chapter 9 chapter 9: managing server folders, permissions, and software installation
Post on 21-Dec-2015
239 views
TRANSCRIPT
Chapter 9
Chapter 9: Managing Server Folders, Permissions, and
Software Installation
Chapter 9: Managing Server Folders, Permissions, and
Software Installation
Chapter 9
Learning ObjectivesLearning Objectives
Manage folders on a server, including:Manage folders on a server, including: Planning a folder structurePlanning a folder structure Viewing and creating foldersViewing and creating folders Setting folder properties such as attributes, Setting folder properties such as attributes,
permissions, auditing, and ownershippermissions, auditing, and ownership Setting up shared foldersSetting up shared folders Moving and copying files and foldersMoving and copying files and folders
Install and manage application softwareInstall and manage application software
continued
Chapter 9
Learning ObjectivesLearning Objectives
Use the Registry to configure Windows Use the Registry to configure Windows NT Server and application software, and NT Server and application software, and use Windows NT Diagnostics to view use Windows NT Diagnostics to view Registry contentsRegistry contents
Set system policies using the System Set system policies using the System Policy EditorPolicy Editor
Configure and use License ManagerConfigure and use License Manager Configure and use Directory ReplicatorConfigure and use Directory Replicator
Chapter 9
Managing FoldersManaging Folders
Designing a folder structureDesigning a folder structure Viewing and creating foldersViewing and creating folders Setting folder propertiesSetting folder properties Setting up a shared folderSetting up a shared folder Troubleshooting a security conflictTroubleshooting a security conflict Moving and copying files and foldersMoving and copying files and folders
Chapter 9
Designing a Folder StructureDesigning a Folder Structure
A chaotic file structure makes it difficult A chaotic file structure makes it difficult to run or remove programsto run or remove programs
Avoid confusion by having a place for:Avoid confusion by having a place for: Software applicationsSoftware applications Confidential files shared by certain groupsConfidential files shared by certain groups Public files shared by everyonePublic files shared by everyone Software utilities for all usersSoftware utilities for all users Server management utilitiesServer management utilities
Chapter 9
Folder Structure Design Considerations
Folder Structure Design Considerations
Root folder should not be cluttered with Root folder should not be cluttered with files or too many foldersfiles or too many folders
Each software application should have Each software application should have its own folder or subfolderits own folder or subfolder
Similar information should be grouped Similar information should be grouped Folders should have names that clearly Folders should have names that clearly
reflect their purposereflect their purpose
Chapter 9
A Sample Folder StructureA Sample Folder Structure
Folders off the Root
Users Data WordForms
Manage Ntserver
Contracts Court
Wills
Tax
Bankruptcy
RealEstate
Msoffice
Winnt (created by NT Server
setup)
AccessClipart
ExcelOffice
QueriesTemplates
Winword
Chapter 9
Viewing and Creating FoldersViewing and Creating Folders
ViewingViewing Use My Computer or Windows NT Explorer Use My Computer or Windows NT Explorer Display can be customizedDisplay can be customized or, the good ol’ command-line interfaceor, the good ol’ command-line interface
““dir” command, or similar add-onsdir” command, or similar add-ons
CreatingCreating Use My Computer or Windows NT ExplorerUse My Computer or Windows NT Explorer or, CLIor, CLI
Chapter 9
Setting Folder PropertiesSetting Folder Properties
General propertiesGeneral properties Folder and permission securityFolder and permission security PermissionsPermissions AuditingAuditing OwnershipOwnership
Chapter 9
General PropertiesGeneral Properties
Descriptive informationDescriptive information LocationLocation SizeSize Number of files/foldersNumber of files/folders
Folder name and creation dateFolder name and creation date Folder attributesFolder attributes
Chapter 9
AttributesAttributes
A characteristic associated with a folder A characteristic associated with a folder or file, used to help mange access and or file, used to help mange access and backupsbackups
Largely ignored by NT administrators Largely ignored by NT administrators (except for backup purposes) in favor of (except for backup purposes) in favor of rights and permissionsrights and permissions
Chapter 9
Windows NT AttributesWindows NT Attributes
Attribute Purpose
Read-only Prevents directory or file from beingchanged or deleted
Archive Directory or file is new or changed andneeds to be backed up
Compress Compresses files to save disk space
System File is used by the operating system andshould not be viewed with ordinary listcommands
Hidden Directory or file cannot be viewed withordinary list commands
Chapter 9
Folder and Permission SecurityFolder and Permission Security
Three security optionsThree security options PermissionsPermissions: Control access to the folder : Control access to the folder
and its contentsand its contents AuditingAuditing: Enables administrator to audit : Enables administrator to audit
activities on a folder or fileactivities on a folder or file OwnershipOwnership: Designates the folder owner : Designates the folder owner
who has full control of that folderwho has full control of that folder
Chapter 9
NTFS Folder and File Permissions
NTFS Folder and File Permissions
Permission Description
No access No access to folder for any users other than owner
List Can list files in folder or switch to subfolder, butcannot access file contents
Read For existing and new files, can read their contentsand can execute program files
Add Can write new files in folder and execute programfiles, but cannot view folder files
Add & Read Can read files, add new files, and execute programfiles, but cannot modify file contents
Change Can read, add, delete, execute, and modify files
Full Control Can read, add, delete, execute, and modify files pluschange permissions and take ownership of folders
Chapter 9
Directory Permissions Dialog Box
Directory Permissions Dialog Box
Note: would usually have >1 group/username under “Name”.
Chapter 9
Microsoft Guidelines for Setting Permissions
Microsoft Guidelines for Setting Permissions
Protect the Winnt folder that contains Protect the Winnt folder that contains operating system files operating system files from general from general users (No Access or Read) but give users (No Access or Read) but give Administrators Full Control accessAdministrators Full Control access
Protect Protect server utility folders server utility folders with access with access permissions only for Administrators, and permissions only for Administrators, and Server and Backup OperatorsServer and Backup Operators
continued
Chapter 9
Microsoft Guidelines for Setting Permissions
Microsoft Guidelines for Setting Permissions
Protect Protect software application folderssoftware application folders with with Add & ReadAdd & Read
Create Create publicly used folderspublicly used folders with Change with Change accessaccess
Provide users Full Control of their Provide users Full Control of their own own home directorieshome directories
Remove the group Everyone from Remove the group Everyone from confidential folders confidential folders
Chapter 9
Special Folder and Special File Access Options
Special Folder and Special File Access Options
Enable customization of folders or file Enable customization of folders or file access beyond standard permissionsaccess beyond standard permissions different combinations of the different combinations of the
aforementioned abilitiesaforementioned abilities R, W, X, D, C, “take owner”R, W, X, D, C, “take owner”
useful for special situations, if need beuseful for special situations, if need be
Chapter 9
AuditingAuditing
Tracks access to folders and filesTracks access to folders and files Directory Auditing dialog box enables Directory Auditing dialog box enables
auditing of a variety of successful and auditing of a variety of successful and failed eventsfailed events
track success/fail, whichever is more important track success/fail, whichever is more important for that particular casefor that particular case
remember, auditing can be remember, auditing can be expensiveexpensive -- that is, -- that is, can dramatically affect server performancecan dramatically affect server performance
Chapter 9
OwnershipOwnership
Folder owners have Full Control Folder owners have Full Control permissions for the folders they createpermissions for the folders they create
Taking ownership of a folderTaking ownership of a folder
Chapter 9
Setting Up a Shared FolderSetting Up a Shared Folder
Share permissionsShare permissions No AccessNo Access ReadRead ChangeChange Full ControlFull Control
Can be overriddenCan be overridden NT uses NT uses mostmost restrictive permission, restrictive permission,
whichever is stricterwhichever is stricter
Chapter 9
Setting Up a Shared FolderSetting Up a Shared Folder
Sharing can be limited by #usersSharing can be limited by #users software licensingsoftware licensing also provides some “extra” securityalso provides some “extra” security
Shares can be hiddenShares can be hidden put $ character at end of share nameput $ character at end of share name both for security through obscurity as well both for security through obscurity as well
as ease-of-useas ease-of-use
Chapter 9
Troubleshooting a Security Conflict
Troubleshooting a Security Conflict
Review folder permissions and share Review folder permissions and share permissions for the account and for the permissions for the account and for the groups to which the account user groups to which the account user belongsbelongs
Careful planning of folder structure and Careful planning of folder structure and user groups in light of server security user groups in light of server security needs saves time and user aggravationneeds saves time and user aggravation
Chapter 9
Moving and Copying Files and Folders
Moving and Copying Files and Folders
Creating, moving, or copying a file can affect Creating, moving, or copying a file can affect the file and folder permissionsthe file and folder permissions MovingMoving: File is deleted from the original location : File is deleted from the original location
placed in a different folderplaced in a different folder CopyingCopying: Original file remains intact and a copy is : Original file remains intact and a copy is
made in another foldermade in another folder New file permissions depend onNew file permissions depend on
copy/create - inherit from foldercopy/create - inherit from folder move - retain existingmove - retain existing unlessunless move to different volume - like copy move to different volume - like copy
Chapter 9
Installing and Managing Application Software
Installing and Managing Application Software
Software licensingSoftware licensing Network compatibilityNetwork compatibility Network performanceNetwork performance Location of temporary filesLocation of temporary files Software testingSoftware testing Loading software from the networkLoading software from the network Restrictions for MS-DOS-based softwareRestrictions for MS-DOS-based software
Chapter 9
Software LicensingSoftware Licensing
Read and follow licensing agreement before Read and follow licensing agreement before loading softwareloading software
Copy protect the softwareCopy protect the software user education important user education important
License monitoringLicense monitoring: A process used to : A process used to ensure that the number of software licenses ensure that the number of software licenses in use does not exceed the number for in use does not exceed the number for which the network is authorizedwhich the network is authorized
Chapter 9
Network CompatibilityNetwork Compatibility
Check all applications to be certain they Check all applications to be certain they are network-compatible, i.e., designed for are network-compatible, i.e., designed for multiuser access, often with network multiuser access, often with network capabilities such as options to send files capabilities such as options to send files through e-mailthrough e-mail with popularity of the Internet, new with popularity of the Internet, new
applications generally are network-friendlyapplications generally are network-friendly but remember, Internet features can be a but remember, Internet features can be a
security holesecurity hole
Chapter 9
Network PerformanceNetwork Performance
Closely monitor network activity and Closely monitor network activity and traffic associated with software traffic associated with software applicationsapplications some applications have BIG effect on some applications have BIG effect on
network trafficnetwork traffic remember, software is one consideration remember, software is one consideration
when choosing topologywhen choosing topology
Chapter 9
Location of Temporary FilesLocation of Temporary Files
Determine what extra files are needed Determine what extra files are needed to run an application and where to store to run an application and where to store themthem
Teach software users how to deploy Teach software users how to deploy temporary and backup files created by temporary and backup files created by software, and how to delete them when software, and how to delete them when no longer neededno longer needed
utilities exist to clean up files automaticallyutilities exist to clean up files automatically
Chapter 9
Software TestingSoftware Testing
Test each software installation before Test each software installation before releasing it to usersreleasing it to users
An important way to determine that the An important way to determine that the software is working, is network software is working, is network compatible, and that the permissions compatible, and that the permissions are correctly setare correctly set
Chapter 9
Loading Software from the NetworkLoading Software from the Network
One option: Install software application One option: Install software application files from network onto each client files from network onto each client workstationworkstation
Another option: Install client software so Another option: Install client software so that application files are loaded from serverthat application files are loaded from server Advantage: Save workstation disk spaceAdvantage: Save workstation disk space Advantage: Ease of managementAdvantage: Ease of management Disadvantage: Extra network trafficDisadvantage: Extra network traffic
Chapter 9
Installing Software Using Add/Remove Programs
Installing Software Using Add/Remove Programs
Software configuration is stored in Software configuration is stored in Windows NT Registry; configuration is Windows NT Registry; configuration is easier and configuration information can easier and configuration information can be updated to an ERDbe updated to an ERD
Registry tracks location of all files Registry tracks location of all files associated with software; easier to associated with software; easier to remove all program piecesremove all program pieces
Chapter 9
Running Software Applications in User Mode
Running Software Applications in User Mode
User modeUser mode Used for running programs in a memory area kept Used for running programs in a memory area kept
separate from that used by the kernelseparate from that used by the kernel The program cannot directly access the kernel or The program cannot directly access the kernel or
operating system services except through an APIoperating system services except through an API Kernel modeKernel mode
Privileged environment in which Windows NT operating Privileged environment in which Windows NT operating system kernel runssystem kernel runs
Consists of protected memory area and privileges to Consists of protected memory area and privileges to directly execute system services, access CPU, run I/O directly execute system services, access CPU, run I/O operations, etc.operations, etc.
Chapter 9
Using the Registry to Configure System Setup and Software
Using the Registry to Configure System Setup and Software
RegistryRegistry: Database that contains : Database that contains information the operating system needs information the operating system needs about the entire server (configuration, about the entire server (configuration, program setup, devices, drivers, etc.)program setup, devices, drivers, etc.)
Two editors to view Registry contentsTwo editors to view Registry contents RegeditRegedit Regedt32Regedt32
Chapter 9
The Five Root KeysThe Five Root Keys
Root key (or subtree)Root key (or subtree): Highest category : Highest category of data contained in the Registryof data contained in the Registry
The five root keysThe five root keys HKEY_LOCAL_MACHINEHKEY_LOCAL_MACHINE HKEY_CURRENT_USERHKEY_CURRENT_USER HKEY_USERSHKEY_USERS HKEY_CLASSES_ROOTHKEY_CLASSES_ROOT HKEY_CURRENT_CONFIGHKEY_CURRENT_CONFIG
Chapter 9
The Five Root KeysThe Five Root Keys
Root Key Contents
HKEY_LOCAL_MACHINE Information on every hardwarecomponent on the server
HKEY_CURRENT_USER Information about the desktopsetup for the account presentlylogged on to the server console
HKEY_USERS All user profiles kept on server
HKEY_CLASSES_ROOT Data to associate file extensionswith programs
HKEY_CURRENT_CONFIG Information about currenthardware profile
Chapter 9
Backing Up the RegistryBacking Up the Registry
The Registry is vitally important to The Registry is vitally important to Windows NT ServerWindows NT Server
Plan to back it up regularly when you Plan to back it up regularly when you back up other filesback up other files
ERD - via RDISKERD - via RDISK separately - via REGBACKseparately - via REGBACK 3rd-party backup software often has specific 3rd-party backup software often has specific
options for registryoptions for registry
Chapter 9
Setting System PoliciesSetting System Policies
Override registry settings in Windows NT Override registry settings in Windows NT ServerServer
Used to set up special conditions for Used to set up special conditions for individual usersindividual users
securitysecurity ease-of-useease-of-use
Used to set up restrictions for all usersUsed to set up restrictions for all users securitysecurity ease-of-useease-of-use
Chapter 9
System Policies to Govern All Users
System Policies to Govern All Users
Control Panel display optionsControl Panel display options Desktop wallpaper and color schemesDesktop wallpaper and color schemes Operating system shell restrictionsOperating system shell restrictions
hiding drives, Net Neighborhood, etc.hiding drives, Net Neighborhood, etc.
System restrictionsSystem restrictions run only certain programs, etc.run only certain programs, etc.
Windows NT Shell optionsWindows NT Shell options Windows NT System optionsWindows NT System options
Chapter 9
System Policiesto Govern Individual Users
System Policiesto Govern Individual Users
Remote access settingsRemote access settings Creation of hidden drive sharesCreation of hidden drive shares Network printer scheduling and error control Network printer scheduling and error control
optionsoptions Customized shared folder setupCustomized shared folder setup Logon security and logon banner controlsLogon security and logon banner controls File-naming optionsFile-naming options User profile network time-out periods for slow User profile network time-out periods for slow
network connectionsnetwork connections
Chapter 9
Setting Up and Using License Manager
Setting Up and Using License Manager
““License” = right to use softwareLicense” = right to use software license terms differ by vendorlicense terms differ by vendor select the best option based on needs & priceselect the best option based on needs & price
Per seat licensingPer seat licensing: Requires that there be : Requires that there be enough licensees for all network client enough licensees for all network client workstationsworkstations
Per server licensingPer server licensing: Based on maximum : Based on maximum number of clients that use an application at number of clients that use an application at one time one time
Chapter 9
Setting Up and Using Directory Replicator
Setting Up and Using Directory Replicator
Directory replication services enable Directory replication services enable designated directories on one server to designated directories on one server to be copied to another server(s) or be copied to another server(s) or workstation(s) on the networkworkstation(s) on the network
Export serverExport server: Server with the original : Server with the original directoriesdirectories
Import serverImport server: Computer that receives : Computer that receives the directories and files the directories and files
Chapter 9
Directory Replication UsesDirectory Replication Uses
To copy an update database on a To copy an update database on a member server in a client/server system member server in a client/server system to a reporting database on a different to a reporting database on a different member servermember server
To create a backup copy of account-To create a backup copy of account-related information related information
Chapter 9
Setting Up Export and Import Parameters
Setting Up Export and Import Parameters
Chapter 9
Chapter SummaryChapter Summary
Plan folder structure in advance.Plan folder structure in advance. Create distinct folders for user directories, Create distinct folders for user directories,
software applications, server utilities, etc.software applications, server utilities, etc. Set up folder propertiesSet up folder properties
Set up permissions according to purpose of Set up permissions according to purpose of folderfolder
continued
Chapter 9
Chapter SummaryChapter Summary
Before installing application software in Before installing application software in a folder, make sure the software is a folder, make sure the software is network-compatible.network-compatible.
Use Add/Remove Programs tool to Use Add/Remove Programs tool to install software so that installation is install software so that installation is coordinated with the Windows NT coordinated with the Windows NT Registry.Registry.
continued
Chapter 9
Chapter SummaryChapter Summary
System policies offer another way to System policies offer another way to change Registry settings and to change Registry settings and to customize how users access Windows customize how users access Windows NT Server.NT Server.
License Manager records and monitors License Manager records and monitors the number of licenses.the number of licenses.
Directory Replicator copies folders from Directory Replicator copies folders from a server to other network computers. a server to other network computers.
