Understand File Allocation Table FAT

1
Goals

• Understand File Allocation Table (FAT)
• Understand NTFS
• Compress and encrypt data on an NTFS Volume
• Assign shared folder permissions
• Set NTFS permissions
• Set special access permissions
• Troubleshoot permissions
• Understand Distributed File System
• Manage a Dfs Root

2
(Skill 1)
Introducing File Allocation Table (FAT)

• FAT (File Allocation Table) is an older file
  system that can be read and accessed by most
  operating systems such as DOS, Windows
  3.x,Windows 9.x,Windows NT, Windows 2000, Windows
  XP, and Windows Server 2003.
• It allocates storage space to files by setting up
  allocation units on a hard disk.
• An allocation unit, also known as a cluster, is
  the smallest unit for allocating storage space on
  a partition or volume.

3
(Skill 1)
Introducing File Allocation Table (FAT)
Figure 5-1 FAT file system
4
(Skill 1)
Introducing File Allocation Table (FAT) (2)

• There are two primary versions of the FAT file
  system FAT16 and FAT32
• The FAT16 file system
• Supports partitions of up to 4 GB in size.
  However, only Windows NT, Windows 2000, Windows
  XP, and Windows Server 2003 support FAT16
  partitions larger than 2 GB.
• Is efficient on small-sized partitions of up to
  256 MB.
• Supports dual booting by all Microsoft operating
  systems.
• Provides only folder-level security.
• The newer version of FAT, FAT32, is similar to
  FAT16, except for the fact that it supports
  large-sized partitions of up to 2 TB (2047 GB) in
  size.

5
(Skill 1)
Introducing File Allocation Table (FAT)
Figure 5-2 The FAT file system
6
(Skill 2)
Introducing NTFS

• Formatting a partition with the NTFS file system
  provides the following advantages
• Reliability NTFS is a recoverable file systems
  in which volumes can be created that do not
  result in data loss in the event of a server
  crash or power failure.
• Security NTFS allows you to secure data by
  setting up permissions to control user access to
  files and folders.
• Long file names NTFS natively allows file names
  to be up to 256 characters in length.
• Efficiency NTFS is required in order to use
  certain features, such as Active Directory, which
  is used to store and manage network resources
  efficiently.
• Faster access NTFS minimizes the number of disk
  accesses required to find a file, thereby
  providing faster access speed than other file
  systems.

7
(Skill 3)
Compressing and Encrypting Data on an NTFS Volume

• Volumes formatted with the NTFS file system
  provide built-in features that are not supported
  by FAT such as data compression, which is used to
  increase available storage on a hard disk.
• In NTFS volumes, you can compress only specific
  files and folders or the entire volume. When you
  add a new file or folder to a compressed folder,
  it will be compressed automatically.
• Data encryption is a security technique that
  attempts to ensure the confidentiality of a
  document by scrambling it using an encryption
  key.
• Note You can not combine encryption and
  compression.

8
(Skill 3)
Compressing and Encrypting Data on an NTFS Volume
Click to open the Advanced Attributes dialog box
Figure 5-4 The Properties dialog box
9
(Skill 3)
Compressing and Encrypting Data on an NTFS Volume
Figure 5-5 Advanced Attributes dialog box with
compression enabled
10
(Skill 3)
Compressing and Encrypting Data on an NTFS Volume
Figure 5-6 Confirm Attribute Changes dialog box
11
(Skill 3)
Compressing and Encrypting Data on an NTFS Volume
Figure 5-7 Advanced Attributes dialog box with
encryption enabled
12
(Skill 4)
Assigning Shared Folder Permissions

• You can assign the following types of shared
  folder permissions
• Read Allows users to view file and folder names,
  execute program files, and navigate within the
  shared folder.
• Change Allows users to add files to the shared
  folder, create new folders within it, and modify
  the content and attributes of the files. Users
  can also delete files and folders and execute all
  of the tasks included in the Read permission.
• Full Control Allows users to modify file
  permissions, take file ownership, and perform all
  of the tasks allowed by the Change permission.

13
(Skill 4)
Assigning Shared Folder Permissions
You can also set the number of consecutive
connections that are allowed access to the share
at any one time by selecting Allow this number of
users and typing in the amount of user
connections.
Figure 5-8 Sharing a folder
14
(Skill 4)
Assigning Shared Folder Permissions
Figure 5-9 Adding a user account
15
(Skill 4)
Assigning Shared Folder Permissions
As a best practice, remove the everyone group,
assign Administrators Full Control, and assign
Users or Groups Change permissions.
Figure 5-10 Assigning shared folder permissions
16
Effective Permissions
(Skill 4)

• A user can be a member of multiple groups, each
  with different permissions that provide different
  levels of access to a shared folder.
• Effective permissions are the combination of the
  user and group permissions.

17
Copied, Moved, or Renamed Shared Folders
(Skill 4)

• When a shared folder is copied, the original
  shared folder is still shared, but the copy is
  not shared.
• When a shared folder is moved or renamed, it is
  no longer shared.

18
Administrative Shared Folders
(Skill 4)

• Automatically shared folders are appended with a
  dollar sign ().
• The hides the shared folder from users who
  browse the computer.
• The root of each volume, the system root folder,
  and the location of the printer drivers are all
  hidden shared folders that can be accessed from
  across the network.
• Hidden shared folders are not limited to those
  that the system automatically creates.
• Additional folders can be shared and a can be
  appended to the end of the share name.
• Only users who know the folder name and possess
  proper permissions can gain access to the hidden
  folder.

19
Windows 2003 Administrative Shared Folders
(Skill 4)

• C, D, E, and so on The root of each volume on
  a hard disk
• Admin The system root folder, which is
  C\Windows by default
• Print The printer drivers folder,
  systemroot\System32\Spool\Drivers

20
(Skill 5)
Setting NTFS Permissions

• NTFS permissions enable you to secure network
  resources by controlling the level of access to
  files and folders for each user.
• Standard NTFS folder permissions include
• Read
• Write
• List Folder Contents
• Read Execute
• Modify
• Full Control

21
Setting NTFS Permissions

• Standard NTFS file permissions include
• Read
• Write
• Read Execute
• Modify
• Full Control

22
Setting NTFS Permissions

• When you apply permissions to a drive or folder,
  you are also applying those permissions to all
  files and folders underneath it, by default
• Guidelines for assigning NTFS permissions
• Create folders to organize data into categories
• Always assign users the lowers level of
  permissions required for them to perform their
  jobs
• Assign the Read and Write permissions to the
  Users group
• Avoid assigning the Full Control Permission for a
  folder
• Deny permissions sparingly
• Assign permissions to groups rather than to
  individual user accounts

23
(Skill 5)
Setting NTFS Permissions
Figure 5-11 Advanced Security Settings dialog box
24
(Skill 5)
Setting NTFS Permissions (2)

• Other important factors to understand
• NTFS permissions can be inherited
• Assign multiple NTFS permissions
• NTFS file permissions override NTFS folder
  permissions
• A denied permission overrides an allowed
  permission

25
(Skill 5)
Setting NTFS Permissions
The Read Execute,List Folder Contents,and Read
NTFS permissions are assigned to user accounts by
default
Figure 5-12 Assigning the Write Permission
26
(Skill 6)
Setting Special Access Permissions

• The standard NTFS permissions should suffice in
  most cases, but occasionally, you may need to add
  a special level of permissions.
• You can set and view special permissions in the
  Advanced Security Settings for ltfile_name
  /folder_name gt dialog box from within the file
  properties. This dialog box gives you access to
  all possible permissions available for a file or
  folder.
• It is typically recommended that you do not
  configure special permissions unless absolutely
  necessary because setting special permissions can
  make it difficult to determine the level of
  access assigned to a user.

27
(Skill 6)
Setting Special Access Permissions
Figure 5-13 The Security tab in the Properties
dialog box for a file or folder
28
(Skill 6)
Setting Special Access Permissions
Figure 5-15 The entry for Jennifer Johnson
29
(Skill 6)
Setting Special Access Permissions
Figure 5-16 Giving Jennifer the Change
Permissions permission
30
Combining Share and NTFS Security
(Skill 6)
31
Combining Share and NTFS Permissions
(Skill 6)

• Sharing folders provides network users with
  access to resources.
• If a FAT volume is being used, the shared folder
  permissions are all that is available to provide
  security for the folders shared and the
  subfolders and files they contain.
• If an NTFS volume is being used, NTFS permissions
  can be assigned to individual users and groups to
  better control access to the files and subfolders
  in the shared folders.
• When shared folder permissions are combined with
  NTFS permissions, the more restrictive permission
  is always the overriding permission.

32
Evaluating Effective Permissions
(Skill 6)
33
(Skill 7)
Troubleshooting Permissions

• If a user is not able to gain access to files and
  folders
• Verify that permissions have been assigned to the
  user account and check to see if any permission
  denials which are overriding the assigned
  permissions have been entered.
• Check for permissions and denials assigned to
  groups to which the user is a member
• If the resource is remote, check both shared
  folder and NTFS permissions.
• Make sure the access token as been updated
• Use the Effective Permissions tab on the Advanced
  Security Settings for ltfile_name/folder_name
  gtdialog box to query the file system and group
  memberships for a user to determine the effective
  permissions the user has, taking all of the user
  s group memberships into account.

34
(Skill 7)
Troubleshooting Permissions
Figure 5-18 Jennifer Johnsons effective
permissions
35
(Skill 8)
Introducing Distributed File System

• Distributed file system (Dfs) allows users to
  locate files and folders spread across the
  network quickly and easily.
• A Distributed file system (Dfs) topology consists
  of a hierarchical structure that includes a Dfs
  root, one or more Dfs links, and one or more Dfs
  shared folders, or replicas, to which each Dfs
  link points.
• One server or domain is chosen as the Dfs root. A
  Dfs root is stored on this physical server
  running the Dfs service.
• A Dfs root is a local share that acts as the
  starting point and host to other shared resources.

36
(Skill 8)
Introducing Distributed File System
Figure 5-19 Dfs links
37
(Skill 8)
Introducing Distributed File System (2)

• You can configure the following two types of Dfs
  roots
• Stand-alone A stand-alone Dfs root is configured
  locally on a computer and stores all of the
  information in the local Registry. It consists of
  only a single level of Dfs links and does not
  provide data backup or replication.
• Domain A domain Dfs root is also known as a
  fault-tolerant root and is integrated with Active
  Directory.

38
(Skill 8)
Introducing Distributed File System (3)

• The advantages of using Dfs are as follows
• Easy access to network resources
• Simplified network administration
• Support for fault tolerance and load balancing
• Support for network permissions
• Integration with Internet Information Services
  (IIS)

39
(Skill 8)
Introducing Distributed File System
Figure 5-20 Selecting the root type
40
(Skill 8)
Introducing Distributed File System
Figure 5-21 Specifying the Dfs root name
41
(Skill 8)
Introducing Distributed File System
Figure 5-22 Completing the New Root Wizard
42
(Skill 8)
Introducing Distributed File System
Figure 5-23 New Dfs Root in the Distributed File
System console
43
(Skill 8)
Introducing Distributed File System
A working Dfs shared folder will be displayed
with a green check mark in a white circle on its
folder icon,and a disconnected shared folder will
be displayed with a white x in a red circle
Figure 5-24 Checking the status of a Dfs root
44
(Skill 9)
Managing a Dfs Root

• Network administrators will periodically need to
  perform the following functions
• Adding and removing Dfs linksYou may be required
  to add more Dfs links to expand the Dfs topology.
• Disabling and enabling a Dfs linkOccasionally,you
  may need to disable a Dfs link when you do not
  need it for a period of time or if you must
  temporarily restrict users from accessing some
  shared files.You can reactivate the Dfs link
  whenever it is required.

45
(Skill 9)
Managing a Dfs Root
Figure 5-25 Creating a new Dfs link
46
(Skill 9)
Managing a Dfs Root
Figure 5-26 Specifying the time duration for
storing the Dfs link
47
(Skill 9)
Managing a Dfs Root
Figure 5-27 The new Dfs link