Saturday, December 8, 2007

Administering Shared Folders

Understanding Shared Folders

Microsoft Windows 2000 allows you to designate folders to share with others. For example, when a folder is shared, authorized users can make connections to the folder (and access its files) from their own computers. This lesson introduces shared folders and shared folder permissions.

After this lesson, you will be able to

  • Use shared folders to provide access to network resources
  • Describe how permissions affect access to shared folders

Estimated lesson time: 15 minutes

Shared Folders

Shared folders provide network users centralized access to network files. When a folder is shared, all users by default can connect to the shared folder and gain access to the folder's content. A shared folder can contain applications, data, or a user's personal data in a home directory. Each type of data requires different shared folder permissions.

Shared Folder Permissions

You can assign shared folder permissions to user and group accounts to control what users can do with the content of a shared folder. The following are characteristics of shared folder permissions:

  • Shared folder permissions apply to folders, not individual files. Because you can only apply shared folder permissions to the entire shared folder, and not to individual files or subfolders in the shared folder, shared folder permissions provide less detailed security than NTFS permissions.
  • Shared folder permissions do not restrict access to users who gain access to the folder at the computer where the folder is stored. They only apply to users who connect to the folder over the network.
  • Shared folder permissions are the only way to secure network resources on a FAT volume. NTFS permissions are not available on FAT volumes.
  • The default shared folder permission is Full Control, and it is assigned to the Everyone group when you share the folder.

Guidelines for Shared Folder Permissions

The following list provides some general guidelines for managing your shared folders and assigning shared folder permissions:

  • Determine which groups need access to each resource and the level of access that they require. Document the groups and their permissions for each resource.
  • Assign permissions to groups instead of user accounts to simplify access administration.
  • Assign to a resource the most restrictive permissions that still allow users to perform required tasks. For example, if users need only to read information in a folder and they will never delete or create files, assign the Read permission.
  • Organize resources so that folders with the same security requirements are located within a folder. For example, if users require Read permission for several application folders, store the application folders within the same folder. Then share this folder instead of sharing each individual application folder.
  • Use intuitive share names so that users can easily recognize and locate resources. For example, for the Applications folder, use Apps for the share name. You should also use share names that all client operating systems can use.

Planning Shared Folders

When you plan shared folders, you can reduce administrative overhead and ease user access. To plan shared folders, you must determine which resources you want shared, and then organize resources according to function, use, and administration needs.

Shared folders can contain applications and data. Use shared application folders to centralize administration. Use shared data folders to provide a central location for users to store and gain access to common files. This lesson outlines the points you must consider when sharing application and data folders.

Application Folders

Shared application folders are used for applications that are installed on a network server and they can be used from client computers. The main advantage of shared applications is that you do not need to install and maintain most components of the applications on each computer. Whereas program files for applications can be stored on a server, configuration information for most network applications is often stored on each workstation. The exact way in which you share application folders will vary depending on the application, your particular network environment, and your organization.

Public Data

When you share a common public data folder, do the following:

  • Use centralized data folders so that data can be easily backed up.
  • Assign the Change permission to the Users group for the common data folder (see Figure 10.4). This will provide users with a central, publicly accessible location for storing data files that they want to share with other users. Users will be able to gain access to the folder and read, create, or change files in it.

Sharing Folders

You can share resources with others by sharing folders containing those resources. To share a folder, you must be a member of one of several groups, depending on the role of the computer where the shared folder resides. When you share a folder, you can control access to the folder by limiting the number of users who can simultaneously gain access to it, and you can also control access to the folder and its contents by assigning permissions to selected users and groups. After a shared folder is created, you may need to modify folder sharing properties. You can stop sharing a folder, change its share name, and change user and group permissions to gain access to it. To access a shared folder, users must first have appropriate permissions and then make a connection to it. This lesson explains how to create and modify shared folders and how to connect to a shared folder.

Requirements for Sharing Folders

In Windows 2000, members of the built-in Administrators, Server Operators, and Power Users groups are able to share folders. The groups that can share folders and the machines on which they can share folders depend on the following requirements:

  • In a Windows 2000 domain, the Administrators and Server Operators groups can share folders residing on any machines in the domain. The Power Users group is a local group and can only share folders residing on the stand-alone server or computer running Windows 2000 Professional where the group is located.
  • In a Windows 2000 workgroup, the Administrators and Power Users groups can share folders on the stand-alone server or the computer running Windows 2000 Professional on which the group exists.

Administrative Shared Folders

Windows 2000 automatically shares certain folders for administrative purposes. These shares are appended with a dollar sign ($). The $ hides the shared folder from users who browse the computer. The root of each volume, the system root folder, and the location of the printer drivers are all hidden shared folders that you can access from across the network.




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)