Information Technology Reference
In-Depth Information
8. Right-click
TestShare1
and click
Properties
. Click the
Sharing
tab, and then click
Advanced
Sharing
.
9. Click
Permissions
. Notice that the TestSharing-DL group was assigned the Change permis-
sion, which corresponds to Contributor in the File Sharing Wizard. The Administrator
account has Full Control permission to the share. Click
Cancel
twice.
10. In the TestShare1 folder's Properties dialog box, click the
Security
tab. Scroll through the
ACEs in the DACL. Notice that TestSharing-DL and Administrator ACEs were added to the
DACL with NTFS permissions to match the share permission. However, all other ACEs were
maintained. In the real world, this may or may not be what you intended.
11. Close all open windows.
Activity 6-12: Sharing a Folder with Advanced File Sharing
Time Required:
15 minutes
Objective:
Share the Marketing folder created earlier.
Description:
Now that you have a solid understanding of sharing folders and NTFS permissions,
you decide to share the Marketing folder you created earlier, and then test network access to the
folder from a client workstation.
1. Log on to your server as Administrator, if necessary.
2. Open Windows Explorer, and click to open the
QData
volume. Right-click the
Marketing
folder and click
Share
. The File Sharing Wizard doesn't start, however, because you disabled
permission inheritance on this folder earlier. The File Sharing Wizard is disabled on folders
where inheritance is disabled. Notice that the Share button is disabled, too.
3. Click
Advanced Sharing
. Click to select the
Share this folder
check box. Leave the share
name as is, and then click the
Permissions
button. By default, the share permission is Allow
Read for Everyone.
4. Because you don't want the Everyone special identity to have Read permission, click
Remove
. Click
Add
, type
MktgDocs-DL
, click
Check Names
, and then click
OK
.
5. You want all users to be able to create files and have full control over files they create (recall
Activity 6-10), so click the
Full Control
check box in the Allow column. Even though users
will have Full Control over files they create, NTFS permissions restrict them to Read, Read &
execute, and Write on all other files. Click
OK
twice, and then click
Close
.
6. Log on to the domain from your Vista computer as
advuser2
with
Password02
. Click
Start
,
type
\\serverXX\Marketing
in the Start Search text box, and press
Enter
.
7. Open the
AdvUser1.txt
file created in Activity 6-10. Make some changes to the file and save
it. You should be successful because advuser2 has Write permission. Now try to delete the
file. You shouldn't be successful because advuser1 owns the file, and advuser2 doesn't have
Delete permission. Remember, all members of the Marketing-G group were granted Full
Control share permission, but NTFS permissions are more restrictive, allowing Full control
only over files the user owns. When applying both share and NTFS permissions, the more
restrictive permission of the two is applied.
8. Create a file named
AdvUser2.txt
, and then try to delete it. You should be successful.
9. Close all open windows, and log off the Vista computer.
Activity 6-13: Restricting Access to Subfolders of Shares
Time Required:
15 minutes
Objective:
Restrict access to a subfolder of a share.
Description:
The Sales Department wants a subfolder of the Marketing share to store sensi-
tive documents that should be available only to the Sales-G group because some Marketing
Search WWH ::
Custom Search