NTFS Permissions - Nassau Community College

advertisement
Session 24
NTFS Permissions
and Sharing Printers
Fall 2011
Nassau Community College
ITE153 – Operating Systems
1
Overview
•
•
•
•
•
•
NTFS Architecture
NTFS Permissions & Guidelines
NTFS Special Permissions
Sharing Printers
Managing and Troubleshooting Printers
Required: Windows 7 Virtual Machine
Fall 2011
Nassau Community College ITE153
– Operating Systems
2
Session 24
Windows 7 Professional
NTFS Permissions
and Sharing Printers
Fall 2011
Nassau Community College
ITE153 – Operating Systems
3
NTFS
• NTFS is a high-performance and self-healing
file system proprietary to Windows XP Vista
2003 2000 NT & Windows 7, which supports
file-level security, compression and
auditing
• It also supports large volumes and powerful
storage solution such as RAID
Fall 2011
Nassau Community College ITE153
– Operating Systems
4
NTFS Architecture
Fall 2011
Component
Component Description
Hard disk
Contains one or more partitions.
Boot sector
Bootable partition that stores information about the layout of the
volume and the file system structures, as well as the boot code that
loads Ntdlr.
Master Boot Record
Contains executable code that the system BIOS loads into memory.
The code scans the MBR to find the partition table to determine
which partition is the active, or bootable, partition.
Ntldlr.dll
Switches the CPU to protected mode, starts the file system, and
then reads the contents of the Boot.ini file. This information
determines the startup options and initial boot menu selections.
Ntfs.sys
System file driver for NTFS.
Ntoskrnl.exe
Extracts information about which system device drivers to load and
the load order.
Kernel mode
The processing mode that allows code to have direct access to all
hardware and memory in the system.
User mode
The processing mode in which applications run.
Nassau Community College ITE153
– Operating Systems
5
NTFS Permissions
• Shared Folder permissions are only at the folder level
• Files within the folder inherit the shared folder
permission
• NTFS permissions can be assigned to a file
independently of its parent folder
• File permissions take precedence over folder
permission
• When NTFS permissions are used in combination with
share permissions, the most restrictive permission
applies
Fall 2011
Nassau Community College ITE153
– Operating Systems
6
NTFS Permissions
• In Windows Explorer, right-click a
file, folder or volume and
choose Properties from the context
menu.
• The Properties dialog box appears.
• Click the Security tab.
• Under Group or user names, select
or add a group or user.
• At the bottom, allow or deny one
of the available permissions.
Fall 2011
Nassau Community College ITE153
– Operating Systems
7
NTFS Permissions
The NTFS permission levels are as follows:
• Full Control - Users can do anything to the file, including taking
ownership of it. It is recommended that you grant this level of
access only to administrators
• Modify - Users can view and modify files and file properties,
including deleting and adding files to a directory or file properties
to a file. Users cannot take ownership or change permissions on the
file
• Read & Execute - Users can run executable files, including scripts
• List Folder Contents - Users can view a list of a folder's contents
• Read - Users can view files and file properties
• Write - Users can write to a file.
Fall 2011
Nassau Community College ITE153
– Operating Systems
8
NTFS Permissions Guidelines
Use the following guidelines when you assign NTFS permissions:
• To simplify administration, group files into application, data,
and home folders. Centralize home and public folders on a
volume that is separate from applications and the operating
system. Doing so provides the following benefits:
• You assign permissions only to folders, not to individual
files
• Backup is less complex because you don't need to back up
application files, and all home and public folders are in one
location
• Allow users only the level of access that they require. If a
user only needs to read a file, assign the Read permission to
his or her user account for the file. This reduces the possibility
of users accidentally modifying or deleting important
documents and application files.
Fall 2011
Nassau Community College ITE153
– Operating Systems
9
NTFS Permissions Guidelines
• Create groups according to the access that the group
members require for resources, and then assign the
appropriate permissions to the group. Assign permissions to
individual user accounts only when necessary
• When you assign permissions for working with data or
application folders, assign the Read & Execute permission to
the Users group and the Administrators group. This prevents
application files from being accidentally deleted or damaged
by users or viruses
• Deny permissions only when it is essential to deny specific
access to a specific user account or group
• Encourage users to assign permissions to the files and folders
that they create and educate them about how to do so
Fall 2011
Nassau Community College ITE153
– Operating Systems
10
NTFS Permission Combinations Rules
Fall 2011
Nassau Community College ITE153
– Operating Systems
11
NTFS Permission Inheritance
Fall 2011
Nassau Community College ITE153
– Operating Systems
12
Special NTFS Permissions
• There are fourteen
special permissions
to fine-tune your
security
• Click the Advanced
button on the
Security tab, then
click the Effective
Permissions tab
Fall 2011
Nassau Community College ITE153
– Operating Systems
13
Special NTFS Permissions
IMPORTANT: Groups or users who are granted Full Control on a folder can delete
any files in that folder regardless of the permissions that protect the file.
Fall 2011
Nassau Community College ITE153
– Operating Systems
14
Lab A: NTFS Permissions
Fall 2011
Nassau Community College ITE153
– Operating Systems
15
Session 24
Windows 7 Professional
Sharing Printers
Fall 2011
Nassau Community College
ITE153 – Operating Systems
16
Sharing Printers
Printer Environment
• Printer
• Printer Port
• Printer Driver
• Printer Spooling
• Print Directory
• Network
Fall 2011
Nassau Community College ITE153
– Operating Systems
17
Shared Folders
Fall 2011
Nassau Community College ITE153
– Operating Systems
18
Connecting a Network Printer
• You can use the Add Printer Wizard to make
things easy
• The UNC is back but in this format:
\\printservername\sharename
• You can use Active Directory to Find a
printer in the Directory
• You will probably have to create a TCP/IP
port
Fall 2011
Nassau Community College ITE153
– Operating Systems
19
Adding a Printer
Fall 2011
Nassau Community College ITE153
– Operating Systems
20
Print Management
Fall 2011
Nassau Community College ITE153
– Operating Systems
21
Print Services
Fall 2011
Nassau Community College ITE153
– Operating Systems
22
Print Services
Fall 2011
Nassau Community College ITE153
– Operating Systems
23
Linux Printing
The new CUPS interface recognizes many printers. Specific
printers not recognized can often be installed using instructions
found at the Linux Foundation OpenPrinting database.
Add a Printer
Menu -> System -> Administration -> Printing -> Server -> New -> Printer
• Most of the time, your printer (if connected and turned on)
will be detected automatically.
• e.g., my network printer with its own IP address at
192.168.0.200 was correctly installed at
hp:/net/Photosmart_D110_series?zc=HP54DDCF
• You can also choose printers on a Windows system via Samba
and other types of networked printers, in addition to directly
connected printers.
Use CUPS web interface
• From any web browser, go to the URL:
http://localhost:631
Fall 2011
Nassau Community College ITE153
– Operating Systems
24
Lab B: Sharing Printers
Fall 2011
Nassau Community College ITE153
– Operating Systems
25
Important URLS
• NTFS Technical Reference - What it is, how it works, and
tools to use.
• NTFS.com - everything you ever wanted to know about
NTFS
• Securing Resources with NTFS Permissions - good, practical
tutorial on NTFS permissions
• CUPS - Command Line Unix Printing, this is a great site for
help in setting up printers in Linux
• SAMBA - This software providers interoperability between
Windows and everything else
• Windows 2008 Server Print Management - lots of helpful
information from Microsoft
Fall 2011
Nassau Community College ITE153
– Operating Systems
26
Homework
 Review the Slides
 Review Lessons 10 &11 In The Text
Fall 2011
Nassau Community College ITE153
– Operating Systems
27
Download