Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Chapter 5 Powerpoint

advertisement 
MCITP Guide to Microsoft
Windows Server 2008 Server
Administration (Exam #70-646)
Chapter 5
Configuring, Managing, and
Troubleshooting Resource Access
Learning Objectives
•
•
•
•
•
Set up security for folders and files
Configure shared folders and shared folder security
Install and set up the Distributed File System
Configure disk quotas
Implement UNIX compatibility
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
2
Managing Folder and File Security
• Steps for sharing resources
– Creating accounts and groups
– Create access control lists (ACLs)
• Types of ACLs
– Discretionary ACL (DACL)
• Configured by a server administrator or owner of an
object
– System control ACL (SACL)
• Contains information used to audit the access to an
object
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
3
Managing Folder and File Security
(cont’d.)
• DACL and SACL controls for folders and files
–
–
–
–
Attributes
Permissions
Auditing
Ownership
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
4
Configuring Folder and File Attributes
• Attributes
– Stored as header information with each folder and file
– Along with other characteristics including volume
label, designation as a subfolder, date of creation,
and time of creation
• Read-only and hidden attributes
– Set on General tab in an NTFS folder’s or file’s
properties dialog box
• Advanced attributes
– Archive, index, compress, and encrypt
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
5
Configuring Folder and File Attributes
(cont’d.)
Figure 5-1 Attributes of a folder on an NTFS formatted disk
Courtesy Course Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
6
Configuring Folder and File Attributes
(cont’d.)
• Archive attribute
– Checked to indicate that the folder or file needs to be
backed up because it is new or changed
• Index Attribute vs. Windows Search Service
– Index attribute and accompanying Indexing Service
are legacy features for continuity with earlier
operating systems
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
7
Configuring Folder and File Attributes
(cont’d.)
• Windows Search Service
– Install the File Services role via Server Manager
• Indexed files include:
–
–
–
–
Files in the Documents folder for an account
e-mail files
Photos and multimedia files
Files that are commonly accessed
• Maintain Windows Search Service through Control
Panel
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
8
Configuring Folder and File Attributes
(cont’d.)
Figure 5-3 Configuring advanced
indexing options
Courtesy Course Technology/Cengage
Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
9
Configuring Folder and File Attributes
(cont’d.)
• Compress Attribute
– Reduce the amount of disk space used for files
– Disadvantage of compressed files is increased CPU
overhead to open the files and to copy them
• Encrypt Attribute
– Only user who encrypts folder or file is able to read it
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
10
Configuring Folder and File Attributes
(cont’d.)
• Microsoft Encrypting File System (EFS)
– Sets up a unique, private encryption key associated
with the user account that encrypted the folder or file
– Uses both symmetric and asymmetric encryption
techniques
• Activity 5-1: Encrypting Files
– Objective: Encrypt files in a folder
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
11
Configuring Folder and File
Permissions
• Permissions
– Control access to an object,
such as a folder or file
• Use Edit button on the folder
properties Security tab
– Change which groups and
users have permissions to a
folder
Figure 5-4 Configuring folder permissions
Courtesy Course Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
12
Configuring Folder and File
Permissions (cont’d.)
Table 5-1 NTFS folder and file permissions
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
13
Configuring Folder and File
Permissions (cont’d.)
• Activity 5-2: Configuring Folder Permissions
– Objective: Configure permissions on a folder so that
users can modify its contents
• Inherited permissions
– Parent object permissions apply to child object
• Activity 5-3: Removing Inherited Permissions
– Objective: Remove inherited permissions on a folder
• Activity 5-4: Configuring Special Permissions
– Objective: Configure special permissions for a folder
to grant a group expanded access
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
14
Configuring Folder and File
Permissions (cont’d.)
Figure 5-5 Advanced Security Settings dialog box
Courtesy Course Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
15
Table 5-2 NTFS folder and file special permissions
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
16
Configuring Folder and File Auditing
• Auditing
– Track activity on a folder or file, such as read or write
activity
• NTFS folders and files
– Audit combination of any or all of activities listed as
special permissions
• Activity 5-5: Auditing a Folder
– Objective: Configure auditing on a folder to monitor
how it is accessed and who is making changes to the
folder
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
17
Configuring Folder and File Auditing
(cont’d.)
Figure 5-8 Folder auditing
selections
Courtesy Course Technology/Cengage
Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
18
Configuring Folder and File Ownership
• Folders
– Owned by the account that creates them
• Owners have ability to change permissions for
folders they create
• Taking ownership
– Transfer ownership
– Administrator can always take ownership
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
19
Configuring Folder and File Ownership
(cont’d.)
Figure 5-9 Taking ownership of a folder
Courtesy Course Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
20
Configuring Shared Folders and
Shared Folder Permissions
• Shared folder
– Users can access over the network
• Changed in Windows Server 2008 from previous
versions
– Make person offering share more aware of security
options
• Activity 5-6: Enabling Sharing a Folder
– Objective: Turn on file sharing and public folder
sharing
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
21
Configuring Shared Folders and
Shared Folder Permissions (cont’d.)
Figure 5-10 File Sharing dialog box
Courtesy Course Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
22
Configuring Shared Folders and
Shared Folder Permissions (cont’d.)
Figure 5-11 Sharing tab
Courtesy Course Technology/Cengage
Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
23
Configuring Shared Folders and
Shared Folder Permissions (cont’d.)
• Share permissions for an object
– Differ from the NTFS access permissions set through
the Security tab
– NTFS and share permissions are cumulative
• Four share permissions associated with a folder
–
–
–
–
Reader
Contributor
Co-owner
Owner
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
24
Configuring Shared Folders and
Shared Folder Permissions (cont’d.)
• Folder caching options
– Only the files and programs that users specify will be
available offline
– All files and programs that users open from the share
will be automatically available offline
– Files or programs from the share will not be available
offline
• Activity 5-7: Configuring a Shared Folder
– Objective: Configure a shared folder, share
permissions, and offline access
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
25
Publishing a Shared Folder in Active
Directory
• Publish an object
– Make it available for users to access when they view
Active Directory contents
• Directory Service Client (DSClient)
– Software that enables older operating systems to
search Active Directory
• Activity 5-8: Publishing a Shared Folder
– Objective: Publish a shared folder in Active Directory
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
26
Troubleshooting a Security Conflict
• Review folder and share permissions for:
– User account
– All of the groups to which user belongs
• Effective Permissions tab
– Helps troubleshoot permissions conflicts
– To access:
• Right-click a folder or file, click Properties, click the
Security tab, click the Advanced button, and click the
Effective Permissions tab
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
27
Troubleshooting a Security Conflict
(cont’d.)
• Take into account what happens when a folder or
files in a folder are copied or moved
• Activity 5-9: Troubleshooting Permissions
– Objective: View the effective permissions on a folder
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
28
Figure 5-13 Examining effective permissions as a troubleshooting aid
Courtesy Course Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
29
Implementing a Distributed File System
• Distributed File System (DFS)
– Simplify access to the shared folders on a network
• By setting up folders to appear as though they are
accessed from only one place
– Makes managing folder access easier for server
administrators
– Configured using the DFS Management tool in the
Administrative Tools menu
– Shared folder contents can be replicated to one or
more DCs or member servers
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
30
Implementing a Distributed File System
(cont’d.)
• Advantages
–
–
–
–
–
–
–
Save time searching
NTFS access permissions apply
Fault tolerance
Load balancing
Improved access for Web-based internet and intranet
Backups made more easily
Important information is not lost when a disk drive on
one server fails
– Users always have access to shared folders even in
the event of a disk failure
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
31
DFS Models
• Stand-alone
– No Active Directory implementation available to help
manage the shared folders
– Provides only a single or flat level share
• Domain-based
– Takes full advantage of Active Directory
– Available only to servers and workstations that are
members of a domain
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
32
DFS Topology
• Hierarchical structure of DFS in domain-based
model
• Namespace root
– Main container in Active Directory
– Holds links to shared folders that can be accessed
from the root
– Populated by shared folders for users to access
• Replication group
– Set of shared folders replicated or copied to one or
more servers in a domain
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
33
Installing DFS
• Installed as a service within the File Services role
Figure 5-14 Selecting to
install DFS
Courtesy Course
Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
34
Figure 5-15 Configuring the namespace type
Courtesy Course Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
35
Installing DFS (cont’d.)
• Activity 5-10: Creating a Namespace Root
– Objective: Configure a namespace root
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
36
Managing a Domain-Based
Namespace Root System
• Tasks involved in managing the namespace root
–
–
–
–
–
Creating a folder in a namespace
Delegating management
Tuning a namespace
Deleting a namespace root
Using DFS replication
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
37
Managing a Domain-Based
Namespace Root System (cont’d.)
• Creating a Folder in a Namespace
– Folder target is a path in the Universal Naming
Convention (UNC) format
– Universal Naming Convention (UNC)
• Naming convention that designates network servers,
computers, and shared resources
• Activity 5-11: Adding a Folder and Folder Target in
DFS
– Objective: Add a folder in DFS
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
38
Managing a Domain-Based
Namespace Root System (cont’d.)
• Delegating Management
– Day-to-day activities can be managed by an assistant
or by another person
– Right-click namespace and click Delegate
Management Permissions
• Tuning a Namespace
–
–
–
–
Configure the order for referrals
Configure cache duration for a namespace or folder
Configure namespace polling
Configure folder targets as enabled or disabled
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
39
Managing a Domain-Based
Namespace Root System (cont’d.)
• Deleting a Namespace Root
– Delete namespace root via the DFS Management tool
– Click namespace root and click Delete
• Using DFS Replication
– Defined two or more folder targets
– Decide which server is to be the primary group
member
– Click a folder under the namespace root in the tree of
the DFS Management tool
– Replication is handled by the File Replication Service
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
40
Managing a Domain-Based
Namespace Root System (cont’d.)
• Important improvements to DFS replication
– Enables faster and more reliable recovery
– Faster for all sizes of files
– More efficient over LANs and WANs
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
41
Configuring Disk Quotas
• Advantages of disk quotas
–
–
–
–
Prevent users from filling the disk capacity
Encourage users to help manage disk space
Track disk capacity needs
Provide server administrators with information about
when users are nearing or have reached their quota
limits
• Quotas can be set on any local or shared volume
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
42
Configuring Disk Quotas (cont’d.)
• Parameters
–
–
–
–
–
–
–
Enable quota management
Deny disk space to users exceeding quota limit
Do not limit disk usage
Limit disk space to
Set warning level to
Log event when a user exceeds their quota limit
Log event when the user exceeds their warning level
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
43
Configuring Disk Quotas (cont’d.)
• Activity 5-12: Configuring Disk Quotas
– Objective: Enable disk quotas and then set a disk
quota for a specific group of users
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
44
Using UNIX Interoperability in Windows
Server 2008
• Subsystem for UNIX-based Applications (SUA)
– Provides compatibility with UNIX and Linux systems
• SUA functionality
– Run UNIX/Linux applications with few or no changes
to the program source code.
– Run UNIX/Linux scripts
– Use popular UNIX/Linux shells
– Run most UNIX/Linux commands
– Run the popular vi UNIX/Linux editor
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
45
Using UNIX Interoperability in Windows
Server 2008 (cont’d.)
• Compiler
– Program that reads lines of program code in a source
file and converts the code into machine-language
instructions the computer can execute
• Script
– Consists of lines of commands that are executed
when you run the script
• Shell
– Interface between the user and the operating system
– Korn or C shell
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
46
Using UNIX Interoperability in Windows
Server 2008 (cont’d.)
• Dynamic-link library (DLL)
– Contain program code that can be called and run by
Windows applications
• Server for Network Information Services
– Provides a naming system for shared resources on a
UNIX/Linux network
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
47
Using UNIX Interoperability in Windows
Server 2008 (cont’d.)
• New features for SUA
– More transparent ability for UNIX/Linux applications to
connect to Oracle and SQL Server databases
– Inclusion of true 64-bit libraries
– New utilities
– Use Microsoft Visual Studio for designing UNIX/Linux
applications
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
48
Summary
• Discretionary access control lists
– Manage access to resources
• Folder and file attributes provide one level of
security
• Permissions provide another level of security
• Folders can be shared for users to access over a
network
• Use Effective Permissions capability to troubleshoot
a security conflict
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
49
Summary (cont’d.)
• Distributed File System (DFS)
– Set up shared folders that are easier for users to
access and can be replicated for backup and load
distribution
• Disk quotas
– Manage the resources put on a server disk volume
• Subsystem for UNIX-based Applications
– Provides compatibility with UNIX and Linux systems
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
50
Related documents
Sharepoint 101
Sharepoint 101
Travels, Initiatory journeys, exile
Travels, Initiatory journeys, exile
Jeopardy
Jeopardy
How To Upload Photos to google drive
How To Upload Photos to google drive
The key to unlocking the learning is key skills
The key to unlocking the learning is key skills
Managing Your Files
Managing Your Files
MOC - Microsoft Learning Campaign Factory
MOC - Microsoft Learning Campaign Factory
Document Properties: adding information to your Microsoft Office
Document Properties: adding information to your Microsoft Office
Reading Activities - EmeraldPrimarySchoolGrade6
Reading Activities - EmeraldPrimarySchoolGrade6
Download
advertisement