File and

Share Access

Done by:
Fatima shaji
Sayed Qassim
Lesson plan of today…..

• Designing a File Sharing Strategy

• Creating Folder Shares

• Assigning Permissions

• Configuring Volume Shadow Copies

• Configuring NTFS Quotas

 “Qucik Open question ?” 📌

How file & sharing will benefit you as an IT student ?

Designing a File
Sharing Strategy
 Why we store user files on shared server drives?

➜To enable users to collaborate

➜To back up document

➜To protect information (controlling access to documents)

➜To reduce the number of shares needed on the network

➜To prevent the need to share access to workstations

➜To monitor users’ storage habits /disk space

➜To protect users from the sharing /permission processes

 We will be foucs on three main steps
Designing file startgies

Mapping Drives.

Controlling Access

Arranging Shares.
 Arranging Shares types

 A private storage space, such as a home folder, to which the user has
exclusive access.

 A public storage space, where each user can store files that he or she
wants classmates to be able to access.

 Access to a shared work space for common and collaborative

documents.
 Controlling Access
➜“least privileges” that users should have
➜only the privileges to perform their required tasks and no more.

Users should have complete access and

control of their own files and no privileges to others’ private files.
Users should have complete control
of their own Public folder, but limited access to others’.

➜Administrators should have privileges to

➜ have full control over users’ private and public folders.
Controlling Access
➜Always assign permissions
to security groups, not to individuals.

➜Utilize domain local groups and global groups to

simplify administration of permissions
.
➜Deny Access NTFS permission used to override
assigned permissions.

New Technology File System

Mapping Drives
➜You have a permeant access to a folder that is
currently residing on another computer over a
network , windows will assign new drive letter A-Z
on the folder .

enables users work with their files without ever

knowing they are stored on a network drive.

can be used to map each user’s

directory to a drive letter on that user’s computer.
Creating Folder Shares
Creating Folder Shares (friendly user )

must be created in order for

network users to be able to access the
disks on the servers. You must
determine:
 What folders you will share?
 What names you will assign to the
shares?
 What permissions you will grant users
to the shares?
 What Offline Files settings you will use
for the shares (Not connected to
network)
 Creating folder Sharesr

You can share your own folders.

• Right-click and select Share with > Specific People to

access a simplified interface.
 Creating folder Shares

Use Sharing tab of the folder’s Properties sheet for

greater control.

The Advanced Sharing dialog box

 Types of Folder Shares

Server Message Blocks (SMB)

oThe standard file-sharing protocol used by all versions of Windows.
oRequires the File Server role service.
Network File System (NFS)
oThe standard file sharing protocol used by most UNIX and Linux
distributions.
oRequires the Server for NFS role service.
Create a Folder Share

The Shares homepage

The Select the profile for this share page in the New
Share Wizard
The Select the server and path for this share page of the New Share
Wizard
The Specify share name page of the New Share Wizard
The Specify permissions to control access page of
the New Share Wizard
The Confirm selections page of the New Share Wizard
The new share on the Shares homepage in
Server Manager
 Assigning
Permissions
 Basic and Advanced Permissions

➜Permissions allow you to grant specific degrees of access to

security principals.

➜Preconfigured permission combinations are called Basic

Permissions.

➜Advanced Permissions are more granular and can

be applied individually, but are rarely used.
Assigning Permissions
The four permissions systems:

➜Share permissions: Control access to folders over

a network.

➜NTFS permissions: Control access to the files and

folders stored on disk volumes formatted with the
NTFS file system.

➜Registry permissions: Control access to specific

parts of the Windows registry.

➜Active Directory permissions: Control access to

specific parts of an Active Directory Domain
Services
 Windows Permissions Architecture

➜Access Control List (ACL)

➜Access Control Entries (ACEs)
➜Security principal
Permission
ACL
Sales – Read
Managers – Full ACEs
Control
JSmith – Deny Access

Folder

Security Principal
 Allowing and Denying Permissions

➜Additive
oStartwith no permissions and then
grant Allow permissions (preferred
method).

➜Subtractive
oStartby granting Allow permissions
and then grant Deny permissions.
 Inheriting Permissions

Permissions run downward through a hierarchy

 Effective Access

The combination of Allow permissions and Deny

permissions that a security principal receives for a system
element:
• Allow permissions are cumulative.
• Deny permissions override Allow permissions.
• Explicit permissions take precedence over inherited
permissions.
The Effective Access tab of the Advanced Security Settings dialog box
The Share Permissions tab for a shared folder
Share permission
 Set Share Permissions

The Permissions page of a share’s Properties sheet

in Server Manager
A Permission Entry dialog box for a share in
Server Manager
The Select User, Computer, Service Account, or Group dialog box
A new share permission entry in a share’s access
control list
 NTFS Authorization

➜NTFS and ReFS support permissions.

➜Every file and folder on an NTFS or ReFS drive has an
ACL with ACEs, each of which contains a security
principal and their permissions.
➜Security Principals are users and groups identified by
Windows using security identifiers (SIDs).
➜During authorization, when a user accesses a
file/folder, the system compares the user’s SIDs to those
stored in the element’s ACEs to determine that user’s
access.
 NTFS Basic Permissions—Full Control
Folder
• Modify the folder
permissions.
• Take ownership of the
folder.
• Delete subfolders and
files contained in the
folder.
• Perform all actions
associated with all
other NTFS folder
permissions.
File
• Modify the file
permissions.
• Take ownership of
the file.
• Perform all actions
associated with all
other NTFS file
permissions.
 NTFS Basic Permissions—Modify

Folder File
• Delete the folder. • Modify the file.
• Perform all actions • Delete the file.
associated with the • Perform all actions
associated with the Write
Write and the Read &
and the Read & Execute
Execute permissions. permissions.
 NTFS Basic Permissions—Read & Execute

Folder File
• Navigate through • Perform all actions
restricted folders to associated with the Read
reach other files and permission.
folders. • Run applications
• Perform all actions
associated with the
Read and List Folder
Contents permissions.
 NTFS Basic Permissions—List Folder Contents

Folder File
• View the names of • Not applicable
the files and
subfolders contained
in the folder.
 NTFS Basic Permissions—Read

Folder File
• See the files and • Read the contents of the
subfolders contained file.
in the folder. • View the ownership,
permissions, and
• View the ownership, attributes of the file.
permissions, and
attributes of the
folder.
 NTFS Basic Permissions—Write

Folder File
• Create new files and • Overwrite the file.
subfolders inside the • Modify the file attributes.
folder. • View the ownership and
• Modify the folder permissions of the file.
attributes.
• View the ownership
and permissions of
the folder.
Assign Basic NTFS Permissions

The Advanced Security Settings dialog box for a share in Server Manager
Assigning Advanced NTFS Permissions

The Permission Entry dialog box displaying

Advanced Permissions
 Resource Ownership

➜Every file and folder on an NTFS drive has

an owner.
➜The owner always has the ability to modify
the permissions, even if current permissions
settings deny them access.
➜The owner is the person who created the
file or folder.
➜Others with the Take Ownership permission
can become the owner.
 Combining Share and NTFS Permissions

Shared
Share Permissions Folder

FC
Everyone File A
NTFS Permissions

R
File B
NTFS Permissions

FC

NTFS Volume
Configuring Volume Shadow
Copies
Volume Shadow Copies

➜Allow you to maintain previous

versions of files on a server.
➜A copy of a file can be accessed even
if a file has been accidentally deleted or
overwritten.
➜Can be implemented for entire
volumes only.
 Configure Shadow Copies

The Shadow Copies dialog box

Configure Shadow Copies

The Settings dialog box

Configuring NTFS
Quotas
NTFS Quotas

➜Enable administrators to set a

storage limit for users of a particular
volume.
➜Users exceeding the limit can be
denied access or just receive a
warning.
➜Space consumed by users is
measured by the size of the files they
own or create.
Configure NTFS Quotas

The Quota tab of a volume’s Properties sheet

 !
Thank you for your Time
Any questions?