Sunday, October 7, 2012

Chapter 6 - Sharing Resources


Permissions in Windows 7 - a collection of permissions are called ACEs - access control entries that are stored in an ACL - access control list. Permission are stored as part of the component being protected, not the security principal being granted access.  There are 4 permission systems:

·         NTFS - controls access to files/folders stored on an NTFS volume

·         Share - controls access to files/folders shared over a network

o   Must have NTFS and share permissions in order to access files/folders over a network

·         Registry - controls access to parts of Windows registry - in order to modify registry settings, user must have permissions

·         Active directory - controls access to parts of AD  - permissions are required when servicing computers that are a part of a domain

You can allow or deny permissions. Combining both in the same hierarchy is too confusing/difficult to figure out what the effective permissions are for the specific component

Inheriting permissions - passing permissions downward from parent to child or, folder to files.

·         Can be turned off

·         Denying permissions that are inherited overrides any allow permissions

Permissions when copying and moving files are affected differently:

·         Copying NTFS files/folders to same or different NTFS volume, new copy inherits permissions from parent folder at new location

·         Moving NTFS files/folders to new location on same NTFS - existing permissions move with

·         Moving NTFS files/folders to new location on different NTFS - inherit permissions from the parent folder at new location

Effective permissions are combination of Allow and Deny permissions, whether assigned, inherited, or received through a group membership - sometimes these permissions conflict:

·         Allow permissions are cumulative  

·         Deny permissions override Allow permissions

·         Explicit permissions take priority over inherited permissions

Ownership - every file/folder has an owner. The owner is the user that created the element, but, any account possessing the Take Ownership special permission (or Full Control, can take ownership of the file/folder.

·         Combination of certain permissions can lock out a file/folder - allowing NO ONE to have access - but, there is a "back door" that allows the Owner access


Windows is very specific with their print/printer/print device/print driver/print server terminology:

·         Print device - actual printer hardware

·         Printer - software interface which computes communicate with the print device

·         Print server - computer that receives print jobs and sends to print devices

·         Printer driver - convert print jobs to commands for specific print device

To share printers, network discovery and file and printer sharing must be enabled in Network and Sharing Center.


Create printer on workstation and share it with the network - configure printer to function as a printer pool using IP addresses.

No comments:

Post a Comment