COPYING AND MOVING FOLDERS TO CREATE A FOLDER WHILE LOGGED ON AS A USE...

Question

9-13Lesson 1 Introduction to Shared FoldersManage Users That Are Connected to Shared FoldersTo view the users that are connected to the server, expand the Shared Folders node inComputer Management and then select the Sessions folder. Occasionally, you mightneed to disconnect users from the computer so that you can perform maintenancetasks on hardware or software. To disconnect users from the server, do one of the fol-lowing:■ To disconnect a single user, right-click the user name in the Sessions folder, andthen select the Close Session option from the action menu.■ To disconnect all users from the server, right-click the Sessions folder, and thenselect the Disconnect All Sessions option from the action menu.To view users that have shared files and folders open, under Shared Files, select theOpen Files option. The details pane displays the files and folders that are currently inuse on the server. This information is valuable if you are trying to work with a sharedfolder or file and need to know who is currently accessing the resource so that you canask that person to disconnect.Guidelines for Shared Folder PermissionsThe following list provides some general guidelines for managing your shared foldersand assigning shared folder permissions:■ Determine which groups need access to each resource and the level of access thatthey require. Document the groups and their permissions for each resource.■ Assign permissions to groups instead of user accounts to simplify access adminis-tration.■ Assign to a resource the most restrictive permissions that still allow users to per-form required tasks. This practice is known as the principle of least privilege.For example, if users only need to read information in a folder and they will neverdelete or create files, assign the Read permission.■ Organize resources so that folders with the same security requirements are locatedwithin a folder. For example, if users require Read permission for several applica-tion folders, store those folders within the same folder. Then share this folderinstead of sharing each individual application folder.■ Use intuitive share names so that users can easily recognize and locate resources.For example, for the Application folder, use Apps for the share name. You shouldalso use share names that all client operating systems can use.Table 9-5 describes share and folder naming conventions for different client computeroperating systems.Table 9-5 Client Computer Operating Systems and Share Name LengthOperating System Share Name LengthWindows 2000 and later 80 charactersWindows NT, Windows 98, and Windows 95 12 charactersMS-DOS, Windows 3.x, and Windows for Workgroups 8.3 charactersWindows XP Professional provides 8.3-character equivalent names, but the resultingnames might not be intuitive to users. For example, a Windows XP Professional foldernamed Accountants Database would appear as Accoun~1 on client computers runningMS-DOS, Windows 3.x, and Windows for Workgroups.Real World Shared Folder Permissions on Large NetworksOn small networks, you are likely to find that either Simple File Sharing or sharedfolder permissions are used to control access to files and folders on the network.Even when drives are formatted with the NTFS file system, most people on smallnetworks just do not use NTFS permissions.On large company networks, you find just the opposite. Administrators typicallyrely on NTFS permissions and leave the default shared folder permissions (orremove the Everyone group and provide the Users group full access) in placebecause NTFS permissions do a much better job of securing data. Because of theway that shared folder permissions and NTFS permissions interact, NTFS permis-sions secure data for both local and network access. Adding shared folder permis-sions is really unnecessary and in fact complicates the permissions thatadministrators must work with. The exception to this is on computers runningolder versions of Windows (for example, Windows 98 or Windows Me) that do notsupport the NTFS file system; these systems must use shared folder permissions iftheir data is to be shared on the network.Practice: Managing Shared FoldersIn this practice, you will determine the effective shared permissions of users, share afolder, create an additional share name for a shared folder, and stop the sharing of afolder.

COPYING AND MOVING FOLDERS TO CREATE A FOLDER WHILE LOGGED ON AS A USE...

Manage Users That Are Connected to Shared Folders

To view the users that are connected to the server, expand the Shared Folders node in

Computer Management and then select the Sessions folder. Occasionally, you might

need to disconnect users from the computer so that you can perform maintenance

tasks on hardware or software. To disconnect users from the server, do one of the fol-

lowing:

To disconnect a single user, right-click the user name in the Sessions folder, and

then select the Close Session option from the action menu.

To disconnect all users from the server, right-click the Sessions folder, and then

select the Disconnect All Sessions option from the action menu.

To view users that have shared files and folders open, under Shared Files, select the

Open Files option. The details pane displays the files and folders that are currently in

use on the server. This information is valuable if you are trying to work with a shared

folder or file and need to know who is currently accessing the resource so that you can

ask that person to disconnect.

Guidelines for Shared Folder Permissions

The following list provides some general guidelines for managing your shared folders

and assigning shared folder permissions:

Determine which groups need access to each resource and the level of access that

they require. Document the groups and their permissions for each resource.

Assign permissions to groups instead of user accounts to simplify access adminis-

tration.

Assign to a resource the most restrictive permissions that still allow users to per-

form required tasks. This practice is known as the principle of least privilege.

For example, if users only need to read information in a folder and they will never

delete or create files, assign the Read permission.

Organize resources so that folders with the same security requirements are located

within a folder. For example, if users require Read permission for several applica-

tion folders, store those folders within the same folder. Then share this folder

instead of sharing each individual application folder.

Use intuitive share names so that users can easily recognize and locate resources.

For example, for the Application folder, use Apps for the share name. You should

also use share names that all client operating systems can use.

Table 9-5 describes share and folder naming conventions for different client computer

operating systems.

Client Computer Operating Systems and Share Name Length

Operating System Share Name Length

Windows 2000 and later 80 characters

Windows NT, Windows 98, and Windows 95 12 characters

MS-DOS, Windows 3.x, and Windows for Workgroups 8.3 characters

Windows XP Professional provides 8.3-character equivalent names, but the resulting

names might not be intuitive to users. For example, a Windows XP Professional folder

named Accountants Database would appear as Accoun~1 on client computers running

MS-DOS, Windows 3.x, and Windows for Workgroups.

Real World Shared Folder Permissions on Large Networks

On small networks, you are likely to find that either Simple File Sharing or shared

folder permissions are used to control access to files and folders on the network.

Even when drives are formatted with the NTFS file system, most people on small

networks just do not use NTFS permissions.

On large company networks, you find just the opposite. Administrators typically

rely on NTFS permissions and leave the default shared folder permissions (or

remove the Everyone group and provide the Users group full access) in place

because NTFS permissions do a much better job of securing data. Because of the

way that shared folder permissions and NTFS permissions interact, NTFS permis-

sions secure data for both local and network access. Adding shared folder permis-

sions is really unnecessary and in fact complicates the permissions that

administrators must work with. The exception to this is on computers running

older versions of Windows (for example, Windows 98 or Windows Me) that do not

support the NTFS file system; these systems must use shared folder permissions if

their data is to be shared on the network.

Practice: Managing Shared Folders

In this practice, you will determine the effective shared permissions of users, share a

folder, create an additional share name for a shared folder, and stop the sharing of a

folder.

Bạn đang xem 9 - - MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 - 270 PHẦN 4 DOC