WINDOWS NT NETWORK ADMINISTRATION PART II
NTFS PERMISSIONS
NTFS Permissions are permissions that are only available on a volume that has been formatted with the Windows NT Files System (NTFS). NTFS permissions provide a greater degree of security because they can be assigned to folders and to individual files. NTFS folder and file permissions apply both to users working locally or remotely over the network by connecting to a shared folder
* When a volume is formatted with NTFS, the Everyone group is automatically assigned Full Control permission to the volume. Folders and files created on the volume inherit this default permission.
Locally -> NTFS ->
Remotely -> Share -> NTFS
* On an NTFS volume, the user who creates folder or file becomes the owner.
Standard Permissions - are combinations of individual NTFS permission and allow you to assign multiple NTFS permissions at one time.
Standard Permissions = folders -> files in the folder
No Access = None -> None
List = RX -> Not specified
Read = RX -> RX
Add = WX -> RX
Add & Read = RWX -> RX
Change = RWXD -> RWXD
Full Control = All -> ALL
COMBINING SHARE AND NTFS PERMISSIONS
The easiest way to combine share permissions and NTFS permissions is to leave the dafault share permission Full Control assigned to the everyone group, and then to assign NTFS permissions to specific user and group accounts for the folders and files within the shared folder hierarchy.
* When combining share level and NTFS, most restrictive take affect. Share level doesn't work on local computers. Only remotely.
* You gain the greatest degree of security by using a combination of share permissions and NTFS permissions.
GUIDELINES FOR ASSIGNING NTFS PERMISSIONS
Guidelines for Planning Program Folders
Guidelines for Planning Data Folders
ASSIGNING SPECIAL ACCESS PERMISSIONS
* To allow another user to manage permissions for files that you own, assign that user the permission Change Permission (P).
TAKING OWNERSHIP OF FOLDERS AND FILES
* The owner can always control access to the folder or file by changing the permissions set on it. A user cannot share folders or assign permissions for folders that he or she does not own.
An owner cannot change the ownership of a resource that they own. The owner can only give another user or group permission to take ownership of a resource. Security of the resource is maintained by preventing users from creating or editing files and then making them look as if they belonged to someone else.
COPYING OR MOVING FOLDERS AND FILES
When you copy a folder or file within the same NTFS volume or to a different NTFS volume, the folder or file inherits the permissions of the destination folder, and the user who copies a folder or file becomes the owner.
When you move a folder or file within the same NTFS volume, the folder or file retains its original permissions and owner. However, if you move a foler or file to a different NTFS volume, the folder or file inherits the permissions of the destination folder and the new owner is the user who moved it, just like when a user copies a folder or file.
WINDOWS NT PRINTING
Print device - actual hardware device that produces printed documents.
Printer - a software interface between the operating system and the print device . The printer defines where the document will go before it reaches the print device (too a local port, to a file, or to a remote print share), when it will go, and various other aspects of the printing process.
Network - interface print devices - print devices with their own network cards; they need not be physically connected to a print server because they are directly connected to the network.
Print server - the computer that runs the printer software, and that receives and processes documents from clients.
REQUIREMENTS FOR PRINTING
At least one computer configured as a print server, and running Windows NT Server or Workstation.
16 MB of RAM for x86-based print servers
Sufficient disk space, especially in cases where documents are large or many of them are likely to accumulate.
Client computers running Windows NT, 95, 98, Windows for Workgroups, LAN Manager 2.x, OS/2, UNIX, Netware, Macintosh.
ASSIGNING PRINTER PERMISSIONS
Once you have added and shared a printer, you need to verify that users have the appropriate permissions to print.
Capabilities | No Access | Manage Documents | Full Control | |
Print documents | X | X | X | |
Pause, resume, restart, and cancel the user's own document | X | X | X | |
Connect to a printer | X | X | X | |
Control job settings for all documents | X | X | ||
Pause, restart, and delete all documents | X | X | ||
Share a printer | X | |||
Change printer properties | X | |||
Delete printers | X | |||
Change printer permissions | X |
CONFIGURING A PRINTER
If a print device is heavily used, you can create a printing pool to automatically distribute the print jobs to an available print device. A printing pool is one printer connected to multiple print devices through multiple ports of the print server. A printing pool is useful in a network with a high volume of printing because it decreases the time that documents wait in the print queue. It also simplifies administration because multiple print devices can be managed from a single printer.
* To locate a print devices in a printing pool in close proximity, so that users do not have to search several locations for their documents.