8-15Lesson 2 Assigning NTFS Permissions and Special Permissions
the owner of the file. The owner of a file can grant another user permission to take
ownership of the file. This grants users the ability to read and modify documents
that other users create (and the ability to read, modify, and delete the files and
folders that they create).
■ Do not make denying permissions a part of your permissions plan. Deny permis-
sions only when it is essential to deny specific access to a specific user account or
group.
■ Encourage users to assign permissions to the files and folders that they create and
teach them how to do so.
Real World Managing Permissions Structures
The availability of so many different permissions often lures administrators into
creating permission structures that are much more complicated than necessary. In
addition to following the guidelines set out in this chapter (such as applying per-
missions to folders instead of files, and assigning permissions to groups instead of
user accounts), you can make a permissions structure more manageable by doing
the following:
■ For most companies, you will want to err on the side of being too secure.
Make it a practice to lock everything down with permissions and then grant
access only to those that need it. Also, grant only the level of permission that
users need. It is often tempting to grant Full Control to users just to avoid
complaints from those users about not being able to perform tasks, but avoid
that temptation. On smaller networks, you might want to take an opposite
approach—one in which you allow access to everything and then secure
only those resources that need to be secured.
■ Document your security decisions and encourage users to do so, as well.
You should record which folders and files have which permissions, and
make notes on why you made the decision. Although it seems an extra bur-
den (and does require more work upfront), this documentation is invaluable
when the time comes to change or troubleshoot the permissions structure.
Practice: Planning and Assigning NTFS Permissions
In this practice, you will plan NTFS permissions for folders and files based on a busi-
ness scenario. Then you will apply NTFS permissions for folders and files on your com-
puter running Windows XP Professional in a workgroup environment, based on a
second scenario. Finally, you will test the NTFS permissions that you set up to make
sure that they are working properly.
Complete the following six exercises, and answer any questions that are asked. You
can find answers to these questions in the “Questions and Answers” section at the end
of this chapter.
Bạn đang xem 8 - - MICROSOFT WINDOWS XP PROFESSIONAL EXAM 70 270 PHẦN 4 PPT