Implementing File Services

Introduction
 Implementing file services is about making
data stored on a server available to clients.
 It is about making files and folders stored
centrally on the server available to users on client
computers.
 To create an item to work with, open the new
partition on the server, and create a folder
named ‘demo folder’, and inside this folder
create a simple text file named ‘demo file’.
2
 NTFS Permissions
 Right click on the file and click on properties, and click
on the security tab.
 There you see an access control list, which is a list of
users and groups
 In our server case, you see 3 groups
• System, Administrators, Users
 When you click on each, in the permission for users box
(down below) you see the level of permission for each user
or group to access this particular file.
• There are two columns (Allow and Deny)
• The Users group for example has the ability to read & execute, and
read.
3
 NTFS Permissions
 An individual user can be a member of more than one group
 Like administrators and users.
 Deny always overrides permit!!!
 That means, if a user is member of two groups, and in one
group he/she is allowed to have full control, and in the other
group he/she is denied to modify, the deny is effective (more
powerful than the allowed full control).
 The administrator is by default member of the two groups
Administrators and Users.
 If you deny one permission in the users group but allow that same
permission in the administrators group, the deny has more power,
so he/she will be denied
4
 NTFS Permissions
 If you want to add permission to a user or group, click on
the edit button, then click on the group or user in the
group or user names, and check in the appropriate check
boxes to either allow or deny permissions in the list down
below, and click ok.
 If you want to add another user or group, click on the add
button, then type the group or user name and click ok.
 e.g. add the IT Users group, that we created in the active
directory, and allow the group to modify (that includes
permission of the additional 4 permissions below) and click
ok.
• Then all members of that group will inherit these permissions.
5
 NTFS Permissions
 The previous things were on the file.
 If you right click a folder, and click on
properties, then on security tab, you see the
same things, but also one additional item,
called ‘list folder contents’.
 If you allow permission to list folder contents,
the object can see the contents of that folder,
even if they can’t access it.

6
 Sharing
 There is another tab, called sharing tab (before the security tab)
 If we share a folder, we make it accessible across the network.
 To share, we have two ways
 Share
 Advanced sharing
 If you click the advanced sharing, you can check the share
check box.
 The share name can be different from the folder name
 Click on permissions button to set up specific permissions to
users/groups, the same way we setup NTFS permissions
 You can add users/groups and specify whether they have read,
change or full control access.
7
 Sharing
 To access a file over a network, we must share the
folder first.
 When you share the folder, if you limit the permissions
of the folder sharing to specific groups, this also applies
to the files inside this folder, even if users/groups have
full control to the files inside the folder
 Folder sharing permissions override file security
permissions
 This way, you can set a folder to be accessible only by
some groups/users created in the active directory, and
not be accessed by others.
8