Information Technology Reference
In-Depth Information
5. Create a folder named
Marketing
. Open its Properties dialog box, and click the
Security
tab.
6. Disable permission inheritance on the Marketing folder. When asked whether you want to
copy or remove existing permissions, click
Remove
. Notice that one entry remains in the
Permissions list: The Administrators group is given Full control permission for “This folder
only” to prevent error messages when the Administrator attempts to access the folder.
7. Click
Edit
. In the Apply to list box, click
This folder, subfolders and files
. Because you're
working with this folder and subfolders as the Administrator account, making this change
prevents “Access is denied” messages on files and subfolders. Normally, company policy dic-
tates whether the Administrators group should have access to all folders and files.
8. Click
OK
until you get to the Security tab for the Marketing folder.
9. Click
Edit
. Click
Add
, type
MktgDocs-DL
, and then click
OK
. The default permissions
assigned to a new ACE are Read & execute, List folder contents, and Read. Click the
Write
check box in the Allow column, and then click
OK
.
10. Click
Advanced
, and then click
Edit
. Click
Add
, type
Creator Owner
, and then click
OK
.
Click the
Full control
check box in the Allow column. In the Apply to list box, click
Subfolders and files only
. Click
OK
until the Properties dialog box for the Marketing folder
is closed.
11. To test your permissions, log off your server and log on as
advuser1
with
Password01
. This
user is a member of the Marketing-G group. Change the password when prompted to
Password02
.
12. Browse to the
Marketing
folder, and create a text file named
AdvUser1.txt
. Open the file and
type
AdvUser1
. Save the file, and exit Notepad.
13. Log off and log on as
advuser2
with
Password01
. Change the password to
Password02
when prompted.
14. Browse to the
Marketing
folder and open
AdvUser1.txt
. Type
AdvUser2
at the end of the
file. Save the file, and exit Notepad. Clearly, you can read and make changes to the file. Try
to delete the file. You should get the “Destination Folder Access Denied” message. Click
Continue
. You're prompted to enter a username and password with permission to delete the
file. Click
Cancel
.
15. Log off and log on as
advuser1
with
Password02
. Delete the
AdvUser1.txt
file to verify that
the advuser1 user can delete the file, but other users can't. Create another text file named
AdvUser1.txt
to use in a subsequent activity. Close any open windows, and log off.
A solid grasp of how to use NTFS permissions is essential for an administrator to build an
accessible yet secure file-sharing system. However, in a network environment, you're unlikely to
have users log on to servers interactively to access files. Instead, you need to configure file shar-
ing, covered in the following section.
6
The File Services role is required to share folders. You can install this role by using Server
Manager, or you can simply share a folder to have the role installed automatically. Folders in
Windows Server 2008 can be shared only by members of the Administrators or Server Operators
groups.
Sharing files on the network, as you have seen in previous activities, isn't difficult in a
Windows environment. Nonetheless, you should be familiar with some techniques and options
before forging ahead with setting up a file-sharing server. You can use the following methods to
configure folder sharing in Windows Server 2008:
•
File Sharing Wizard
—To start this wizard, right-click a folder and click Share. The File
Sharing Wizard (see Figure 6-12) simplifies sharing for novices by using friendlier terms
for permissions and by setting NTFS permissions to accommodate the selected share per-
missions. In Figure 6-12, the permissions you see—Reader, Contributor, and Co-owner or
Search WWH ::
Custom Search