File resource and sharing

Question 1

What is file sharing?

Answer 1

Presenting File resources to the network

• client application is responsible for opening /closing and reading/writing the files
• securing access to those resources
• grant only permission required for users to complete task
• Principle of least privilege

Question 2

What is a share?

Answer 2

A folder that has been presented to the network for remote access
- protocol: Microsoft server message block (SMB)
Shares the addresses by using Universal naming convention (UNC)
eg:
\server_name\sharename[\sub_directory]
\fs01d.conestoga.on.ca\staf\jdickson

Question 3

How to Secure a share?

Answer 3

Shares have permissions
- read, change, full control - allow/deny
- only permissions applicable to FAT
- Combines with NTFS permissions on NTFS volumes
- deny overrides allowed
Permissions accumulate if user is member of multiple groups
- explicit user permissions override group

Question 4

How to plan shares?

Answer 4

Plan who needs what access to what resources carefully
•Good planning reduces many long term admin headaches
•Share only what is required

Question 5

Creating a share?

Answer 5

File and Services role provisioning wizard
•Change folder properties
•Follow wizard to create share and set permissions
•Do not use share-with wizard -very limited controls meant for standard users

Question 6

Connecting to a Share?

Answer 6

Enter UNC name in File Browser address bar

•Map a UNC path to a drive letter

Question 7

What are NTFS Permissions?

Answer 7

• Permissions that grant or revoke access to file system objects stored on NTFS volumes
• Permissions may be allowed or denied
• Permissions may be assigned to users or groups where group members acquire the permission
• Permissions accumulate for users who are members of multiple groups

Question 8

NTFS Permission Assignment

Answer 8

• Defining a permission and linking to a security principal is an Access Control Entry (ACE)
• All ACEs defined on a single file system object comprise the Access Control List (ACL)

Question 9

How to make NTFS Permissions?

Answer 9

• In File Browser:

* right-click object -> Properties -> Security tab

Question 10

Planning NTFS Permissions?

Answer 10

• Good planning results in fewer long term admin headaches
• Use principle of least privilege
• Start with minimal permissions at the root and add
• Map user access requirements to resources
• Use groups!
• Do not break inheritance!
• Do not use deny

Question 11

Available Permissions

Answer 11

• 17 advanced permissions (atomic)
• Typically use standard/basic permissions (pre-defined groups of basic permissions)
• Can adjust permission scope

Question 12

What is Inheritance?

Answer 12

• All NTFS permissions are inherited by subordinate objects
• Plan well and inheritance is your friend
• Inheritance can be broken -DON’T!!!
• Only break inheritance when establishing a new directory structure

Question 13

Ownership

Answer 13

• All objects are owned by a user -generally the user who created the object
• Administrators can assign ownership to another user
• Owners always retain the permission to change permission
• Administrators can always take ownership

Question 14

Effective Permissions

Answer 14

• Permission user actually has to an object
• Accumulated permissions based on group ownership
• Deny overrides allow
• Explicit user permissions override group

Question 15

Common Use Cases

Answer 15

• Exclusive use
• Public with team managed content
• Collaborative with all team members having read/write to all content
• Collaborative with all team members having read to all content and read/write to their content

Question 16

Exclusive Use

Answer 16

• Single user gets read/write
• No other access
• Typical for folder redirection or home directories
• Network access via this share
• Use ABE
• Break inheritance on shared directory•Users get read/write on their own directory

Question 17

Publications?

Answer 17

All users get read to all content
•Assigned team members get read/write to maintain content
Share parent directory
•Network access via this share
•Break inheritance on shared directory
•All users get read on parent directory
•Designated team members get read/write on team directory

Question 18

Collaboration- all write

Answer 18

Team members get read/write to all team content
•Managers get read to all content
•No other access
•Network access via this share
•Use ABE
•Break inheritance on shared directory
•Managers get read on shared directory
•Team members get read/write on team directory

Question 19

Collaboration -All Read

Answer 19

• Team members get read to all team content
• Team member can create content in their team folder
• Content owner gets read/write
• Managers get read to all content
• No other access
• Network access via this share
• Use ABE
• Break inheritance on shared directory
• Managers get read on shared directory
• Team members get read on team directory and subordinates
• Team members get read/write on team directory only