ch Bad Request

Document Sample
ch Bad Request Powered By Docstoc
					      Chapter 4, Microsoft Windows 2000 File Systems
      Chapter 4, Lesson 1
      Disk Management Basics
      1.   Setting Up a Hard Disk
|1|        A.   Tasks necessary for setting up a hard disk
                1.   Initializing the disk with one of two storage types: basic or dynamic
                2.   Creating partitions on basic disks or volumes on dynamic disks
                3.   Formatting the disks with one of two file systems: NTFS or FAT
|2|        B.   Storage, partition, and volume types
|3|             1.   Storage types
                     a.      Basic storage
                             (1) Traditional industry standard
                             (2) Dictates the division of hard disks into partitions
                             (3) Supported by MS-DOS and all versions of Microsoft Windows
                             (4) The default storage type for Windows 2000
                             (5) Backward compatible with Microsoft Windows NT volume
                                   sets, striped sets, mirrored volumes, and disk striping with
                     b.      Dynamic storage
                             (1) Supported by Windows 2000 only
                             (2) Divided into volumes, which consist of a portion or portions of
                                   one or more physical disks
                             (3) Can contain simple volumes, spanned volumes, striped
                                   volumes (RAID-0), mirrored volumes (RAID-1), and striped
                                   volumes (RAID-5)
                             (4) Does not have the restrictions of basic storage
|4|             2.   Partition types (basic disks)
                     a.      Overview
                             (1) Partitions function as physically separate storage units.
                             (2) A basic disk can contain up to four primary partitions, or three
                                   primary partitions and one extended partition, for a maximum
                                   of four partitions.
                     b.      Primary partitions
                             (1) Hardware looks for the active partition for the boot files to
                                   start the operating system.
                             (2) Only one partition on a single hard disk can be active at a time.
                             (3) Multiple primary partitions allow you to isolate different
                                   operating systems or types of data.
                             (4) To dual-boot Windows 2000 with Microsoft Windows 95 or
                                   MS-DOS, the active partition must be formatted with FAT16.
                                   To dual-boot with Windows 95 OSR2 and Microsoft
                                   Windows 98, the active partition must be formatted with
                                   FAT16 or FAT32.
                        (5)  The Windows 2000 system partition is the active partition that
                             contains the hardware-specific files to load the operating
                      (6) The Windows 2000 boot partition is the primary partition or
                             logical drive where the operating system files are installed.
                 c.   Extended partitions
                      (1) An extended partition is created from free space.
                      (2) There can be only one extended partition on a hard disk.
                      (3) You divide extended partitions into logical drives and then
                             assign a drive letter to each one and format with a file system.
|5|        3.    Volume types (dynamic disks)
                 a.   Simple volume
                      (1) Contains disk space from a single disk
                      (2) Can be extended into multiple regions of the same disk
                      (3) Does not provide fault tolerance
                 b.   Spanned volume
                      (1) Includes disk space from multiple disks
                      (2) Starts on the first disk, fills the space, and continues on to the
                             next disk
                      (3) Does not provide fault tolerance
                 c.   Mirrored volume
                      (1) Consists of two identical copies of a simple volume, each on a
                             separate hard disk
                      (2) Provides fault tolerance
                 d.   Striped volume (RAID-0)
                      (1) Combines areas of free space from multiple hard disks
                      (2) Adds data to all disks at the same rate
                      (3) Does not provide fault tolerance
                 e.   RAID-5 volume
                      (1) Parity-information stripe added to each disk partition in a
                      (2) Data reconstructed when a disk fails
                      (3) Provides fault tolerance
|6|        4.    Dynamic disk and dynamic volume limitations
                 a.   Dynamic disks can be read only by computers running Windows
                 b.   Dynamic disks cannot be used if you need to dual-boot to another
                      operating system.
                 c.   Dynamic volumes are not supported on portable computers.
                 d.   Fault-tolerant configurations cannot be created locally on computers
                      running Windows 2000 Professional.
|7|   C.   File systems
           1.    Windows 2000 provides read and write support for the NTFS, FAT16,
                 and FAT32 file systems.

2                                                                             Outline, Chapter 4
                                                                  Microsoft Windows 2000 Server
                    2.     You should use NTFS when you require a partition to have file-level and
                           folder-level security, disk compression, disk quotas, or encryption.
                    3.     Use NTFS if you plan to promote a server to a domain controller.
                    4.     To dual-boot Windows 2000 and another operating system, format the
                           system partition with FAT.

|8|    2.    Common Disk Management Tasks
|9|          A.     Disk Management snap-in
                    1.   Provides a central location for disk information and management tasks
                    2.   Included as a preconfigured MMC console
                    3.   Can be used to configure and manage your network storage space
|10|         B.     Working with simple volumes
                    1.   Can be extended to include unallocated space on the same disk
                    2.   Can set up two simple volumes that are mirrored to one another
                    3.   Can use the Computer Management snap-in to create or extend a simple
|11|         C.     Working with spanned volumes
                    1.   Combining free space to create a spanned volume
                         a.     Created by combining variously sized areas of free space from 2 to
                                32 disks into one large logical volume
                         b.     Allows you to free drive letters for other uses and create a large
                                volume for file system use
                    2.   Extending and deleting volumes
                         a.     You can extend NTFS spanned volumes by adding free space.
                         b.     The Disk Management snap-in allows you to format the new area
                                without affecting any files on the original volume.
                         c.     You can extend spanned volumes on dynamic disks onto a maximum
                                of 32 dynamic disks.
                         d.     After a spanned volume is extended, no portion of it can be deleted
                                without deleting the entire volume.
|12|         D.     Working with striped volumes
                    1.   Data is written evenly across all physical disks.
                    2.   Windows 2000 can issue and process concurrent I/O commands on all
                         hard disks simultaneously.
                    3.   Files are written across all disks so that data is added to all disks at the
                         same rate.
                    4.   You need at least two dynamic disks to create a striped volume.
                    5.   You cannot extend or mirror striped volumes.
|13|         E.     Adding disks
                    1.   Adding new disks
                         a.     Install or attach the new disk.
                         b.     Use the Disk Management snap-in to rescan the disks.
                    2.   Adding a disk from another computer
                         a.     Install the disk into the new location.
                         b.     Use the Disk Management snap-in to add the disk.

Outline, Chapter 4                                                                                  3
Microsoft Windows 2000 Server
                 3.   Adding multiple disks from another computer
                      a.     The process of removing multiple disks from one computer and
                             installing them into another computer is much the same as the
                             process for a single disk.
                      b.     Install the disks into the new location.
                      c.     Use the Disk Management snap-in to add the new disks.
|14|        F.   Changing storage type
                 1.   Disk organization
                      a.     You can upgrade a disk from basic storage to dynamic storage at any
                      b.     Any disk to be upgraded must contain at least 1 MB of unallocated
                      c.     Converting disks
                 2.   Upgrading basic disks to dynamic disks
                      a.     Use the Disk Management snap-in to upgrade a basic disk to a
                             dynamic disk.
                      b.     After you upgrade a basic disk to a dynamic disk, you can create
                             volumes with improved capabilities on the disk, but the disk cannot
                             contain primary or extended partitions.
                 3.   Reverting to a basic disk from a dynamic disk
                      a.     You must remove all volumes from the dynamic disk.
                      b.     Use the Disk Management snap-in to revert to a basic disk.
            G.   Viewing and updating information
|15|             1.   Use the Disk Management snap-in to view a disk’s properties.
|16|             2.   Use the Disk Management snap-in to view a volume’s properties.
                 3.   Use the Disk Management snap-in to refresh the display and rescan the
|17|        H.   Managing disks on a remote computer
                 1.   Must be a member of the Administrators group or the Server Operators
                 2.   Can manage disks on a Windows 2000 computer that is a member of the
                      same workgroup, domain, or trusted domain
       Chapter 4, Lesson 2
       File Allocation Table (FAT)
|18|   1.   Introduction to the FAT File System
            A.   Two copies of the file allocation table are stored on the volume.
            B.   FAT16 works the same in Windows 2000 as it does in MS-DOS,
                 Microsoft Windows 3.x, Windows 95, and Windows 98.
            C.   FAT32 works the same in Windows 2000 as it does in Windows 95
                 OSR2 and Windows 98.
            D.   When running Windows 2000, you can move or copy files between FAT
                 and NTFS volumes.

4                                                                                Outline, Chapter 4
                                                                     Microsoft Windows 2000 Server
             E.     You cannot use Windows 2000 with any compression or partitioning
                    software that requires disk drivers to be loaded by MS-DOS.

|19|   2.    The FAT16 File System
|20|         A.     Sectors
                    1.    The FAT disk format is organized into sectors.
                    2.    Each sector can store 512 bytes.
                    3.    A sector is the smallest unit used when transferring data.
|21|         B.     Clusters
                    1.    A cluster is also referred to as an allocation unit.
                    2.    The cluster is the smallest unit the operating system uses when
                          allocating file storage space on a FAT partition.
                    3.    Each cluster in a partition is identified.
                          a.     Unused
                          b.     Cluster in use by file
                          c.     Bad cluster
                          d.     Last cluster in file
|22|         C.     Structure
                    1.    The root folder contains entries for each file and folder on the volume.
                    2.    Folders have a 32-byte entry for each file and folder.
                    3.    There is no organization to the FAT folder structure. Files are given the
                          first available location on the volume.
                    4.    The information in the folder is used by all operating systems that
                          support the FAT file system.
                    5.    The attribute byte for each entry in a folder describes what kind of entry
                          it is.
                          a.     Archive file
                          b.     System file
                          c.     Hidden file
                          d.     Read-only file
                    6.    The default cluster size is determined by the size of the partition.

       3.    The FAT32 File System
|23|         A.     Overview of FAT32
                    1.   FAT32 supports partitions larger than those handled by FAT16.
                    2.   FAT32 is implemented with as little change as possible to existing
                         FAT16 architecture, internal data structures, APIs, and on-disk format.
                    3.   Many internal and on-disk data structures and published APIs have been
                         revised or expanded.
|24|         B.     FAT32 partition structure
                    1.   The largest file possible for a FAT32 drive is about 4 GB.
                    2.   A FAT32 partition must have at least 65,527 clusters, and the partition
                         cluster size cannot be increased.
                    3.   FAT16 and FAT32 file systems do not scale well. As the volume gets
                         bigger, the file allocation table gets bigger.

Outline, Chapter 4                                                                                 5
Microsoft Windows 2000 Server
|25|        C.   File system limits
                 1.    The maximum size of a FAT32 volume is limited by the maximum
                       number of FAT entries, the number of sectors per cluster, and the 32-bit
                       sector count in the partition record.
                 2.    FAT32 is limited by the maximum partition size possible per cluster
       Chapter 4, Lesson 3
       NT File System (NTFS)
|26|   1.   Introduction to NTFS
            A.   Should try to format Windows 2000 partitions with NTFS
            B.   Guarantees the consistency of the volume by using standard
                 transaction logging and recovery techniques
            C.   Supports all Windows 2000 operating system features
            D.   Allows you to set local permissions on files and folders that specify
                 which groups and users have access to them

|27|   2.   Features of Windows 2000
|28|        A.   Reparse points
                 1.    Files or directories that have user-controlled data stored in the system-
                       administered reparse attribute
                 2.    Add behavior not present in the underlying file system
                 3.    Enable layered file system filters to add user-controlled behavior to a file
                       or directory
                 4.    When a user accesses a folder that has a junction reparse point attribute
                       associated with it, a series of actions occur.
                 5.    Windows 2000 allows the relative order of the file system stack to be
                 6.    The Windows 2000 I/O subsystem builds the appropriate data structures
                       to service requests and orchestrates the calling of the layers in turn.
                 7.    Reparse point enhancements include two features.
                       a.     Hierarchical storage management
                       b.     Volume mount point
|29|        B.   Native Structured Storage (NSS)
                 1.    Allows ActiveX documents to be physically stored in the same
                       multistream format that ActiveX uses to logically process structured
                 2.    Makes a file on a disk look like an OLE-structured storage file
                 3.    Allows a file to be copied to a floppy, converting the file to the old
                       format and vice versa
                 4.    A reparse point is placed on any file that uses NSS.
                       a.     The reparse point indicates that the file has multiple streams.
                       b.     The reparse point instructs a file system filter driver to translate the
                              multiple streams into a single stream when the file is migrated to file
                              systems that do not support NSS.

6                                                                                    Outline, Chapter 4
                                                                         Microsoft Windows 2000 Server
|30|         C.     Disk quotas
                    1.    Allow you to limit the amount of disk space users can consume
                    2.    Allow you to manage storage growth in a distributed environment
                    3.    Used in Windows 2000 on a per-partition basis
|31|         D.     Sparse file support
                    1.    Overview
                          a.     Sparse files allow programs to create very large files but to consume
                                 disk space only as needed.
                          b.     NTFS deallocates sparse data streams and maintains only non-sparse
                                 data as allocated.
                          c.     A user-controlled file system attribute can be set to take advantage of
                                 the sparse file function.
                          d.     A sparse file contains an attribute that causes the I/O subsystem to
                                 interpret the file’s data based on allocated ranges.
                    2.    Sparse file utilization
                          a.     NTFS includes full sparse file support for both compressed and
                                 uncompressed files.
                          b.     Data streams with an NTFS sparse attribute set have two allocation
                                 (1) AllocatedLength, which is rounded up to a cluster boundary
                                        greater than or equal to the size of the stream
                                 (2) TotalAllocatedLength, which represents the actual disk clusters
                                        allocated to the stream
|32|         E.     Line tracking and object identifiers
                    1.    Client applications can track link sources that have been moved locally
                          or within a domain.
                    2.    File links are maintained if the link source file is moved from one NTFS
                          volume to another within the same domain.
                    3.    File links are maintained if the name of the machine that holds the link
                          source is renamed, the network shares on the link source machine are
                          changed, or the volume holding the link source file is moved to another
                          machine within the same domain.
|33|         F.     Change Journal
                    1.    Overview
                          a.     The Change Journal is a sparse stream that creates a persistent log to
                                 track file information about additions, deletions, and modifications of
                                 each NTFS volume.
                          b.     With the Change Journal, only a small active range of the file uses
                                 any disk allocation.
                          c.     The Change Journal is more efficient than time stamps or file
                    2.    Change Journal awareness
                          a.     Does not affect a storage application unless it is specifically used by
                                 that application

Outline, Chapter 4                                                                                    7
Microsoft Windows 2000 Server
                  b. Operates in a bounded space and is based on a sparse data stream that
                     allows for deallocation from the front of a file
            3.  Unique Sequence Number (USN)
                a.   The USN Journal provides a persistent log for all changes made to
                     files on the volume.
                b.   Applications can consult the USN Journal for information about the
                     modifications made to a set of files.
                c.   When a user, an administrator, or another domain controller updates a
                     directory object, the object’s controller assigns that change a USN.
                d.   When the domain controller writes the change into the directory, it
                     also writes the USN of the change with the property.
|34|   G.   CD and DVD support
            1.  CD-ROM File System (CDFS)
                a.   Windows 2000 provides read-only support for CDFS.
                b.   All folder names and filenames must be fewer than 32 characters.
                c.   All folder names and filenames must be in capital letters.
                d.   The folder tree cannot exceed eight levels from the root.
                e.   File extensions are not mandatory.
            2.  Universal Disk Format (UDF)
                a.   UDF is new to Windows 2000.
                b.   UDF is designed for interchanging data on DVD and CD-ROM.
            3.  DVD support
                a.   Overview
                     (1) DVD has a capacity nearly 20 times that of a regular CD.
                     (2) DVD will usually work as a storage device and, if the proper
                            deciding hardware is present, will support full DVD playback.
                b.   DVD-ROM class driver
                     (1) DVD-ROM has its own industry-defined command set.
                     (2) In Windows 2000, support is provided in a new WDM
                            DVD-ROM device driver.
                     (3) Support for UDF is provided to ensure support for UDF-
                            formatted DVD discs.
                c.   Copyright protection
                     (1) Protection is provided by encrypting important sectors on a
                            disc and then decrypting those sectors prior to decoding them.
                     (2) Microsoft will provide support for both software and hardware
                            decrypters by using a software module that will enable
                            authentication between the decoders and the DVD-ROM
                d.   Regionalization
                     (1) Six worldwide regions have been set up by the DVD
                     (2) Discs are playable on DVD devices in some or all of the
                            regions according to regional codes set by the creators of the

8                                                                          Outline, Chapter 4
                                                               Microsoft Windows 2000 Server
|35|   3.    Structure of NTFS
|36|         A.     NTFS volume structure
                    1.  NTFS uses clusters made up of one or many sectors as the fundamental
                        unit of disk allocation.
                    2.  The default cluster size depends on the partition size.
                    3.  You can use the Disk Management snap-in to specify a cluster size up to
                        4 KB.
                    4.  If you use the Format.exe program to format an NTFS volume, you can
                        specify any default cluster size. However, NTFS compression is not
                        supported for cluster sizes greater than 4 KB.
                    5.  Specific cluster sizes are recommended for specific volume sizes.
|37|         B.     Windows 2000 boot sector
                    1.  The first information found on an NTFS volume is the boot sector.
                    2.  The boot sector consists of two structures: the BIOS Parameter Block
                        and code that describes how to find and load the startup files for the
                        operating system.
|38|         C.     Windows 2000 Master File Table and Metadata
                    1.  When a volume is formatted with NTFS, a Master File Table (MFT) and
                        Metadata are created.
                    2.  NTFS uses MFT entries to define the files that they correspond to.
                    3.  NTFS creates a file record for each file and directory record created on
                        an NTFS volume. Each file usually has one file record.
                    4.  Metadata consists of the files NTFS uses to implement the file system
|39|         D.     NTFS file attributes
                    1.  Every allocated sector on an NTFS partition belongs to a file, including
                        the file system Metadata.
                    2.  NTFS views each file or folder as a set of file attributes.
                    3.  An attribute type code and, optionally, an attribute name identify each

|40|   4.    Implementation of NTFS
|41|         A.     Upgrading to Windows 2000
                    1.   Upgrading from Windows NT
                         a.    All volumes formatted with an earlier version of NTFS are upgraded
                               to NTFS version 5.0.
                         b.    All boot/system volumes formatted with FAT16 are converted to
                               NTFS version 5.0.
                         c.    All volumes formatted with FAT16 that are not boot/system volumes
                               are not converted.
                    2.   Windows NT 4.0 Service Pack 4 or later conversion
                         a.    NTFS volumes are upgraded to NTFS version 5.0.
                         b.    Setup installs a new NTFS driver so that all volumes can be accessed.
                    3.   FAT volume conversion

Outline, Chapter 4                                                                                 9
Microsoft Windows 2000 Server
                  a.     Conversions from FAT to NTFS version 5.0 take place only if the
                         user confirms it.
                  b.     If a user runs Setup by using Winnt.exe, boot floppies, or a CD-ROM
                         boot, the Text Mode phase of the installation process allows the user
                         to choose the file system.
|42|   B.   Multibooting Windows 2000
            1.    Network-accessible NTFS volumes on file or print servers are not
                  converted as a result of client computer upgrades to Windows 2000.
            2.    If a user multiple-boots Windows 2000 and Windows NT 4.0 SP4, any
                  basic volumes formatted with NTFS used in Windows 2000 can be read.
            3.    If a user multiple-boots Windows 2000 and a version of Windows NT
                  that was released before Windows NT 4.0 SP4, the user cannot access
                  the NTFS volumes.
|43|   C.   NTFS compatibility
            1.    Ntfs.sys file system driver
                  a.     Provides support for mounting volumes and dual-booting systems in
                         mixed Windows NT environments
                  b.     Provided to assist in evaluating and upgrading to Windows 2000
            2.    Mounting volumes
                  a.     Windows NT 4.0 systems are not able to mount NTFS 5.0 volumes.
                  b.     Windows 2000 automatically upgrades NTFS 4.0 volumes to NTFS
            3.    Dual-boot systems
                  a.     Ntfs.sys allows you to dual-boot between Windows NT 4.0 and
                         Windows 2000.
                  b.     Most read and write operations can be done if the operations do not
                         make use of any NTFS 5.0 features.
                  c.     Windows 2000 might need to perform cleanup operations on the
                         volume after it was mounted on Windows NT 4.0.
            4.    Disk quotas
                  a.     When Windows NT 4.0 is running, disk quotas are ignored.
                  b.     If users violate their quotas under Windows NT 4.0, Windows 2000
                         will fail further disk allocation by those users.
            5.    Encryption
                  a.     No operations can be done on encrypted files under Windows NT
                  b.     No cleanup operations are necessary under Windows 2000.
            6.    Sparse files
                  a.     No operations can be done on sparse files under Windows NT 4.0.
                  b.     No cleanup operations are necessary under Windows 2000.
            7.    Object IDs
                  a.     Full access to the object is available under Windows NT 4.0.
                  b.     If the user has deleted a file with an object ID on it, Windows 2000
                         must scan and clean up the orphaned entry in the index.
            8.    USN Journal

10                                                                            Outline, Chapter 4
                                                                  Microsoft Windows 2000 Server
                           a.   The USN Journal is ignored under Windows NT 4.0.
                           b.   No entries are logged when files are accessed.
                    9.     Reparse points
                           a.   No operations can be done on reparse points under Windows NT 4.0.
                           b.   No cleanup operations are necessary under Windows 2000.

       Chapter 4, Lesson 4
       File System Security
       1.    Shared Folders
|44|         A.     Shared folder permissions
                    1.   Shared folder permissions apply to folders, not individual files.
                    2.   Shared folder permissions do not restrict access to users who gain access
                         to the folder at the computer where the folder is stored.
                    3.   Shared folder permissions are the only way to secure network resources
                         on FAT volumes.
                    4.   The default folder permission is Full Control.
                    5.   A shared folder appears in Windows Explorer as an icon of a hand
                         holding the shared folder.
                    6.   To control how users gain access to a shared folder, you must assign
                         shared folder permissions.
                    7.   You can allow or deny shared folder permissions to individual users or
                         to user groups.
|45|         B.     Applying shared folder permissions
                    1.   Multiple permissions
                         a.     A user can be a member of multiple groups, each with different
                         b.     The user’s effective permissions are the combination of the user and
                                group permissions.
                    2.   Denied permissions override allowed permissions.
                    3.   NTFS permissions
                         a.     Shared folders are not the best solution for NTFS. NTFS permissions
                                are preferred because they can be set on both files and folders.
                         b.     On an NTFS partition, you should use either share rights or NTFS
                                permissions, but not both.
                         c.     If share rights are configured for a folder and NTFS permissions are
                                configured for a folder or files within a folder, the most restrictive
                                rights will become the user’s effective rights.
                    4.   Copying or moving shared folders
                         a.     When you copy a shared folder, the original folder is still shared, but
                                the copy is not.
                         b.     When you move a shared folder, it is no longer shared.
|46|         C.     Guidelines for shared folder permissions
                    1.   Determine which groups need access to each resource and the level of
                         access they require.

Outline, Chapter 4                                                                                   11
Microsoft Windows 2000 Server
                 2.    Assign permissions to groups instead of user accounts to simplify access
                 3.    Assign the most restrictive permissions that still allow users to perform
                       required tasks.
                 4.    Organize resources so that folders with the same security requirements
                       are located within a folder.
                 5.    Use intuitive share names so that users can easily recognize and locate

       2.   Sharing Folders
|47|        A.   Requirements for sharing folders
                 1.   In a Windows 2000 domain, the Administrators group and the Server
                      Operators group can share folders residing on any machines in the
                      domain. The Power Users group can share only folders residing on the
                      stand-alone server or the Windows 2000 Professional computer where
                      the group is located.
                 2.   In a Windows 2000 workgroup, the Administrators group and the Power
                      Users group can share folders on the Windows 2000 Server stand-alone
                      computer or Windows 2000 Professional computer where the group is
                 3.   Users who are granted the Create Permanent Share Objects permission
                      can also create shares on the computer where the right is assigned.
|48|        B.   Administrative shared folders
                 1.   C$, D$, E$, and so on
                 2.   Admin$
                 3.   Print$
|49|        C.   Sharing a folder
                 1.   When you share a folder, you can give it a share name, provide
                      comments, limit the number of users, assign permissions, and share the
                      folder multiple times.
                 2.   The share properties are set on the Sharing tab of the Properties dialog
|50|        D.   Modifying shared folders
                 1.   Stop sharing a folder.
                 2.   Modify the share name.
                 3.   Modify shared folder permissions.
                 4.   Share folder multiple times.
                 5.   Remove a share name.

       3.   NTFS Permissions
|51|        A.   Overview
                 1.   NTFS permissions are a set of standard permissions that allow or deny
                      access for each user or group.
                 2.   Windows 2000 provides two standard NTFS permissions.
                      a.    NTFS folder permissions
                      b.    NTFS file permissions

12                                                                               Outline, Chapter 4
                                                                     Microsoft Windows 2000 Server
|52|         B.     Assigning NTFS permissions
                    1.   NTFS Full Control permission
                         a.     Full Control permission grants all permissions to access a resource.
                         b.     Full Control permission is assigned in certain circumstances.
                                (1) When a user creates a file or folder, that user becomes the
                                        Creator Owner and is assigned the Full Control permission.
                                (2) When a volume is formatted with NTFS, Full Control is
                                        assigned to the Everyone group at the root of the drive.
                                (3) When a FAT16 or FAT32 partition is converted to NTFS, Full
                                        Control is assigned to the Everyone group on all resources on
                                        that volume.
                    2.   Multiple NTFS permissions
                         a.     A user’s effective permissions are the combination of NTFS
                                permissions assigned to the individual user and to the groups that the
                                user belongs to.
                         b.     NTFS file permissions take priority over NTFS folder permissions.
                         c.     Denying a permission for a user or group blocks that permission from
                                the user, even if the permission has been granted to a group that the
                                user belongs to.
                    3.   Permission inheritance
                         a.     Rules are associated with the priority of file and folder permissions as
                                you move down a folder tree.
                         b.     By default, permissions assigned to the parent folder are inherited
                                and propagate to subfolders and files contained within the parent
                         c.     Inheritance can be prevented, and permissions can be assigned
                                explicitly to the file or folder.
|53|         C.     Guidelines for assigning NTFS permissions
                    1.   To simplify administration, group resources into application, data, and
                         home folders.
                    2.   Use NTFS permissions to control access to files and folders.
                    3.   Whenever possible, assign permissions to groups rather than individual
                         user accounts.
                    4.   When assigning permissions to home folders, centralize home folders on
                         a network volume separate from applications and the operating system.
                    5.   When assigning permissions to working data or applications folders,
                         remove the default Full Control permission from the Everyone group.
                    6.   When assigning permissions to public data folders, assign Modify
                         permission and Read & Execute permission to the Users group and Full
                         Control permission to the Creator Owner.
                    7.   In general, it is better not to assign permissions than to deny
                    8.   Encourage users to assign permissions to the files and folders that they
                         create and own.
             D.     Configuring NTFS permissions
|54|                1.   Overview

Outline, Chapter 4                                                                                   13
Microsoft Windows 2000 Server
                a.   Administrators and the owners of files and folders can assign
                     permissions to user accounts and groups.
               b.    Use the file’s or folder’s properties to assign permissions.
          2.   Assigning special access permissions
               a.    Introduction to special access permissions
                     (1) Special access permissions provide a finer degree of control
                            for assigning access to resources.
                     (2) There are 13 special access permissions that, when combined,
                            constitute the standard NTFS permissions.
               b.    Changing permissions
                     (1) File and folder owners and other users with Full Control
                            permission can assign or change permissions.
                     (2) You can grant network administrators the ability to change
                            permissions without giving them full control over the file or
               c.    Transferring ownership
                     (1) The current owner can assign the Full Control permission or
                            the Take Ownership special access permission to other users,
                            allowing those users to take ownership.
                     (2) An administrator can take ownership of any folder or file
                            under his or her administrative control.
                     (3) When assigned to a volume or folder, special access
                            permissions are initially applied only where specified in the
                            Apply Onto drop-down list.
               d.    Setting special access permissions
     E.   Copying and moving files and folders
          1.   Copying files and folders
               a.    To copy files and folders within or between NTFS volumes, a user
                     must have been granted the Add permission for the destination folder.
               b.    When files or folders are copied, permissions are inherited or lost,
                     depending on where the file or folder is copied to.
                     (1) When a folder or file is moved within an NTFS partition, the
                            folder or file retains its permissions.
                     (2) When a folder or file is copied within or between NTFS
                            partitions, or moved to another partition, the folder or file
                            inherits the permissions of the destination folder.
                     (3) When folders or files are copied to FAT16 or FAT32 volumes,
                            the folders and files lose their NTFS permissions because
                            FAT16 and FAT32 volumes do not support NTFS
          2.   Moving files and folders
               a.    To move files or folders between NTFS partitions, a user must have
                     been granted the Add permission for the destination folder or file and
                     the Delete permission for the source folder or file.
               b.    Moving folders and files within and between NTFS volumes can
                     affect the original permissions.

14                                                                         Outline, Chapter 4
                                                               Microsoft Windows 2000 Server
             F.     Troubleshooting NTFS permissions
                    1.   A user cannot gain access to a file or folder.
                    2.   A user account is added to a group to give that user access to a file or
                         folder, but the user still cannot gain access to the file or folder.
                    3.   A user deletes a file, although that user does not have permission to
                         delete the file.

Outline, Chapter 4                                                                                  15
Microsoft Windows 2000 Server

Shared By: