that folder offline. To make the contents of a folder
available offline, make the folder itself available offline.

To make a single file within a shared folder available offline, make
the file available offline, and then create a shortcut to the file so
you can access it even though you can't access the
shared folder itself.

Shared folders made available offline on the server and configured
for automatic caching are displayed as network folder icons within My
Network Places on client computers once the client connects to them
for the first time.

Offline files can also be managed centrally using Group Policy. Open
the GPO linked to the OU containing the computers on which you want
to enable and configure offline files, select Computer Configuration
Administrative Templates Network
Offline Files, and configure the policies as desired.

Shadow Copies


A maximum of 64
shadow copies can be stored per volume.
When this is exceeded, the oldest copies are deleted.

Shadow copies are read-only and can't be modified,
but if you copy a shadow copy you can modify the copy!

When you restore a file from a shadow copy, its permissions are the
same as they were originally.

Don't use shadow copies as a replacement for normal
backups of your file server.

Choose a separate volume on a different disk drive as the storage
area for your shadow copies.

Administrative Shares


You should not stop sharing or otherwise modify these
administrative shares. If you do stop sharing one, it will be
reshared when you reboot your system or when the Server service is
restarted.

If you are an administrator, you can quickly display and access the
contents of any drive (for example, the

C :
drive) on a remote machine (for example,

Server9 ) by Start Run
\\Server9\C$ OK.

In WS2003, the

%SystemRoot% folder is named

Windows by default. This has changed since W2K
and NT, on which this folder was named

Winnt by
default.

See Also


Files and Folders , net
file, net
send, net
session, net
share, net
use, net
view, openfiles,

Permissions


/ 415