Information Technology Reference
In-Depth Information
4. Click the
Advanced
button. Notice that the Administrators group and SYSTEM special
identity are granted Full control. Double-click the
CREATOR OWNER
entry. This spe-
cial identity is given Full control, but only over subfolders and files. This entry ensures
that any user who creates a file or folder is granted Full control permission for that
object. A user must have at least the Write standard permission to create files and folders.
Click
Cancel
.
5. Double-click the
Users
entry with Special in the Permission column. This entry and the Users
entry above it allow users to create folders and files, but only in subfolders. This permission
prevents users from creating files in the root of the volume. Click
Cancel
.
6. Double-click the
Everyone
entry. This set of permissions allows the Everyone special iden-
tity to view a list of files and folders in the root of the volume (but not open the files or fold-
ers). The Apply to setting “This folder only” prevents child objects from inheriting these
permissions. Click
Cancel
three times.
7. Create a folder in the root of the QData volume named
TestPerm
.
8. Open the TestPerm folder's Properties dialog box, and click the
Security
tab. Note that the
folder inherited all ACEs except the Everyone entry. Click
Edit
. Click each ACE in the Group
or user names list box. Permissions for the entries are grayed out, meaning you can't change
them because they are inherited. Click
Cancel
twice.
9. Create a text file in the TestPerm folder named
Permfile1.txt
.
10. Open the Permfile1.txt file's Properties dialog box, and click the
Security
tab. Note that the
file inherits the TestPerm folder's permissions except the CREATOR OWNER special iden-
tity, which you see only in the DACL of folders. Close any open windows.
6
Activity 6-9: Experimenting with NTFS Permissions
Time Required:
20 minutes
Objective:
Experiment with NTFS permissions.
Description:
You're somewhat confused about NTFS permissions, so you decide to create a test
folder and some test files to use in a variety of NTFS permission experiments.
1. Log on to your server as Administrator, if necessary.
2. Open Windows Explorer, and navigate to the
TestPerm
folder you created on the QData
volume.
3. First, you want to be able to view file extensions in Windows Explorer so that you can create
batch files easily. Click
Organize
on the toolbar, and then click
Folder and Search Options
.
Click the
View
tab. Click to clear the
Hide extensions for known file types
check box, and
then click
OK
.
4. Create a text file called
TestBatch.bat
. When asked whether you want to change the file
extension, click
Yes
.
5. Right-click
TestBatch.bat
and click
Edit
. Type
@ Echo This is a test batch file
and press
Enter
. On the next line, type
@Pause
. Save the file, and then exit Notepad. To test your batch
file, double-click it. A command prompt window opens, and you should see “This is a test
batch file. Press any key to continue . . . ” Press the
spacebar
or
Enter
to close the command
prompt window.
6. Open the Properties dialog box for TestBatch.bat, click the
Security
tab, and then click
Advanced
. Click
Edit
. Click to clear the
Include inheritable permissions from this object's
parent
check box to disable inheritance. In the message box that opens, click
Copy
to copy
the current permissions, and then click
OK
. Notice that the three permissions entries now
indicate “<not inherited>” in the Inherited From column. Click
OK
.
7. Click
Edit
. Click
Users
in the Group or user names list box. In the Permissions for Users list
box, click to clear the
Read & execute
check box in the Allow column and leave the
Read
check box selected. Click
OK
twice.
Search WWH ::
Custom Search