This chapter is from the book
This chapter is from the book
This chapter is from the book
Summary
In this chapter, we considered various Windows 2000 Professional administration topics including securing and sharing files and folders, connecting to print devices, and configuring file systems.
File and Folder Access
On the local computer, file and folder access is controlled through the use of NTFS permissions. Standard NTFS file permissions are Full Control, Modify, Read & Execute, Read, and Write. Standard NTFS folder permissions are the same, with the additional inclusion of List Folder Contents. These standard permissions are each composed of several NTFS special permissions that control a user's ability to Traverse Folders/Execute Files, List Folders/Read Data, Create Folders/Read and/or Append Data, Delete Folders and/or Subfolders and Files, Read and/or Write Attributes and/or Extended Attributes, Read and/or Change Permissions, or Take Ownership.
Permissions can be set explicitly, file-by-file and folder-by-folder, or implicitly through file/folder inheritance. Users may be granted multiple permissions levels depending upon their group memberships.
Where permissions overlap, NTFS assigns the least restrictive. The exception occurs when the Deny setting is applied, in which case it overrides all other access levels.
Besides providing a strong security, NTFS supports the use of built-in disk compression. FAT supports neither security nor built-in compression.
Share Folder Access
On computers accessed over a network, folder access is controlled through the use of share permissions. Standard share folder permissions are Full Control, Change, and Read. These standard permissions control a user's ability to Traverse Folders, View File/Subfolder Names, View Data in Files/Run Programs, Change Data in Files, Add Files and Subfolders to Shares, Delete Subfolders and Files, Take Ownership, and Change Permissions. Share permissions can be applied to either FAT or NTFS drives, and differ from NTFS permissions. Where share and NTFS permissions conflict, Windows 2000 applies the most restrictive of the two.
Only members of the Administrators, Server Operators, Power Users, or Users groups can create network shares.
Windows 2000 computers can share folders using Microsoft Networking, NetWare networking, FTP, and the Web.
Administering Print Devices
You may configure access to local and remote printing devices using the Add Printer Wizard. When connecting to a local printing device, you must name it, install drivers for it, choose whether or not to share it, and test its printing. You can connect to an Internet or intranet-based printing device as easily as to a local device by supplying the correct domain name or IP address.
Three permission levels can be assigned to shared printers: Full Control, Manage Documents, and Manage Printer. Only members of the Administrators or Power Users groups may install printers.
Administering File Systems
The options you have in configuring your computer's disk file systems depend upon their format(s). Microsoft recommends that you use FAT only when using disk drives of 2 GBs or less, and when dual-booting with older operating systems such as MS-DOS, Windows 3.1, or Windows 95. Although you can use FAT32 with partitions larger than 2 GBs and it is faster than FAT, Microsoft recommends that you use it only when dual-booting with Windows 98 or Me. NTFS, the recommended choice for Windows 2000, provides strong security with both file and folder-level permissions and encryption, supports hard drives as large as 2 TBs without a corresponding loss in performance, and has efficient built-in compression capabilities.
Disk drives can be managed from the Properties dialog box or the Storage snap-in of the MMC. You can convert FAT/FAT32 drives to NTFS without reformatting using the CONVERT.EXE utility. You cannot convert from NTFS to FAT/FAT32 without reformatting, and therefore erasing, the disk drive.