-
Standard NTFS Permissions
- • Read
- • Read&Execute
- • List Folder Contents
- • Write
- • Modify
- • Full Control
-
Distributed File Services
- • A way to combine multiple shared folders on different servers into one hierarchy (under 1 root)
- • Stand-alone- only exists on 1 server
- • Domain-based – allows fault-tolerance and load balancing, as well as using AD for copying a folder to multiple targets
-
2 Categories of permissions
-
Standard
are pre-set, frequently used permissions for objects
-
Special
provide finer granularity to file/folder security
-
New, Moved and Copied files and folders permissions
- • When a file or folder is moved or copied, it will inherit the destination folder permissions.
- • The only exception is when a file/folder is moved within the same NTFS volume - then it will retain its original permissions.
-
Effective permissions
- • User and Group NTFS permissions combine for the least restrictive combination, except where Deny overrides Allow. Files may have different permissions that parent folder permissions.
- • When combining share and NTFS permissions always chose the MOST restrictive combination
-
Effective NTFS permissions
- 1. Determine effective shared by choosing the least restrictive of all shared. The exception is Denied permission overrides Allow.
- 2. Determine effective NTFS by choosing the least restrictive of all shared. The exception is Denied permission overrides Allow.
- 3. Combine the results of steps 1 and 2 and choose the MOST restrictive permission out of share and NTFS. IF there is no overlap - no permissions are effective.
-
Troubleshooting Permissions Problems
- • When permissions are granted through group membership, a user needs to log off and log back on
- • Watch out for “Deny” Permissions
- • Watch out for individual folder permissions
- • Watch out for a conflicting combination of NTFS/Shared permissions
- • File permissions change after being moved/copied
-
Shared Folder Permissions
- • Share permissions are different from NTFS (NTFS and share permissions are cumulative)
- • Deny permissions take precedence’
- • Shared folders can be cached
- • Shared Folders can be published in AD
- • Reader (former Read)
- • Contributor (former Change)
- • Co-owner (former Full Control)
- • Owner
-
Folder and File Auditing
- • Auditing tracks access to folders and files
- • Audited events are recorded in the Windows Server 2008 Security Log in Event Viewer
- • Folder and File ownership
- • An owner is the person who creates a folder/file.
- • Owner can change permissions
- • Ownership can be transferred to a user with Full Control or Take Ownership permissions
- • Administrators can always take ownership
-
NTFS permissions
- • NTFS permissions are specified in the object’s ACL and are used to control access to the object
- • 2 Categories of permissions: Standard and Special
- • Standard are pre-set, frequently used permissions for objects
- • Special provide finer granularity to file/folder security
- • NTFS permissions can be assigned by an owner, a user with Full Control, or a user with Change Permissions. Also, a user with Take Ownership permission can take ownership of the file/folder and then change permissions.
-
Folder and File Attributes
- • Read-only
- • Hidden
- • Extended attributes: Archive, Index (not Windows Search Service), Compress, Encrypt
-
ACL
-Access Control List (ACL) – list of privileges given to a user account or a group
-
DACL
– discretionary ACL – configured by an admin or owner
-
SACL
– system control ACL – contains information for auditing access
-
Network printing process components
- ○ Local print device
- ○ Network print device
- ○ Print client
- ○ Print server
- ○ Print job
- ○ Printer driver
-
Spooling
○ Frees the server CPU to handle other processing requests in addition to print requests
-
Printing process steps
- ○ Application client generates a print file
- ○ Application communicates with the Windows graphics device interface (GDI)
- ○ When the GDI is finished, the print file is formatted with control codes
- ○ The remote print provider at the client makes a remote procedure call to the network print server
- ○ The network print server uses four processes to receive and process a print file: router, print provider, print processor, and print monitor
- ○ The Server service calls its router, the Print Spooler service
- ○ While the file is spooled, the print provider works with the print processor to ensure that the file is formatted to use the right data type
- ○ The print monitor pulls it from the spooler’s disk storage and sends it off to the printer
-
XPS
- XML Paper Specification (XPS)
- An advanced way of printing documents for multiple purposes, including viewing electronic pages and printing pages in a polished format
-
Print Services role
- ○ Enables you to use the Print Management tool to manage shared printers
- ○ Also enables you to track printing events through a log you can view using the Event Viewer
-
Services within the print services role:
- ○ Print Server
- ○ Internet Printing
- ○ LPD Service
-
Printer Pooling
- Involves configuring two or more identical printers connected to one print server
- • All of the printers in a pool must be identical so that they use the same printer driver and handle print files in the same way
- • The Add Port button enables you to add a new port
- • The Delete Port button is used to remove a port option from the list of ports
-
-
Basic storage
– uses static partitions (physical disk divisions) that can’t span physical drives. Use industry-standard partitioning and formatting and can contain up to 4 primary and 1 extended partitions, as well as logical drives
-
Dynamic storage
– uses volumes that can span physical drives. Supports advanced options, including fault-tolerance. Unlimited number of volumes. No other O/S can access dynamic storage; not supported on laptops.
-
Partitioning
○ A process that blocks a group of tracks and sectors to be used by a particular file system, such as NTFS
-
Formatting
○ A process that creates a table containing file and folder information for a specific file system in a partition
-
MBR
Master Boot Record (MBR)
-
GPT
Globally Unique Identifier (GUID) Partition Table
-
System
– contains O/S boot files. Can only exists on a primary
-
Boot
– contains O/S system files. Can exist on a primary or extended.
-
Primary
- from which you can boot an OS, such as MS-DOS or Win2K Server. Can only have 4 per disk.
-
Extended
– serves to overcome limit of 4 primary partition, is not bootable. Can only have 1 per disk.
-
Dynamic disks support 5 volume types:
- - Simple
- - Spanned
- - Striped
- - Mirrored
- - Raid-5
-
RAID
- Redundant Array of Inexpensive (Independent) Disks
- ○ A set of standards for lengthening disk life provide better performance and FT
- • Software or Hardware RAID
- • RAID levels – 0 through 6
- • Server 2008 supports RAID levels 0, 1 and 5 through software
-
Software RAID vs. Hardware RAID
- • Software RAID implements fault tolerance through the server’s operating system
- • Hardware RAID is implemented through the server hardware: ○ Independent of the operating system
- • Advantages over software RAID:
- -○ Faster read and write response
- -○ The ability to place boot and system files on different RAID levels
- -○ The ability to ‘‘hot-swap’’ a failed disk
- -○ More setup options to retrieve damaged data
-
Software RAID
- implements fault tolerance through the server’s operating system
-
Hardware RAID
- - is implemented through the server hardware:
- ○ Independent of the operating system
-
Simple Volume
- • A portion of a disk or an entire disk that is setup as a dynamic disk
- • Can be extended with an unallocated space
- • Doesn’t provide FT
-
Spanned Volume
- • Method of combining free space on 2 to 32 physical disks into a single volume with available space on each of the spanned disks of varying size
- • Storage is accomplished by filling the space on one disk and moving to each subsequent spanned disk
- • Not FT
- • Can be extended (only those formatted with NTFS)
-
Striped Volume – RAID 0
- • Similar to spanned in that both permit 2-32 disks combined.
- • Logically distributes the information simultaneously across all the disks, unlike spanned which sequentially store data. This architecture provides faster I/O
- • Not FT
- • Free space areas on each disk need to be of equal size.
-
RAID-5 Volume
- • Similar to striped, but is fault-tolerant
- • Logically distributes the information simultaneously across all 3 or more disks, one of which stores parity
- • If 1 disk fails, data can be reconstructed, but if more than 1 – it can’t.
- • Writing is slower than striped, but reading is the same. When 1 disk fails performance degrades
- • Calculate usable space: parity takes 1/n of the data, where n= number of disks in the volume.
- • Free space areas on each drive need to be of equal size.
-
Mirrored Volume – RAID 1
- • Creating a shadow copy of data on a backup disk
- • Requires 2 disks
- • Most guaranteed FT, but less efficient use of disk space
- • Read performance is the same as on any single disk drive, Write is slower than on single disk, but faster than RAID-5. No performance degradation when 1 disk fails.
- • Disk Duplexing – 2 drives/2 controllers
-
Shrinking a volume
- • Windows Server 2008 comes with the ability to shrink a basic or dynamic disk volume
- • Shrinking a volume enables you to create a new partition when one is needed and you don’t have extra disks
- • When you shrink a volume, Windows Server 2008 starts from the end of that volume
- ○ Works its way back through contiguous space to create unallocated disk space
- You can specify the amount of space to recover
-
Mounting a Drive
- • Windows Server 2008 enables you to mount a drive as an alternative to giving it a drive letter
- • Mounted drive
- ○ One that appears as a folder and is accessed through a path like any other folder
- • You can mount a basic or dynamic disk drive, a CD/DVD drive, or a removable drive
|
|