it103microsoft windows xp/os chap08
TRANSCRIPT
11
CONFIGURING AND MANAGING SHARED FOLDER SECURITY
Chapter 8
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 2
OVERVIEW
Create and remove shared folders
Control access to shared folders
Analyze and troubleshoot combined permissions
Manage and troubleshoot offline files
Manage and troubleshoot Web server resources
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 3
SHARED FOLDERS
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 4
Shared folders….
Shared folders make it possible to access files across the network.
Server systems make shared folders available to client computers.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 5
SHARED FOLDER PERMISSIONS
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 6
Shared folder permissions….
Shared folders have three basic permissions:
Read, Change, and Full Control.
It is possible, as with NTFS permissions, to also deny a permission, with the same effect as Deny for NTFS. As with NTFS, it is best to use Deny only to support exception policies, and you should be sure to document use of Deny to prevent later confusion.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 7
SHARED FOLDER PERMISSIONS (CONTINUED)
Apply to folders only (not files).
Do not restrict local access to resources.
Only permission available for FAT.
Default permission is Everyone/Read.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 8
Important Security Note!
Please replace the [Everyone] group with
[Users or Authenticated Users].
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 9
SHARED FOLDER PERMISSIONS (CONTINUED)
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 10
Detail on the previous slide
The previous slide shows how access to a higher-level shared folder can provide access to lower-level folders.
Administrators in this example have Full Control access to all folders when they access the hidden administrative root shares.
The other groups have access only to lower-level folders.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 11
PLANNING SHARED FOLDERS
Consolidate data.
Assign permissions to folders.
Assign most restrictive permissions possible.
Use groups for permission assignment.
Use intuitive share names.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 12
PLANNING SHARED FOLDERS (CONTINUED)
Multiple permissions.
Limit use of Deny permission.
Permissions interact with NTFS permissions.
Folder no longer shared if moved or renamed.
Copies of folders are not shared.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 13
Multiple Permissions
When you assign permissions to a folder, consider the effects of multiple permissions.
Permissions are the sum of all the permissions assigned to groups that the user belongs to.
Deny overrides all other permissions.
When share permissions are combined with NTFS permissions, the effective permission is the more restrictive of the two.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 14
Moving shared folders
When a shared folder is renamed or moved, the folder is no longer shared.
It must be shared again manually. When a shared folder is copied, the copy is not shared.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 15
SHARED FOLDER REQUIREMENTS
Administrators or Power Users group
Must have NTFS:Read to share folders
In Windows XP Professional, only Administrators and Power Users can share folders. In addition, the user who shares a folder must have at least the Read NTFS standard permission to the folder.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 16
SHARING FOLDERS
Create Shared Folder Wizard
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 17
SHARING FOLDERS (CONTINUED)
Windows Explorer
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 18
SHARING FOLDERS (CONTINUED)
NET SHARE
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 19
Net Share command detail
Note the NET SHARE options map to options in the Create Shared Folder Wizard and the Sharing tab of the Properties dialog box for a folder.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 20
ADMINISTRATIVE SHARES
The dollar sign ($) “hides” the share.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 21
STOP SHARING FOLDERS – 3 ways
Computer Management: choose Stop Sharing from shortcut menu
Windows Explorer: select Do Not Share This Folder
NET SHARE: NET SHARE <sharename> /DELETE
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 22
MULTIPLE SHARES
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 23
A little more detail…
You can create multiple shares for one folder for different types of access.
Suppose you have an application folder that you access with Read permission for day-to-day operations.
If you need Change permission to carry out maintenance tasks, you can create both shares and use the Read version for normal operations.
When you need to perform maintenance, you can connect to the Change share.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 24
UNC PATHS
Universal Naming Convention (UNC) paths consist of the server name followed by the share name and any subfolders. They are used to specify the share for mapped drives or for direct access from applications.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 25
CONNECTING TO SHARED FOLDERS
My Network Places
Mapped drives (Windows Explorer)
Mapped drives (NET USE)
Run dialog box
Note: You can access shared folders by browsing My Network Places and finding the share, by mapping a drive in Windows Explorer (if you know the share path), or from a command line. You can also open a share by entering the UNC path in the Run dialog box (opened via the Start menu).
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 26
COMBINING NTFS AND SHARE PERMISSIONS
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 27
MONITORING SHARED FOLDERS
Shared Folder snap-in
Must be Administrator or Power User
Monitor connections, open files, and file locks
Might also disconnect users
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 28
MONITORING SHARED FOLDERS (CONTINUED)
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 29
ENABLING OFFLINE FILES (SERVER)
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 30
Enable Off-Line Files?
You can enable offline files by clicking the Caching button on the Sharing tab of a folder’s Properties dialog box.
This allows a client computer to cache files in the folder for offline use.
This is a great tool for organizations with mobile users. It allows the documents to be changed from outside the office, with changes being synchronized when the user returns.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 31
ENABLING OFFLINE FILES (CLIENT)
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 32
CONFIGURING OFFLINE FILES
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 33
CONFIGURING SYNCHRONIZATION
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 34
INTERNET FILE SHARING
Installing Internet Information Services (IIS)
Internet Management console
WebDAV and Web folders
Web folder authentication
Using Web folders
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 35
WebDAV?
Web folders use Web Distributed Authoring and Versioning (WebDAV) to allow users to read and write files to a folder served from IIS.
WebDAV clients such as Internet Explorer 5 and later and Microsoft Office XP and later can use Web folders as if they were file system folders
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 36
INSTALLING IIS
Installed from Add/Remove Programs
Apply Windows Updates
Note: If the Windows Firewall is enabled on the computer, be sure that firewall exceptions are configured to allow Web serving.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 37
INTERNET MANAGEMENT CONSOLE
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 38
WEB FOLDERS
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 39
CLIENT CONNECTIONS TO WEB FOLDERS
Note: This slide shows Internet Explorer’s Open dialog box opening a Web folder. Explain that failure to select Open As Web Folder will cause the browser to open the folder as a Web site (read-only).
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 40
SUMMARY
Share folders to allow remote usage.
Share permissions apply only to folders.
Default share permission is Everyone:Read.
Replace default share permissions to reduce security exposure.
Administrators and Power Users can share folders.
NTFS and share permissions can be combined.
Chapter 8: CONFIGURING AND MANAGING SHARED FOLDER SECURITY 41
SUMMARY (CONTINUED)
Offline files must be enabled before use.
Synchronization Manager synchronizes offline files.
IIS and WebDAV allow Internet file sharing.
WebDAV clients can use Web folders.