1 module 5 securing network resources with shared folder permissions
TRANSCRIPT
2
Overview
Introduction to Sharing Folders
Shared Folder Permissions
Guidelines for Sharing Folders
Sharing Folders and Assigning Permissions
Accessing Shared Folders
Best Practices
3
Introduction to Shared Folders
Permission to Use a Resource Is Assigned to a User or GroupPermission to Use a Resource Is Assigned to a User or Group
EveryoneEveryone
User1User2User3User4
User1User2User3User4
A SharedA SharedFolderFolder
A SharedA SharedFolderFolder
Data
PermissionsPermissionsPermissionsPermissions
ServerServer
Shared FoldersShared FoldersShared FoldersShared Folders
Data
UserUser
5
How User and Group Permissions Are Applied
+
+
+
Public
+
+
+
PublicBBBB
User1User1User1User1
AAAAUser1User1User1User1
NANA
RR
RR
FCFC
EveryoneEveryone
User2User2
SalesSales
User2User2User1User1
User1User1
6
Examples of Applied Permissions
User1User1
Group1User1
Group1User1
NoAccess
NoAccess
Group2User1
Group2User1
Group4User1
Group4User1 ReadRead
Group3User1
Group3User1 ChangeChange
Folder-BFolder-BFolder-BFolder-B 22221111 Folder-AFolder-A Folder-AFolder-A
Group1User1
Group1User1
Group2User1
Group2User1
Group3User1
Group3User1
Group4User1
Group4User1
ReadRead
ChangeChange
FullControl
FullControl
7
Guidelines for Sharing Folders
Use Intuitive Share Names
Use Names Readable by All Clients
Organize Disk Resources According to Security Needs
8
Examples of Shared Folders
CCCC
BBBBApps
App1
App2Apps
SW
SW 1
SW 2
App1
App2
Apps
SW 1
SW 2
App1
App2
SW
AAAA
9
Determine Which Groups Need Access to a ResourceDetermine Which Groups Need Access to a Resource
Assign Permissions to Groups Instead of UsersAssign Permissions to Groups Instead of Users
Assign the Most Restrictive PermissionsAssign the Most Restrictive Permissions
Remove Default Permissions for a New Shared FolderRemove Default Permissions for a New Shared Folder
Guidelines for Assigning Permissions
10
Guidelines for Network Application Folders
Create a Common Folder for Applications
Assign Full Control to the Administrators Group
Assign Full Control to Groups That Upgrade and Troubleshoot
Assign Read to the Domain Users Group
Microsoft
Microsoft
Microsoft
App 1App 1
Apps
11
Guidelines for Data Folders
Web Sites
Directions
TrainingReview
Domain UsersDomain UsersPublicFCFC
Public DataPublic Data
Accountants
Sales
Managers
DataAdministratorsAdministrators
SalesSales
ManagersManagers
AccountantsAccountants
FCFC
FCFC
FCFC
FCFC
Working DataWorking Data
12
Guidelines for Home Folders
User1
User2
User3
\Users
SharedSharedSharedShared
SharedSharedSharedShared
User1User1
User2User2
Create a Home Folder for Each User In \UsersCreate a Home Folder for Each User In \Users
Share Each Home FolderShare Each Home Folder
Assign Only the Respective User Full ControlAssign Only the Respective User Full Control
On a Network Server Create a Folder Named \UsersOn a Network Server Create a Folder Named \Users
Do Not Share the \Users FolderDo Not Share the \Users Folder
1111
2222
3333
4444
5555
13
Sharing Folders
GroupGroupGroupGroup Operating System RequirementsOperating System RequirementsOperating System RequirementsOperating System Requirements
AdministratorsAdministrators Any computer running Windows NTAny computer running Windows NT
Server OperatorsServer Operators Windows NT Server Domain Controllers onlyWindows NT Server Domain Controllers only
Power UsersPower Users Windows NT Server Member servers andWindows NT Workstation computers onlyWindows NT Server Member servers andWindows NT Workstation computers only
ShareShareShareShare PurposePurposePurposePurpose
C$, D$, E$C$, D$, E$ The root of each volume on a hard disk is automatically sharedThe root of each volume on a hard disk is automatically shared
Admin $Admin $ The C:\Winnt folder is shared as Admin$The C:\Winnt folder is shared as Admin$
Using the Adminstrative Shares
Requirements for Sharing a Folder
14
Sharing a Folder(C:) Properties
General Tools
OK Cancel Apply
Not Shared
Share Name:
Comment:
Maximum Allowed
Allow Users
Apps
Application files
Shared As:
User Limit:
Permissions...
Remove Share
New Share...
Sharing
RequiredRequiredRequiredRequired
15
Assigning Share PermissionsAccess Through Share Permissions
AppsAccess Through Share:
Owner:
Name:
Type of Access:
Cancel Add...OK Remove Help
Domain Users Read
Administrators Full Control
Read
Add Users and Groups
Names:List Names From:
Account Operators Members can administer domain user anAdministrators Members can fully administer the computBackup Operators Members can bypass file security to bac
CancelOK Help
Domain Admins Designated administrators for the domainDomain Admins Designated administrators for the domainDomain Guests All domains guestsEveryone All UsersGuests Users granted guest access to the comp
Type of Access:
Show UsersAddAdd Members...Members... Search...
Add Names:
NTSADOM2*
Read
DomainsDomainsDomainsDomains
16
Modifying Shared Folders
Changing Shared Folder Options
Stop Sharing Folders
Modifying Share Names
Modifying Shared Folder Permissions
17
Accessing Shared FoldersMap Network Drive
Reconnect at Logon
Drive:
Path:
Connect As:
E:
Cancel
OK
Help
\\Server\ShareName
Open:
Run in Separate Memory SpaceRun in Separate Memory Space
CancelOK Browse...
Type the name of a program, folder, or document, and Windows will open it for you.
Run
\\Server\Sharedfolder
18
Best Practices
Organize Disk Resources to Simplify AdministrationOrganize Disk Resources to Simplify Administration
Store Data Separately from Operating Systems and ApplicationsStore Data Separately from Operating Systems and Applications
Remove the Everyone Group from the Permissions ListRemove the Everyone Group from the Permissions List
Limit the Number of Users Who Can Connect to a ShareLimit the Number of Users Who Can Connect to a Share
Assign Permissions to Groups Rather Than Individual Users
Create Shortcuts for Frequently Used Shared FoldersCreate Shortcuts for Frequently Used Shared Folders