Download (direct link):
2. On an NTFS disk, the one permission that a folder can have, but a file cannot, is ______.
Optimize access to files and folders
3. When using shared folder permissions or NTFS permissions, ease administrative chores by assigning permissions to ______ rather than to ______.
Create and remove shared folders
4. The fastest way to share a folder is to right-click it and choose ______.
5. To share a file on a Windows XP Professional machine with other users over a local area network connection, you must copy the file to a ______.
6. The three shared folder permissions are ______, ______, and ______.
Configure, manage, and implement Internet Information Services (IIS)
7. To use IIS help, you must enable ______.
Manage and troubleshoot Web server resources
8. Internet Information Server allows you to control user access by IP address as well as by ______.
Configure, manage, and troubleshoot a security configuration
9. To refresh a domain security change, use the command ______.
Configure, manage, and troubleshoot local security policy
10. The pecking order for Group Policy settings, from weakest to strongest, is ______, ______, ______, and ______.
1. NTFS permissions. See the 'NTFS Permissions' section if you missed this one.
2. List folder contents. The 'NTFS Permissions' section has more.
3. Groups, users. See 'Who can have access' in this chapter.
4. Sharing. The section 'Sharing a folder' expands on this subject.
5. Shared folder. See 'Sharing a folder.'
6. Read, change, full control. The section 'Assigning shared folder permissions' has more.
7. Indexing service. See the section titled 'Installing Internet Information Services (IIS).'
8. DNS address. The 'Web Server Access Control' section fills in this and other gaps.
9. GPUPDATE. See 'Policies and the Local Security Policy console' for more.
10. Local, site, domain, organizational unit. 'Policies and the Local Security Policy console' contains this invaluable nugget.
Access Permissions Overview
Access. The ability to see, read, touch, change, explore, append, copy, destroy. Too little access and you can't do your work; too much, and you can (accidentally or intentionally) prevent other people from doing theirs. As organizations transfuse more and more of their lifeblood information into computer systems, controlling access becomes a hugely important task - one that Windows XP addresses through many features and facilities.
The subject is so large that it can seem overwhelming, so I begin by breaking it down into more manageable chunks. First, consider access control over network links as opposed to access control on the local PC. Second, consider the main steps in configuring access permissions: which, who, and what. The following sections elaborate.
Network access control versus local access control
One way to make access control more understandable is to divide it out into two major categories: access control over a network connection, and access control for users who log on at the local PC. Here are some facts about controlling access:
* On a FAT, FAT32, or NTFS disk, you can control access over a network by using shared folder permissions or share permissions. This control extends to identifying who may use a shared folder and, in a limited way, what they can do with it. This is folder-level access control only.
* On an NTFS disk, you can also control access over a network by using NTFS permissions, also known as file-and-folder permissions. This control extends to identifying who may use a file or folder and, in a detailed way, what they can do with it. You can control access at the folder level or at the file level.
Instant Answer NTFS permissions apply access control for network users and for local users, and for unshared as well as shared folders.
* You can control network access to an Internet or intranet server by using the Internet Information Service (IIS) snap-in to the Computer Management console. This control gives you lots of options for restricting access (see the 'Web Server Access Control' section later in this chapter).
* On a local PC, you can control access by using NTFS permissions (see previous bullet). Shared folder permissions don't work in this case; they only work over a network connection.
* On both networked and local PCs, you can control access by using policies. See the 'Local Group Policy' section later in this chapter.
Configuring access control
Remember Three considerations exist when you configure access permissions for any given resource on a Windows XP PC. Remember them easily by the key words which, who, and what.
Which resources users can access
The first step in configuring access permissions is to specify which resources users can access. Resources typically means files, folders, printers, Registry keys, and Web servers (which you can create in Windows XP Professional through the optional IIS component).
* To share a resource across a network link, you typically right-click the resource and click a command like 'Sharing.' The main requirement is that you have the File and Printer Sharing for Microsoft Networks service (which appears as simply 'Server' in the Services administrative tool) installed for the network connection. Open the Network Connections folder from the Control Panel menu, right-click the icon for your network adapter, and see whether this service appears in the list and is checked as active (see Figure 11-1). If it doesn't appear, install it by clicking the Install button.