MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

MCITP Guide to Microsoft Windows Server 2008 Server

Administration (Exam #70-646)

Chapter 5

Configuring, Managing, and Troubleshooting Resource Access

MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

2

Learning Objectives

• Set up security for folders and files

• Configure shared folders and shared folder security

• Install and set up the Distributed File System

• Configure disk quotas

• Implement UNIX compatibility

Managing Folder and File Security

• Steps for sharing resources– Creating accounts and groups– Create access control lists (ACLs)

• Types of ACLs – Discretionary ACL (DACL)

• Configured by a server administrator or owner of an object

– System control ACL (SACL) • Contains information used to audit the access to an

object


3

Managing Folder and File Security (cont’d.)

• DACL and SACL controls for folders and files– Attributes– Permissions– Auditing– Ownership


4

Configuring Folder and File Attributes

• Attributes – Stored as header information with each folder and file– Along with other characteristics including volume

label, designation as a subfolder, date of creation, and time of creation

• Read-only and hidden attributes– Set on General tab in an NTFS folder’s or file’s

properties dialog box

• Advanced attributes – Archive, index, compress, and encrypt


5

Configuring Folder and File Attributes (cont’d.)


6

Figure 5-1 Attributes of a folder on an NTFS formatted diskCourtesy Course Technology/Cengage Learning


• Archive attribute– Checked to indicate that the folder or file needs to be

backed up because it is new or changed

• Index Attribute vs. Windows Search Service – Index attribute and accompanying Indexing Service

are legacy features for continuity with earlier operating systems


7


• Windows Search Service– Install the File Services role via Server Manager

• Indexed files include:– Files in the Documents folder for an account– e-mail files – Photos and multimedia files– Files that are commonly accessed

• Maintain Windows Search Service through Control Panel


8



9

Figure 5-3 Configuring advanced indexing optionsCourtesy Course Technology/Cengage Learning


• Compress Attribute– Reduce the amount of disk space used for files– Disadvantage of compressed files is increased CPU

overhead to open the files and to copy them

• Encrypt Attribute– Only user who encrypts folder or file is able to read it


10


• Microsoft Encrypting File System (EFS)– Sets up a unique, private encryption key associated

with the user account that encrypted the folder or file– Uses both symmetric and asymmetric encryption

techniques

• Activity 5-1: Encrypting Files– Objective: Encrypt files in a folder


11

Configuring Folder and File Permissions

• Permissions– Control access to an object,

such as a folder or file

• Use Edit button on the folder properties Security tab – Change which groups and

users have permissions to a folder


12

Figure 5-4 Configuring folder permissionsCourtesy Course Technology/Cengage Learning

Configuring Folder and File Permissions (cont’d.)


13

Table 5-1 NTFS folder and file permissions


• Activity 5-2: Configuring Folder Permissions– Objective: Configure permissions on a folder so that

users can modify its contents

• Inherited permissions– Parent object permissions apply to child object

• Activity 5-3: Removing Inherited Permissions– Objective: Remove inherited permissions on a folder

• Activity 5-4: Configuring Special Permissions– Objective: Configure special permissions for a folder

to grant a group expanded access


14



15

Figure 5-5 Advanced Security Settings dialog boxCourtesy Course Technology/Cengage Learning


16

Table 5-2 NTFS folder and file special permissions

Configuring Folder and File Auditing

• Auditing– Track activity on a folder or file, such as read or write

activity

• NTFS folders and files – Audit combination of any or all of activities listed as

special permissions

• Activity 5-5: Auditing a Folder– Objective: Configure auditing on a folder to monitor

how it is accessed and who is making changes to the folder


17

Configuring Folder and File Auditing (cont’d.)


18

Figure 5-8 Folder auditing selectionsCourtesy Course Technology/Cengage Learning

Configuring Folder and File Ownership

• Folders– Owned by the account that creates them

• Owners have ability to change permissions for folders they create

• Taking ownership– Transfer ownership– Administrator can always take ownership


19

Configuring Folder and File Ownership (cont’d.)


20

Figure 5-9 Taking ownership of a folderCourtesy Course Technology/Cengage Learning

Configuring Shared Folders and Shared Folder Permissions

• Shared folder – Users can access over the network

• Changed in Windows Server 2008 from previous versions – Make person offering share more aware of security

options

• Activity 5-6: Enabling Sharing a Folder– Objective: Turn on file sharing and public folder

sharing


21

Configuring Shared Folders and Shared Folder Permissions (cont’d.)


22

Figure 5-10 File Sharing dialog boxCourtesy Course Technology/Cengage Learning



23

Figure 5-11 Sharing tabCourtesy Course Technology/Cengage Learning


• Share permissions for an object – Differ from the NTFS access permissions set through

the Security tab– NTFS and share permissions are cumulative

• Four share permissions associated with a folder– Reader– Contributor– Co-owner– Owner


24


• Folder caching options– Only the files and programs that users specify will be

available offline– All files and programs that users open from the share

will be automatically available offline– Files or programs from the share will not be available

offline

• Activity 5-7: Configuring a Shared Folder– Objective: Configure a shared folder, share

permissions, and offline access


25

Publishing a Shared Folder in Active Directory

• Publish an object – Make it available for users to access when they view

Active Directory contents

• Directory Service Client (DSClient)– Software that enables older operating systems to

search Active Directory

• Activity 5-8: Publishing a Shared Folder– Objective: Publish a shared folder in Active Directory


26

Troubleshooting a Security Conflict

• Review folder and share permissions for:– User account – All of the groups to which user belongs

• Effective Permissions tab – Helps troubleshoot permissions conflicts– To access:

• Right-click a folder or file, click Properties, click the Security tab, click the Advanced button, and click the Effective Permissions tab


27

Troubleshooting a Security Conflict (cont’d.)

• Take into account what happens when a folder or files in a folder are copied or moved

• Activity 5-9: Troubleshooting Permissions– Objective: View the effective permissions on a folder


28


29

Figure 5-13 Examining effective permissions as a troubleshooting aidCourtesy Course Technology/Cengage Learning

Implementing a Distributed File System

• Distributed File System (DFS) – Simplify access to the shared folders on a network

• By setting up folders to appear as though they are accessed from only one place

– Makes managing folder access easier for server administrators

– Configured using the DFS Management tool in the Administrative Tools menu

– Shared folder contents can be replicated to one or more DCs or member servers


30

Implementing a Distributed File System (cont’d.)

• Advantages– Save time searching– NTFS access permissions apply– Fault tolerance– Load balancing– Improved access for Web-based internet and intranet– Backups made more easily– Important information is not lost when a disk drive on

one server fails– Users always have access to shared folders even in

the event of a disk failureMCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

31

DFS Models

• Stand-alone – No Active Directory implementation available to help

manage the shared folders– Provides only a single or flat level share

• Domain-based– Takes full advantage of Active Directory – Available only to servers and workstations that are

members of a domain


32

DFS Topology

• Hierarchical structure of DFS in domain-based model

• Namespace root – Main container in Active Directory – Holds links to shared folders that can be accessed

from the root– Populated by shared folders for users to access

• Replication group – Set of shared folders replicated or copied to one or

more servers in a domain


33

Installing DFS

• Installed as a service within the File Services role


34

Figure 5-14 Selecting to install DFSCourtesy Course Technology/Cengage Learning


35

Figure 5-15 Configuring the namespace typeCourtesy Course Technology/Cengage Learning

Installing DFS (cont’d.)

• Activity 5-10: Creating a Namespace Root– Objective: Configure a namespace root


36

Managing a Domain-Based Namespace Root System

• Tasks involved in managing the namespace root– Creating a folder in a namespace– Delegating management– Tuning a namespace– Deleting a namespace root– Using DFS replication


37

Managing a Domain-Based Namespace Root System (cont’d.)

• Creating a Folder in a Namespace– Folder target is a path in the Universal Naming

Convention (UNC) format– Universal Naming Convention (UNC)

• Naming convention that designates network servers, computers, and shared resources

• Activity 5-11: Adding a Folder and Folder Target in DFS– Objective: Add a folder in DFS


38


• Delegating Management– Day-to-day activities can be managed by an assistant

or by another person– Right-click namespace and click Delegate

Management Permissions

• Tuning a Namespace– Configure the order for referrals– Configure cache duration for a namespace or folder– Configure namespace polling– Configure folder targets as enabled or disabled


39


• Deleting a Namespace Root– Delete namespace root via the DFS Management tool – Click namespace root and click Delete

• Using DFS Replication– Defined two or more folder targets– Decide which server is to be the primary group

member– Click a folder under the namespace root in the tree of

the DFS Management tool– Replication is handled by the File Replication Service


40


• Important improvements to DFS replication– Enables faster and more reliable recovery– Faster for all sizes of files– More efficient over LANs and WANs


41

Configuring Disk Quotas

• Advantages of disk quotas– Prevent users from filling the disk capacity– Encourage users to help manage disk space– Track disk capacity needs– Provide server administrators with information about

when users are nearing or have reached their quota limits

• Quotas can be set on any local or shared volume


42

Configuring Disk Quotas (cont’d.)

• Parameters– Enable quota management– Deny disk space to users exceeding quota limit– Do not limit disk usage– Limit disk space to– Set warning level to– Log event when a user exceeds their quota limit– Log event when the user exceeds their warning level


43

Configuring Disk Quotas (cont’d.)

• Activity 5-12: Configuring Disk Quotas– Objective: Enable disk quotas and then set a disk

quota for a specific group of users


44

Using UNIX Interoperability in Windows Server 2008

• Subsystem for UNIX-based Applications (SUA) – Provides compatibility with UNIX and Linux systems

• SUA functionality– Run UNIX/Linux applications with few or no changes

to the program source code.– Run UNIX/Linux scripts– Use popular UNIX/Linux shells– Run most UNIX/Linux commands– Run the popular vi UNIX/Linux editor


45

Using UNIX Interoperability in Windows Server 2008 (cont’d.)

• Compiler – Program that reads lines of program code in a source

file and converts the code into machine-language instructions the computer can execute

• Script – Consists of lines of commands that are executed

when you run the script

• Shell– Interface between the user and the operating system– Korn or C shell


46


• Dynamic-link library (DLL)– Contain program code that can be called and run by

Windows applications

• Server for Network Information Services– Provides a naming system for shared resources on a

UNIX/Linux network


47


• New features for SUA– More transparent ability for UNIX/Linux applications to

connect to Oracle and SQL Server databases– Inclusion of true 64-bit libraries– New utilities– Use Microsoft Visual Studio for designing UNIX/Linux

applications


48


49

Summary

• Discretionary access control lists – Manage access to resources

• Folder and file attributes provide one level of security

• Permissions provide another level of security

• Folders can be shared for users to access over a network

• Use Effective Permissions capability to troubleshoot a security conflict

Summary (cont’d.)

• Distributed File System (DFS) – Set up shared folders that are easier for users to

access and can be replicated for backup and load distribution

• Disk quotas– Manage the resources put on a server disk volume

• Subsystem for UNIX-based Applications– Provides compatibility with UNIX and Linux systems


50

Date post:	21-Jan-2016
Category:	Documents
Upload:	lisbet
View:	46 times
Download:	0 times