NTFS - PowerPoint PPT Presentation

1 / 82
About This Presentation
Title:

NTFS

Description:

Assigning NTFS Permissions and Special Permissions. Solving Permissions Problems ... inherited by and propagated to the subfolder and files that are contained in the ... – PowerPoint PPT presentation

Number of Views:785
Avg rating:5.0/5.0
Slides: 83
Provided by: lowellva
Category:
Tags: ntfs | subfolder

less

Transcript and Presenter's Notes

Title: NTFS


1
  • NTFS

2
Chapter Overview
  • Understanding and Applying NTFS Permissions
  • Assigning NTFS Permissions and Special
    Permissions
  • Solving Permissions Problems

3
Discovering NTFS
  • Using NTFS permissions
  • How XP applies NTFS permissions
  • Assigning NTFS permissions
  • Copying and moving files and folders

4
Introduction to NTFS Permissions
  • NT file system (NTFS) permissions specify
  • Who can access folders and files
  • What they can do with the contents
  • NTFS permissions are available only on NTFS
    volumes.
  • NTFS permissions provide security for
  • Local access
  • Over the network access

5
Using NTFS permissions
  • NTFS permissions
  • NTFS Folder permissions
  • NTFS file permissions

6
Managing NTFS Permissions
  • The following can assign NTFS permissions
  • Administrators
  • Owners of files and folders
  • Users with the Full Control permission

7
  • NTFS is the Windows file system that defines the
    way in which files are named, stored, and
    organized.
  • A file system is used to partition a hard drive.
  • Partitions are simply a logical portion of a
    physical disk that functions as though it were a
    separate unit.

If no permissions are assigned to a user or group
they can not access the resource. NTFS provides
the level of user access.
8
NTFS permissions
NTFS Partition C\
  • Permissions can be assigned to user accounts and
    groups
  • Permission can be denied

READ
User 1
No permissions Assigned
User 2
9
When assigning permissions to files it is best to
instead assign permissions to a folder. Then
place files into a folder with the security
requirements you need. You can specify
permissions on individual files within a folder
if you want a user to have access to only a
particular file
User 1
10
  • Folder and File permissions

11
NTFS Folder Permissions
  • Read
  • Write
  • List Folder Contents
  • Read Execute
  • Modify
  • Full Control

12
  • You assign folder permissions to control access
    users have to
  • Folders
  • and the files
  • and the sub folders.

13
Most restrictive
least
14
NTFS File Permissions
  • Read
  • Write
  • Read Execute
  • Modify
  • Full Control

15
NTFS Partition C\
  • You assign file permissions to control the access
    that users have to files.

Folder A
File1
File2
16
Most restrictive
least
17
Granular control
  • When Microsoft designed both file and folder
    permissions schemes, they used many specific and
    special permissions to accomplish this goal.
  • Much of this design comes from well established
    VMS, Unix and mainframe environments.
  • These many special permission are complex in
    their nature.
  • To ease administration, they group them into
    basic permission functions

18
Special folder permissions
19
Special file permissions
20
Access Control List
  • NTFS stores an access control list (ACL) with
    every file and folder.
  • Each ACL contains
  • A list of all user accounts and groups granted
    access
  • The type of access each user and group has been
    granted
  • An access control entry (ACE) for a user account
    or a group

21
Effective Permissions
  • A users effective permissions for a resource are
    the sum of the NTFS permissions that you assign
  • To a user account
  • To all groups the user belongs to
  • A users permissions are said to be cumulative
    because they are the sum of the users
    permissions.

22
NTFS adds permissions
  • A users effective permissions for a resource are
    the combination of the NTFS permissions assigned
    to the user account and all the groups to which
    the user belongs

Folder A
File 1
Group B
Write at folder A
File 2
User1
Read at Folder A
Group A
Deny write to file2
23
  • The user 1 has read permission for the folder A,
    but is a member of a group with write permissions
    for that same folder
  • The user has now both read and write permissions.

NTFS Partition C\
Folder A
Read write
Read write
File1
Group B
Write at folder A
File2
User1
Read at Folder A
24
Fact.
  • When multiple permissions are assigned to a group
    of users, the least restrictive permissions
    apply.

25
Overriding Folder Permissions with File
Permissions
  • NTFS file permissions take priority over NTFS
    folder permissions.
  • A user with the appropriate permissions can
    access a file even if that user does not have
    permission to access the folder containing the
    file.
  • The Bypass Traverse Checking security permission
    allows a user to access a file even if the user
    does not have corresponding folder permissions.
  • The folder that contains the file is invisible if
    the user does not have corresponding folder
    permissions.
  • To gain access to the file, a user can do one of
    the following
  • Use the full Universal Naming Convention (UNC).
  • Use the local path to open the file from its
    respective application.

26
  • NTFS file permissions take priority over folder
    permissions.
  • The user has at folder A now both read and write
    permissions but file permissions on file 2
    restrict him to only read.

NTFS Partition C\
Folder A
Read and write
Read and write
File1
Group B
Write at folder A
File2
Read
User1
Read at Folder A
Group A
Deny write to file 2
27
Overriding Permissions with Deny
  • You can deny permissions to a user account or
    group for a specific file or folder.
  • Deny overrides all instances in which that
    permission is allowed.
  • Denying permissions is not the recommended way to
    control access to resources.

28
  • Deny overrides other permissions.
  • Avoid using deny permissions
  • It is preferable to structure groups and organize
    resources in folder so that allowing permission
    is sufficient.

NTFS Partition C\
Folder A
Read and write
Read and write
File1
Group B
Write at folder A
File2
Read
User1
Read at Folder A
Group A
Deny write to file2
29
  • Deny overrides other permissions.
  • If you denied a user Read Execute even if
    later you added the user to a group with full
    control the user would not be able to Read
    Execute.

30
Denying read and execute permissions for a user
.. Turns off all the associated special
permissions and overrides any other permissions
given.
31
Lets see what you know!
  • Users can write at folder A
  • Sales can read at folder A
  • What permissions does Joe have at folder A?

Folder A
  • Users can read at folder A
  • Sales can write to folder B
  • What can Joe do at file 2?

File 1
Users
File 2
Joe
  • Users have modify for folder A
  • File 2 should have access by sales only and read
    only
  • What steps must be take to ensure this situation?

Folder B
Sales
File 2
32
(No Transcript)
33
(No Transcript)
34
(No Transcript)
35
(No Transcript)
36
(No Transcript)
37
(No Transcript)
38
(No Transcript)
39
(No Transcript)
40
NTFS Permissions Inheritance
  • By default, the parent folders permissions are
    propagated to
  • Any existing subfolders and files in the parent
    folder
  • Any files or folders created in the parent folder
  • You can prevent permissions inheritance.
  • The folder for which you prevent permissions
    inheritance becomes the new parent folder.
  • The subfolders and files in the new parent folder
    inherit the permissions from the new parent
    folder.

41
Permission Inheritance
42
Assigned permissions
Group B
Folder A
Read and write
Read and write
Folder B
Access to folder B
Inherit permissions
By default, permissions that you assign to a
parent folder are inherited by and propagated to
the subfolder and files that are contained in the
parent folder.
Read
43
Parent folder
By default, permissions that you assign to a
parent folder are inherited by and propagated to
the subfolder and files that are contained in the
parent folder.
44
You can turn off/turn on or reset permission
inheritance.
45
(No Transcript)
46
Controlling permission Inheritance
Changing inheritance of permissions at
c\freebies folder
47
(No Transcript)
48
By default, permissions that you assign to a
parent folder are inherited by and propagated to
the subfolder and files that are contained in the
parent folder. Thus attempting to remove
permissions on folders or files require that you
first remove the inherit property from the parent
object. In our example our parent to our
D\freebies would be D\root
49
Cont..
50
We edit the inherit property of the parent object
to prevent everyone group from being applied by
default to all child objects
Cont
51
At the D\root can change how inherit
permissions propagate to child objects such as
our d\freebies directory.
52
You can change default inherit permissions you
assign to a parent folder. Your choice will
determine one of the above options of inheritance
of permissions.
53
Now Back to d\freebies. We have have a choice
on how permission at the folder level are
inherited to the child objects below (files and
subfolders). We can also disable inheritance of
permissions on child objects.
54
Preventing Permissions Inheritance
  • By default, subfolders and files inherit
    permissions from parent folders.
  • Clear the Allow Inheritable Permissions From
    Parent To Propagate To This Object check box.
  • Select one of the following options
  • Copy
  • Remove
  • Cancel

55
(No Transcript)
56
note
  • The folder at which you prevent permissions
    inheritance. Now becomes the new parent folder
  • . And the subfolders and files that are
    contained within it will inherit the permissions
    you assign

Stop inheritance
57
Simplify Administration of Permissions
  • Group files into application, data, and home
    folders.
  • Centralize home and public folders on one
    separate volume.
  • Assign permissions only to folders, not to files.
  • Isolate applications and the operating system on
    a different volume.
  • Back up only home and public folders.
  • Do not back up applications or the operating
    system.
  • Deny permissions only when it is essential.

58
Minimize NTFS Permission Assignments
  • Allow only the required level of access.
  • Create groups according to the access required
    for resources.
  • Assign the appropriate permissions to the group.
  • Avoid assigning permissions to individual user
    accounts.
  • Encourage users to assign permissions to the
    folders they create.

59
Assign Permissions for Data or Application
Folders
  • Assign the Read Execute permission to
  • The Users group
  • The Administrators group

60
Assign Permissions for Public Data Folders
  • Assign the Read Execute and the Write
    permissions to the Users group.
  • Assign the Full Control permission to the CREATOR
    OWNER user.

61
Default NTFS permissions
  • NTFS permissions are automatically assigned
  • When a partition is formatted with NTFS
  • When a folder or file is created in the partition
  • When a user or group accounts added to a folder

62
  • When you format a partition with NTFS
  • Windows automatically assigns the Full Control
    permissions for the root folder to the Everyone
    group.
  • Folders and files that are created on the
    partition inherit this default permissions.
  • To restrict access you must change the default
    settings.
  • default 1

63
(No Transcript)
64
Folders and files that are created on the
partition inherit this default permissions.
  • default 2

65
Folders and files that are created on the
partition inherit this default permissions.
Default settings for a created folder
66
  • When you assign a user or group to a new folder
    or file the following permissions are given by
    default
  • when adding a user or group to a folder
  • Read Execute
  • List folder contents
  • Read
  • When adding a user or group to a file
  • Read Execute
  • Read
  • default 3

67
(No Transcript)
68
(No Transcript)
69
Setting NTFS Permissions
70
Granting or Denying Special Permissions
  • In the folder Properties dialog box, click
    Advanced to display the Advanced Security
    Settings dialog box.
  • Select the user or group for which you want to
    modify the Special Permission settings, and then
    click Edit.
  • In the Permission Entry For dialog box, select
    Allow or Deny for each of the special permissions
    you want to modify.

71
special permissions
  • Traverse Folder/Execute file
  • List folder/read data
  • Read Extended Attributes
  • Create files/Write Data
  • Create folders/Append Data
  • Write Attributes
  • Write Extended Attributes
  • Delete Subfolders and Files
  • Delete
  • Read Permissions
  • Change Permissions
  • Take ownership
  • Synchronize

72
Taking Ownership
  • The current owner or a user with the Full Control
    permission can assign a user
  • The Full Control standard permission
  • The Take Ownership permission
  • That user can now take ownership of the assigned
    file or folder.
  • An administrator can take ownership of the file
    or folder regardless of the assigned permission.
  • No one, not even the owner or the administrator,
    can assign ownership of a file or folder to
    anyone else.

73
Introduction to Solving Permissions Problems
  • When you copy or move files and folders, the
    permission you set on the files or folders might
    change.
  • Specific rules control how and when permissions
    change.
  • Understanding these rules helps you solve
    permissions problems.
  • Troubleshooting these permission problems is
    important to keep resources available for the
    appropriate users and protect them from
    unauthorized users.

74
Copying Files and Folders
75
Moving Files or Folders Within a Single NTFS
Volume
  • The file or folder retains the original
    permissions.
  • You must have the Write permission for the
    destination folder.
  • You must have the Modify permission for the
    source file or folder.
  • The owner of the file or folder does not change.

76
Moving Files or Folders Between NTFS Volumes
77
(No Transcript)
78
Troubleshooting Permissions Problems
  • A user cannot gain access to a file or folder.
  • You add a user account to a group to give the
    user access to a file or folder, but the user
    still cannot gain access.
  • A user with the Full Control permission to a
    folder deletes a file in the folder and you want
    to prevent the user from deleting more files.

79
(No Transcript)
80
(No Transcript)
81
Avoiding NTFS Permissions Problems
  • Assign the most restrictive NTFS permissions.
  • Assign all permissions at the folder level.
  • For all application-executable files, assign
  • The Read Execute and Change permissions to the
    Administrators group
  • The Read Execute permission to the Users group
  • Assign the Full Control permission to CREATOR
    OWNER for public data folders.
  • Allow permissions rather than deny permissions.

82
Chapter Summary
  • NTFS permissions specify what type of access
    users and groups have to files and folders.
  • NTFS file permissions take priority over NTFS
    folder permissions.
  • Use the Security tab of the Properties dialog box
    of a file or folder to assign or modify NTFS
    permissions.
  • By default, subfolders and files inherit
    permissions from their parent folders.
  • When you copy or move files and folders, the
    permissions you set on them might change.
Write a Comment
User Comments (0)
About PowerShow.com