Chapter 9 Chapter 9: Managing Server Folders, Permissions, and Software Installation Learning Objectives Chapter 9 Manage folders on a server, including: Planning a folder structure Viewing and creating folders Setting folder properties such as attributes, permissions, auditing, and ownership Setting up shared folders Moving and copying files and folders Install and manage application software continued Learning Objectives Chapter 9 Use the Registry to configure Windows NT Server and application software, and use Windows NT Diagnostics to view Registry contents Set system policies using the System Policy Editor Configure and use License Manager Configure and use Directory Replicator Managing Folders Chapter 9 Designing a folder structure Viewing and creating folders Setting folder properties Setting up a shared folder Troubleshooting a security conflict Moving and copying files and folders Designing a Folder Structure Chapter 9 A chaotic file structure makes it difficult to run or remove programs Avoid confusion by having a place for: Software applications Confidential files shared by certain groups Public files shared by everyone Software utilities for all users Server management utilities Folder Structure Design Considerations Chapter 9 Root folder should not be cluttered with files or too many folders Each software application should have its own folder or subfolder Similar information should be grouped Folders should have names that clearly reflect their purpose A Sample Folder Structure Chapter 9 Folders off the Root Winnt Users Data Word Manage Ntserver (created by Forms NT Server setup) Msoffice Access Excel Queries Winword Clipart Office Templates Contracts Court Tax RealEstate Wills Bankruptcy Viewing and Creating Folders Chapter 9 Viewing Use My Computer or Windows NT Explorer Display can be customized or, the good ol’ command-line interface “dir” command, or similar add-ons Creating Use My Computer or Windows NT Explorer or, CLI Setting Folder Properties Chapter 9 General properties Folder and permission security Permissions Auditing Ownership General Properties Chapter 9 Descriptive information Location Size Number of files/folders Folder name and creation date Folder attributes Attributes Chapter 9 A characteristic associated with a folder or file, used to help mange access and backups Largely ignored by NT administrators (except for backup purposes) in favor of rights and permissions Windows NT Attributes Chapter 9 Attribute Purpose Read-only Prevents directory or file from being changed or deleted Archive Directory or file is new or changed and needs to be backed up Compress Compresses files to save disk space System File is used by the operating system and should not be viewed with ordinary list commands Hidden Directory or file cannot be viewed with ordinary list commands Folder and Permission Security Chapter 9 Three security options Permissions: Control access to the folder and its contents Auditing: Enables administrator to audit activities on a folder or file Ownership: Designates the folder owner who has full control of that folder NTFS Folder and File Permissions Chapter 9 Permission Description No access No access to folder for any users other than owner List Can list files in folder or switch to subfolder, but cannot access file contents Read For existing and new files, can read their contents and can execute program files Add Can write new files in folder and execute program files, but cannot view folder files Add & Read Can read files, add new files, and execute program files, but cannot modify file contents Change Can read, add, delete, execute, and modify files Full Control Can read, add, delete, execute, and modify files plus change permissions and take ownership of folders Directory Permissions Dialog Box Chapter 9 Note: would usually have >1 group/username under “Name”. Microsoft Guidelines for Setting Permissions Chapter 9 Protect the Winnt folder that contains operating system files from general users (No Access or Read) but give Administrators Full Control access Protect server utility folders with access permissions only for Administrators, and Server and Backup Operators continued Microsoft Guidelines for Setting Permissions Chapter 9 Protect software application folders with Add & Read Create publicly used folders with Change access Provide users Full Control of their own home directories Remove the group Everyone from confidential folders Special Folder and Special File Access Options Chapter 9 Enable customization of folders or file access beyond standard permissions combinations of the different aforementioned abilities R, W, X, D, C, “take owner” useful for special situations, if need be Auditing Chapter 9 Tracks access to folders and files Directory Auditing dialog box enables auditing of a variety of successful and failed events track success/fail, whichever is more important for that particular case remember, auditing can be expensive -- that is, can dramatically affect server performance Ownership Chapter 9 Folder owners have Full Control permissions for the folders they create Taking ownership of a folder Setting Up a Shared Folder Chapter 9 Share permissions No Access Read Change Full Control Can be overridden NT uses most restrictive permission, whichever is stricter Setting Up a Shared Folder Chapter 9 Sharing can be limited by #users software licensing also provides some “extra” security Shares can be hidden put $ character at end of share name both for security through obscurity as well as ease-of-use Troubleshooting a Security Conflict Chapter 9 Review folder permissions and share permissions for the account and for the groups to which the account user belongs Careful planning of folder structure and user groups in light of server security needs saves time and user aggravation Moving and Copying Files and Folders Chapter 9 Creating, moving, or copying a file can affect the file and folder permissions Moving: File is deleted from the original location placed in a different folder Copying: Original file remains intact and a copy is made in another folder New file permissions depend on copy/create - inherit from folder move - retain existing unless move to different volume - like copy Installing and Managing Application Software Chapter 9 Software licensing Network compatibility Network performance Location of temporary files Software testing Loading software from the network Restrictions for MS-DOS-based software Software Licensing Chapter 9 Read and follow licensing agreement before loading software Copy protect the software user education important License monitoring: A process used to ensure that the number of software licenses in use does not exceed the number for which the network is authorized Network Compatibility Chapter 9 Check all applications to be certain they are network-compatible, i.e., designed for multiuser access, often with network capabilities such as options to send files through e-mail with popularity of the Internet, new applications generally are network-friendly but remember, Internet features can be a security hole Network Performance Chapter 9 Closely monitor network activity and traffic associated with software applications some applications have BIG effect on network traffic remember, software is one consideration when choosing topology Location of Temporary Files Chapter 9 Determine what extra files are needed to run an application and where to store them Teach software users how to deploy temporary and backup files created by software, and how to delete them when no longer needed utilities exist to clean up files automatically Software Testing Chapter 9 Test each software installation before releasing it to users An important way to determine that the software is working, is network compatible, and that the permissions are correctly set Loading Software from the Network Chapter 9 One option: Install software application files from network onto each client workstation Another option: Install client software so that application files are loaded from server Advantage: Save workstation disk space Advantage: Ease of management Disadvantage: Extra network traffic Installing Software Using Add/Remove Programs Chapter 9 Software configuration is stored in Windows NT Registry; configuration is easier and configuration information can be updated to an ERD Registry tracks location of all files associated with software; easier to remove all program pieces Running Software Applications in User Mode Chapter 9 User mode Used for running programs in a memory area kept separate from that used by the kernel The program cannot directly access the kernel or operating system services except through an API Kernel mode Privileged environment in which Windows NT operating system kernel runs Consists of protected memory area and privileges to directly execute system services, access CPU, run I/O operations, etc. Using the Registry to Configure System Setup and Software Chapter 9 Registry: Database that contains information the operating system needs about the entire server (configuration, program setup, devices, drivers, etc.) Two editors to view Registry contents Regedit Regedt32 The Five Root Keys Chapter 9 Root key (or subtree): Highest category of data contained in the Registry The five root keys HKEY_LOCAL_MACHINE HKEY_CURRENT_USER HKEY_USERS HKEY_CLASSES_ROOT HKEY_CURRENT_CONFIG The Five Root Keys Chapter 9 Root Key Contents HKEY_LOCAL_MACHINE Information on every hardware component on the server HKEY_CURRENT_USER Information about the desktop setup for the account presently logged on to the server console HKEY_USERS All user profiles kept on server HKEY_CLASSES_ROOT Data to associate file extensions with programs HKEY_CURRENT_CONFIG Information about current hardware profile Backing Up the Registry Chapter 9 The Registry is vitally important to Windows NT Server Plan to back it up regularly when you back up other files ERD - via RDISK separately - via REGBACK 3rd-party backup software often has specific options for registry Setting System Policies Chapter 9 Override registry settings in Windows NT Server Used to set up special conditions for individual users security ease-of-use Used to set up restrictions for all users security ease-of-use System Policies to Govern All Users Chapter 9 Control Panel display options Desktop wallpaper and color schemes Operating system shell restrictions hiding drives, Net Neighborhood, etc. System restrictions run only certain programs, etc. Windows NT Shell options Windows NT System options System Policies to Govern Individual Users Chapter 9 Remote access settings Creation of hidden drive shares Network printer scheduling and error control options Customized shared folder setup Logon security and logon banner controls File-naming options User profile network time-out periods for slow network connections Setting Up and Using License Manager Chapter 9 “License” = right to use software license terms differ by vendor select the best option based on needs & price Per seat licensing: Requires that there be enough licensees for all network client workstations Per server licensing: Based on maximum number of clients that use an application at one time Setting Up and Using Directory Replicator Chapter 9 Directory replication services enable designated directories on one server to be copied to another server(s) or workstation(s) on the network Export server: Server with the original directories Import server: Computer that receives the directories and files Directory Replication Uses Chapter 9 To copy an update database on a member server in a client/server system to a reporting database on a different member server To create a backup copy of account- related information Setting Up Export and Import Parameters Chapter 9 Chapter Summary Chapter 9 Plan folder structure in advance. Create distinct folders for user directories, software applications, server utilities, etc. Set up folder properties Setup permissions according to purpose of folder continued Chapter Summary Chapter 9 Before installing application software in a folder, make sure the software is network-compatible. Use Add/Remove Programs tool to install software so that installation is coordinated with the Windows NT Registry. continued Chapter Summary Chapter 9 System policies offer another way to change Registry settings and to customize how users access Windows NT Server. License Manager records and monitors the number of licenses. Directory Replicator copies folders from a server to other network computers.