9-13Lesson 1 Introduction to Shared Folders
Manage Users That Are Connected to Shared Folders
To view the users that are connected to the server, expand the Shared Folders node in
Computer Management and then select the Sessions folder. Occasionally, you might
need to disconnect users from the computer so that you can perform maintenance
tasks on hardware or software. To disconnect users from the server, do one of the fol-
lowing:
■ To disconnect a single user, right-click the user name in the Sessions folder, and
then select the Close Session option from the action menu.
■ To disconnect all users from the server, right-click the Sessions folder, and then
select the Disconnect All Sessions option from the action menu.
To view users that have shared files and folders open, under Shared Files, select the
Open Files option. The details pane displays the files and folders that are currently in
use on the server. This information is valuable if you are trying to work with a shared
folder or file and need to know who is currently accessing the resource so that you can
ask that person to disconnect.
Guidelines for Shared Folder Permissions
The following list provides some general guidelines for managing your shared folders
and assigning shared folder permissions:
■ Determine which groups need access to each resource and the level of access that
they require. Document the groups and their permissions for each resource.
■ Assign permissions to groups instead of user accounts to simplify access adminis-
tration.
■ Assign to a resource the most restrictive permissions that still allow users to per-
form required tasks. This practice is known as the principle of least privilege.
For example, if users only need to read information in a folder and they will never
delete or create files, assign the Read permission.
■ Organize resources so that folders with the same security requirements are located
within a folder. For example, if users require Read permission for several applica-
tion folders, store those folders within the same folder. Then share this folder
instead of sharing each individual application folder.
■ Use intuitive share names so that users can easily recognize and locate resources.
For example, for the Application folder, use Apps for the share name. You should
also use share names that all client operating systems can use.
Table 9-5 describes share and folder naming conventions for different client computer
operating systems.
Table 9-5 Client Computer Operating Systems and Share Name Length
Operating System Share Name Length
Windows 2000 and later 80 characters
Windows NT, Windows 98, and Windows 95 12 characters
MS-DOS, Windows 3.x, and Windows for Workgroups 8.3 characters
Windows XP Professional provides 8.3-character equivalent names, but the resulting
names might not be intuitive to users. For example, a Windows XP Professional folder
named Accountants Database would appear as Accoun~1 on client computers running
MS-DOS, Windows 3.x, and Windows for Workgroups.
Real World Shared Folder Permissions on Large Networks
On small networks, you are likely to find that either Simple File Sharing or shared
folder permissions are used to control access to files and folders on the network.
Even when drives are formatted with the NTFS file system, most people on small
networks just do not use NTFS permissions.
On large company networks, you find just the opposite. Administrators typically
rely on NTFS permissions and leave the default shared folder permissions (or
remove the Everyone group and provide the Users group full access) in place
because NTFS permissions do a much better job of securing data. Because of the
way that shared folder permissions and NTFS permissions interact, NTFS permis-
sions secure data for both local and network access. Adding shared folder permis-
sions is really unnecessary and in fact complicates the permissions that
administrators must work with. The exception to this is on computers running
older versions of Windows (for example, Windows 98 or Windows Me) that do not
support the NTFS file system; these systems must use shared folder permissions if
their data is to be shared on the network.
Practice: Managing Shared Folders
In this practice, you will determine the effective shared permissions of users, share a
folder, create an additional share name for a shared folder, and stop the sharing of a
folder.
Bạn đang xem 9 - - MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 - 270 PHẦN 4 DOC