Objective: Add NTFS security to the Public share.
Estimated time: 15 minutes
1. Click Start, Programs. Select Windows NT Explorer to open the Explorer window. Choose a directory on an NTFS partition. If you do not have an NTFS partition, you cannot complete
this lab.
2. Create a directory called TestNTFS and then right-click on it. Select the Properties option from the menu to open the TestNTFS Properties window.
3. In the TestNTFS Properties window, click on the Security tab and then click the Permissions button to open the Directory Permissions dialogue box.
4. Observe that the directory currently has its default permissions list with Everyone—Full
Control as the only entry.
5. Select Everyone. Click the down arrow on the Type of Access field and choose Read.
6. Take note of the check boxes near the top of the window. The Replace Permissions on Files option
is checked, while the Replace Permissions on Subdirectories option is cleared. If you have subdirectories and want the new access permissions to filter down through them, you must check this
box. Because no subdirectories exist in this instance, the point is currently moot, so leave the
defaults as they are.
7. If you need to enter additional groups into the list, you can do so by using the Add button. Click this button and observe the Add Users and Groups window. Select the Administrators Local group and then click on the down arrow next to the Type of Access drop-down list and observe the expanded choices. Permissions are broken down to more specific levels, and Special File Access and Special Directory Access enable you to mix and match permissions to suit your needs. In reality, you rarely will grant a group only the List and Delete permissions, but you can if you need to. If, for instance, a user needs to be able to write to a directory, but should not be able to view, read, or modify files in that directory, only Write permission would be given to him. Give Administrators Full Control permissions.
8. Click OK to return to the Directory Permissions window. Then click OK to set the new permissions and return to Explorer.
9. Click File, Exit to close Explorer.
10. Share the TestNTFS directory with Everyone— Full Control permissions and log on to the share from a remote machine and observe the permissions available when you log on as an Administrator as opposed to a TestUser. You should be able to modify, create, and delete files across the share if you are logged on as an Administrator, but you should be able to only read and execute while logged on as a TestUser.
No comments:
Post a Comment