Exercise #11 - Sharing a Folder and Assigning Permissions
Class:FO91B NetDiag 15/10/09
Exercise #11 - Sharing a Folder and Assigning Permissions
Objectives
The goal of this lab is to share a folder on a Windows XX host. You will set folder share permissions and NTFS permissions. These permissions will control access to a folder. You will create a file within a shared folder and apply permissions to the file.
After completing this lab, students will be able to:
· Create and share a folder with share permissions
· Set auditing for a folder
· Assign NTFS permissions to a file
Activity Background
Share permissions set the maximum allowable actions for a shared folder. The default for share permissions is Everyone Full Control. You can leave the default share permissions set.
With NTFS permissions, you can limit access to files and folders. The basic NTFS permissions include: Read, Write, Read & Execute, Modify, and Full Control. When multiple permissions are assigned, the resultant action is cumulative, as described below:
· Optionally, user is given permission to a resource
· User is a member of group or groups
· Group or groups are given permission to resource
· Effective permission is the cumulative permission
· DENY means NO ACCESS
· File permissions override directory permissions
The cumulative share permissions and cumulative NTFS permissions are then compared and the most restrictive is the effective permission. This most restrictive permissions rule has these characteristics:
· User is given cumulative permissions to a shared resource
· User is given cumulative permissions through NTFS permissions
· Effective permissions is the most restrictive
In summary, it is customary to run NTFS volumes in most situations, leave share permissions set to Full Control and use NTFS permissions to limit access.
Activity
1. Log on with the administrator account for your Windows XX.
2. Double click on the My Computer icon on the desktop.
3. Double click Local Disk (C:).
4. Create a new folder named ShareFMI (where F is your first initial, M is your middle initial, and L is your last initial)
5. Right click ShareFML (from step 4) and then click Sharing
6. Click Share this folder, but do not change the share name.
7. Type a comment in the Comment text box, and then click Permissions. Verify the Everyone has Full Control for the share permissions.
8. Click Apply, and the click OK
9. Right click ShareFML, and then click Properties
10. Click the Security tab, and then click Advanced
11. Click the Auditing tab, and then click Add
12. Scroll through the box, locate and click Everyone, then click OK
13. Click Create Files/Write Data Failed, then click OK
14. Click Apply, then click OK, Click OK, and then click OK
15. Create a new text document in the ShareFML folder named share1.txt.
16. Open the properties for the text document you created in step 15
17. Click the Security tab and verify that the Everyone group appears, then verify that this group has Full Control.
18. To set NTFS permissions for the document, click Write Deny and then click Apply.
19. Read the security message
20. Click Yes
21. Verify that the Allow inheritable permissions from parent to propagate object option button is selected
22. Click OK and then close My Computer.
Review Questions
1: Robert belongs to the Everyone, Marketing, and Accounting groups. The folder was shared with Full Control. The shared folder on a member server has the following NTFS permissions
Group / PermissionsAccounting / Full Control
Marketing / Deny
Everyone / Read
(Review Question 1 (cont))
Robert needs access to the folder. What must you do in order for him to have Read access to this share?
a. Nothing. As a member of the Accounting group, he is given Full Control permission
b. He has Read permission due to his membership in the Everyone group
c. You must remove his account from the Marketing group
d. Give his account specific permissions to access this folder
2: A directory name \cars on an NTFS partition on your Windows 2000 server has the following permissions:
Groups / PermissionsEveryone / Deny
Engineering / Full Control
Marketing / Read Only
The folder was shared with Full Control. A file named ford.doc in this folder has Read Only access for the Engineering group. James, a member of the Engineerng group, logs on locally to the server. What permissions does he have for the file ford.doc?
a. He has Deny Only access
b. He has Read Only access
c. He has Full Control
d. He has Read and Write access only.
Presented by SaiAungLwinTun Page 11