70 290 MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5 Managing File Access Partitions Partitions Portion of the disk that functions as a separate storage unit Primary partitions used to start computer Must be marked as ACTIVE Removable storage cannot be marked ACTIVE Basic disk 4 Primary partitions 3 Primary partitions and 1 Extended partition Extended partitions used to create logical drives Win2003 System Partition ACTIVE needed to Load OS Boot Partition primary partition or logical drive Where OS files live 2 Disk Management Snap In 3 Windows Server 2003 File Systems Three main file systems File Allocation Table FAT FAT32 NTFS Final choice of file system depends on How system will be used Whether there are multiple operating systems Security requirements NTFS is most highly recommended 4 FAT Used by MS DOS Supported by all versions of Windows since Traditionally limited to partitions up to 2 GB Windows Server 2003 version supports partitions up to 4 GB Limitations Small partition sizes No file system security features Disk space usage is poor 5 FAT32 A derivative of the FAT file system Supports partition sizes up to 2 TB Still does not provide advanced security features Cannot configure permissions on file and folder resources 6 NTFS Introduced with Windows NT operating system Current version version 5 Windows Windows Windows Windows NT 4 0 2000 XP Server 2003 Theoretically supports partition sizes of up to 16 Exabytes EB Practically supports maximum partition sizes from 2 TB to 16 TB 7 Windows Master File Table and Metadata When a volume is formatted with NTFS a Master File Table MFT and Metadata are created NTFS uses MFT entries to define the files that they correspond to NTFS creates a file record for each file and directory record created on an NTFS volume Each file usually has one file record Metadata consists of the files NTFS uses to implement the file system structure 8 NTFS File Attributes Every allocated sector on an NTFS partition belongs to a file including the file system Metadata NTFS views each file or folder as a set of file attributes Resident attributes reside within the MFT Non resident reside elsewhere on the volume An attribute type code and optionally an attribute name identify each attribute Read only Hidden Ready for Archiving Fast Searching Compress Encrypt 9 NTFS continued Advantages of NTFS Greater scalability and performance on larger partitions Support for Active Directory on systems configured as domain controllers Ability to configure security permissions on individual files and folders Built in support for compression and encryption Ability to configure disk quotas for individual users Shadow copies Support for Remote Storage Recovery logging of disk activities 10 Creating and Managing Shared Folders Shared folder A data resource made available over a network to authorized network clients Specific permissions required for creating reading modifying Groups that can create shared folders Administrators Server Operators Power Users only on member servers Users who have been granted the right 11 Creating and Managing Shared Folders continued Several ways to create shared folders Two important methods Windows Explorer Interface Computer Management console Also allows shared folders to be monitored 12 Using Windows Explorer Used since Windows 95 Can create maintain and share folders Folders can be on any drive connected to the computer Folders are shared in Windows Explorer by accessing the Sharing tab of folder s properties 13 Using Windows Explorer continued Shared name of folder does not have to be the actual file name Hand icon used to indicate shared status Shared folders can be hidden from My Network Places and Network Neighborhood Place dollar sign after name e g Salary Number of hidden administrative shares created automatically at installation 14 Administrative Shared Folders C D E Admin systemroot windows Print Installable printer drivers 15 Using Windows Explorer continued 16 Using Computer Management Computer Management console is a pre defined Microsoft Management Console MMC Allows you to share and monitor folders for local and remote computers Allows you to stop sharing if desired 17 Using Computer Management continued Share a Folder Wizard Used to create folders in Shared Folders section of Computer Management Used to provide preconfigured or manual permissions All users have read only access Administrators have full access others have readonly access Administrators have full access others have read and write access Custom share and folder permissions 18 Monitoring Access to Shared Folders Monitoring involves Who is using shared files What shared files are open at any given time Other functions Disconnect users from a share Send network alert messages Primary monitoring tool is Computer Management 19 Monitoring Access to Shared Folders 20 Managing Shared Folder Permissions A shared folder has a discretionary access control list DACL Contains a list of user or group references that have been allowed or denied permissions Each reference is an access control entry ACE Accessed from Permissions button on Sharing tab of folder s properties Permissions only apply to network users not those logged on directly to local machine 21 Managing Shared Folder Permissions continued 22 Managing Shared Folder Permissions continued To deny access to a user or group Windows Server 2003 does not include No Access share permission Must explicitly deny access to each individually Default permission is read access for Everyone group Should be immediately addressed when a share is created Folder permissions are inherited by all contained objects 23 Shared Folder Permissions Shared folder permissions apply to folders not individual files Shared folder permissions do not restrict local access Shared folder permissions are the only way to secure network resources on FAT volumes To control how users gain access to a shared folder you must assign shared folder permissions You can allow or deny shared folder permissions to individual users or to user groups 24 Applying Shared Folder Permissions Multiple permissions Effective permissions are a combination Denied permissions override allowed permissions NTFS permissions Most restrictive is applied Copying or moving shared folders Copy does not destroy the share Move will destroy the share 25 Guidelines for Shared Folder Permissions Determine which groups need access to each resource and