Lesson 4: Configuring File and Share Access Flashcards
Reasons to store files on a shared server drive instead of local workstation
Collaboration, Backup, Access Control, Simplify network shared resources, monitor disk space consumption, manage permissions (prevent users from having to do it)
3 resources provided to users in a well-designed sharing strategy
Private storage space (home folder)
Public storage space (for sharing)
Shared workspace for communal/collaborative docs
Principle of least privileges
Users should have only the privileges they need to perform their required tasks.
A users’s private storage should be ____
Private and inaccessible / invisible to other users
ReFS lacks encryption and compression but still supports ___
NTFS - style permission system
AD DS network
Network running Active Directory Domain Services
Your sharing strategy tells you
What folders will be shared
What names you will assign the share
What permissions you will grant users to the shares
What offline files settings you will use for the shares
SMB
Server message blocks. Standard file-sharing protocol used by all versions of Windows
NFS
Standard file-sharing protocol used by most Unix / Linux distros
Access-based Enumeration
Feature of file sharing that, when enabled, only allows users to see files/folders they can read, instead of listing everything.
Share Caching
Allowing contents of a share to be available to offline users.
BranchCache
Feature that when enabled allows branch cache servers to cache the contents of a shared directory locally for an offsite branch
PowerShell command to add an SMB Share
New-smbShare -Name -Path [-FullAccess ] [-ReadAccess ] [-NoAccess ]
Four permissions systems
Share permissions (folders over a network) NTFS permissions (files on a disk) Registry permissions (parts of the Windows registry) AD Permissions (Access to AD DS hierarchy)
ACL
Access control list
ACE
Access control entries – permissions within an ACL
Security Principle
The name of the user, group, or computer granted permission. Each ACE has one.
Every ACL has _____s. Every _____s has a _____
Every ECL has ACEs. Every ACE has a Security Principle
When you manage permissions in any 2012 permission system, you are actually creating/modifying ___ in a ____
ACEs in an ACL
An ACL is at the ____ level.
File / Element / Folder. — In other words, adding an ACE to an ACL changes the element wherever it’s moved. A principle that has access to a folder on one network share has the same access if the folder is moved to another network share
Additive permission strategy
Start with no permissions and then grant allow permissions to individual security principals to provide them with the access they need.
Subtractive permission strategy
Start with all allow permissions and then grant deny
Permission inheritance
Permissions tend to run downward through a hierarchy. Parent elements pass their permissions down to their subordinate elements
How do you prevent subordinate elements from inheriting permissions from their parents?
Turn off inheritance
Deny permissions
