Session 24 NTFS Permissions and Sharing Printers Fall 2011 Nassau Community College ITE153 – Operating Systems 1 Overview • • • • • • NTFS Architecture NTFS Permissions & Guidelines NTFS Special Permissions Sharing Printers Managing and Troubleshooting Printers Required: Windows 7 Virtual Machine Fall 2011 Nassau Community College ITE153 – Operating Systems 2 Session 24 Windows 7 Professional NTFS Permissions and Sharing Printers Fall 2011 Nassau Community College ITE153 – Operating Systems 3 NTFS • NTFS is a high-performance and self-healing file system proprietary to Windows XP Vista 2003 2000 NT & Windows 7, which supports file-level security, compression and auditing • It also supports large volumes and powerful storage solution such as RAID Fall 2011 Nassau Community College ITE153 – Operating Systems 4 NTFS Architecture Fall 2011 Component Component Description Hard disk Contains one or more partitions. Boot sector Bootable partition that stores information about the layout of the volume and the file system structures, as well as the boot code that loads Ntdlr. Master Boot Record Contains executable code that the system BIOS loads into memory. The code scans the MBR to find the partition table to determine which partition is the active, or bootable, partition. Ntldlr.dll Switches the CPU to protected mode, starts the file system, and then reads the contents of the Boot.ini file. This information determines the startup options and initial boot menu selections. Ntfs.sys System file driver for NTFS. Ntoskrnl.exe Extracts information about which system device drivers to load and the load order. Kernel mode The processing mode that allows code to have direct access to all hardware and memory in the system. User mode The processing mode in which applications run. Nassau Community College ITE153 – Operating Systems 5 NTFS Permissions • Shared Folder permissions are only at the folder level • Files within the folder inherit the shared folder permission • NTFS permissions can be assigned to a file independently of its parent folder • File permissions take precedence over folder permission • When NTFS permissions are used in combination with share permissions, the most restrictive permission applies Fall 2011 Nassau Community College ITE153 – Operating Systems 6 NTFS Permissions • In Windows Explorer, right-click a file, folder or volume and choose Properties from the context menu. • The Properties dialog box appears. • Click the Security tab. • Under Group or user names, select or add a group or user. • At the bottom, allow or deny one of the available permissions. Fall 2011 Nassau Community College ITE153 – Operating Systems 7 NTFS Permissions The NTFS permission levels are as follows: • Full Control - Users can do anything to the file, including taking ownership of it. It is recommended that you grant this level of access only to administrators • Modify - Users can view and modify files and file properties, including deleting and adding files to a directory or file properties to a file. Users cannot take ownership or change permissions on the file • Read & Execute - Users can run executable files, including scripts • List Folder Contents - Users can view a list of a folder's contents • Read - Users can view files and file properties • Write - Users can write to a file. Fall 2011 Nassau Community College ITE153 – Operating Systems 8 NTFS Permissions Guidelines Use the following guidelines when you assign NTFS permissions: • To simplify administration, group files into application, data, and home folders. Centralize home and public folders on a volume that is separate from applications and the operating system. Doing so provides the following benefits: • You assign permissions only to folders, not to individual files • Backup is less complex because you don't need to back up application files, and all home and public folders are in one location • Allow users only the level of access that they require. If a user only needs to read a file, assign the Read permission to his or her user account for the file. This reduces the possibility of users accidentally modifying or deleting important documents and application files. Fall 2011 Nassau Community College ITE153 – Operating Systems 9 NTFS Permissions Guidelines • Create groups according to the access that the group members require for resources, and then assign the appropriate permissions to the group. Assign permissions to individual user accounts only when necessary • When you assign permissions for working with data or application folders, assign the Read & Execute permission to the Users group and the Administrators group. This prevents application files from being accidentally deleted or damaged by users or viruses • Deny permissions only when it is essential to deny specific access to a specific user account or group • Encourage users to assign permissions to the files and folders that they create and educate them about how to do so Fall 2011 Nassau Community College ITE153 – Operating Systems 10 NTFS Permission Combinations Rules Fall 2011 Nassau Community College ITE153 – Operating Systems 11 NTFS Permission Inheritance Fall 2011 Nassau Community College ITE153 – Operating Systems 12 Special NTFS Permissions • There are fourteen special permissions to fine-tune your security • Click the Advanced button on the Security tab, then click the Effective Permissions tab Fall 2011 Nassau Community College ITE153 – Operating Systems 13 Special NTFS Permissions IMPORTANT: Groups or users who are granted Full Control on a folder can delete any files in that folder regardless of the permissions that protect the file. Fall 2011 Nassau Community College ITE153 – Operating Systems 14 Lab A: NTFS Permissions Fall 2011 Nassau Community College ITE153 – Operating Systems 15 Session 24 Windows 7 Professional Sharing Printers Fall 2011 Nassau Community College ITE153 – Operating Systems 16 Sharing Printers Printer Environment • Printer • Printer Port • Printer Driver • Printer Spooling • Print Directory • Network Fall 2011 Nassau Community College ITE153 – Operating Systems 17 Shared Folders Fall 2011 Nassau Community College ITE153 – Operating Systems 18 Connecting a Network Printer • You can use the Add Printer Wizard to make things easy • The UNC is back but in this format: \\printservername\sharename • You can use Active Directory to Find a printer in the Directory • You will probably have to create a TCP/IP port Fall 2011 Nassau Community College ITE153 – Operating Systems 19 Adding a Printer Fall 2011 Nassau Community College ITE153 – Operating Systems 20 Print Management Fall 2011 Nassau Community College ITE153 – Operating Systems 21 Print Services Fall 2011 Nassau Community College ITE153 – Operating Systems 22 Print Services Fall 2011 Nassau Community College ITE153 – Operating Systems 23 Linux Printing The new CUPS interface recognizes many printers. Specific printers not recognized can often be installed using instructions found at the Linux Foundation OpenPrinting database. Add a Printer Menu -> System -> Administration -> Printing -> Server -> New -> Printer • Most of the time, your printer (if connected and turned on) will be detected automatically. • e.g., my network printer with its own IP address at 192.168.0.200 was correctly installed at hp:/net/Photosmart_D110_series?zc=HP54DDCF • You can also choose printers on a Windows system via Samba and other types of networked printers, in addition to directly connected printers. Use CUPS web interface • From any web browser, go to the URL: http://localhost:631 Fall 2011 Nassau Community College ITE153 – Operating Systems 24 Lab B: Sharing Printers Fall 2011 Nassau Community College ITE153 – Operating Systems 25 Important URLS • NTFS Technical Reference - What it is, how it works, and tools to use. • NTFS.com - everything you ever wanted to know about NTFS • Securing Resources with NTFS Permissions - good, practical tutorial on NTFS permissions • CUPS - Command Line Unix Printing, this is a great site for help in setting up printers in Linux • SAMBA - This software providers interoperability between Windows and everything else • Windows 2008 Server Print Management - lots of helpful information from Microsoft Fall 2011 Nassau Community College ITE153 – Operating Systems 26 Homework Review the Slides Review Lessons 10 &11 In The Text Fall 2011 Nassau Community College ITE153 – Operating Systems 27