mod3quiz2

WINDOWS NT NETWORK ADMINISTRATION PART II

NTFS PERMISSIONS

NTFS Permissions are permissions that are only available on a volume that has been formatted with the Windows NT Files System (NTFS). NTFS permissions provide a greater degree of security because they can be assigned to folders and to individual files. NTFS folder and file permissions apply both to users working locally or remotely over the network by connecting to a shared folder

* When a volume is formatted with NTFS, the Everyone group is automatically assigned Full Control permission to the volume. Folders and files created on the volume inherit this default permission.

Locally -> NTFS ->

Remotely -> Share -> NTFS

* On an NTFS volume, the user who creates folder or file becomes the owner.

Standard Permissions - are combinations of individual NTFS permission and allow you to assign multiple NTFS permissions at one time.

Standard Permissions = folders -> files in the folder

No Access = None -> None

List = RX -> Not specified

Read = RX -> RX

Add = WX -> RX

Add & Read = RWX -> RX

Change = RWXD -> RWXD

Full Control = All -> ALL

COMBINING SHARE AND NTFS PERMISSIONS

The easiest way to combine share permissions and NTFS permissions is to leave the dafault share permission Full Control assigned to the everyone group, and then to assign NTFS permissions to specific user and group accounts for the folders and files within the shared folder hierarchy.

* When combining share level and NTFS, most restrictive take affect. Share level doesn't work on local computers. Only remotely.

* You gain the greatest degree of security by using a combination of share permissions and NTFS permissions.

GUIDELINES FOR ASSIGNING NTFS PERMISSIONS

Guidelines for Planning Program Folders

Remove the default NTFS permission Full Control from the Everyone group and assign it to the Administrators group.
Assign groups that are responsible for upgrading and troubleshooting software the Full Control or Change permission for the appropriate folders.
If network programs are contained in shared folders, assign the Users group the Read permission.

Guidelines for Planning Data Folders

Remove the default permission Full Control from the Everyone group and assign it to the Administrators group.
Assign the Users group the Add & Read permission and the Creator Owner group the Full Control Permission. This gives users who log on locally the ability to delete and modify only the folders and files that they copy or create on the computer.

ASSIGNING SPECIAL ACCESS PERMISSIONS

* To allow another user to manage permissions for files that you own, assign that user the permission Change Permission (P).

TAKING OWNERSHIP OF FOLDERS AND FILES

* The owner can always control access to the folder or file by changing the permissions set on it. A user cannot share folders or assign permissions for folders that he or she does not own.

An owner cannot change the ownership of a resource that they own. The owner can only give another user or group permission to take ownership of a resource. Security of the resource is maintained by preventing users from creating or editing files and then making them look as if they belonged to someone else.

COPYING OR MOVING FOLDERS AND FILES

When you copy a folder or file within the same NTFS volume or to a different NTFS volume, the folder or file inherits the permissions of the destination folder, and the user who copies a folder or file becomes the owner.

When you move a folder or file within the same NTFS volume, the folder or file retains its original permissions and owner. However, if you move a foler or file to a different NTFS volume, the folder or file inherits the permissions of the destination folder and the new owner is the user who moved it, just like when a user copies a folder or file.

WINDOWS NT PRINTING

Print device - actual hardware device that produces printed documents.

Printer - a software interface between the operating system and the print device . The printer defines where the document will go before it reaches the print device (too a local port, to a file, or to a remote print share), when it will go, and various other aspects of the printing process.

Network - interface print devices - print devices with their own network cards; they need not be physically connected to a print server because they are directly connected to the network.

Print server - the computer that runs the printer software, and that receives and processes documents from clients.

REQUIREMENTS FOR PRINTING

At least one computer configured as a print server, and running Windows NT Server or Workstation.

16 MB of RAM for x86-based print servers

Sufficient disk space, especially in cases where documents are large or many of them are likely to accumulate.

Client computers running Windows NT, 95, 98, Windows for Workgroups, LAN Manager 2.x, OS/2, UNIX, Netware, Macintosh.

ASSIGNING PRINTER PERMISSIONS

Once you have added and shared a printer, you need to verify that users have the appropriate permissions to print.

Capabilities	No Access	Print	Manage Documents	Full Control
Print documents		X	X	X
Pause, resume, restart, and cancel the user's own document		X	X	X
Connect to a printer		X	X	X
Control job settings for all documents			X	X
Pause, restart, and delete all documents			X	X
Share a printer				X
Change printer properties				X
Delete printers				X
Change printer permissions				X

CONFIGURING A PRINTER

If a print device is heavily used, you can create a printing pool to automatically distribute the print jobs to an available print device. A printing pool is one printer connected to multiple print devices through multiple ports of the print server. A printing pool is useful in a network with a high volume of printing because it decreases the time that documents wait in the print queue. It also simplifies administration because multiple print devices can be managed from a single printer.

* To locate a print devices in a printing pool in close proximity, so that users do not have to search several locations for their documents.