VIDEO
HIGHLIGHT
Log InSign up
Permisos Compartir y Seguridad NTFS
SummaryTranscriptChat

Permisos Compartir y Seguridad NTFS

Introduction to Permissions, Sharing, and Security

In this video lesson, we will discuss the concepts of permissions, sharing, and security in relation to NTFS permissions. We will explore how these different types of permissions affect users on a network.

Understanding Share Permissions and Security Permissions

  • Share permissions only affect users accessing files or folders over the network.
  • Security permissions affect all users, including those accessing files or folders locally.

Different Methods of Sharing

  • Simple Sharing: A new way of sharing based on the new network architecture called HomeGroup.
  • Advanced Sharing: The traditional method used since Windows 2000.

Overview of Security Permissions

  • Discretionary Access Control List (DACL): Lists the users and groups with permission to access a resource.
  • Access Control Entries (ACE): Specifies the type of permission granted to users and groups.

Ways to Access Shared Folders on a Server

There are multiple ways to access shared folders on a server. This section explores different methods depending on the operating system being used.

Accessing Shared Folders

  • Enabling Network Discovery: Required for clients to access shared folders on a server. Not enabled by default in Windows Vista, 7, and 2008.
  • Using UNC Path (servernamefoldername): Navigating directly to the shared folder using its path.
  • Mapping Network Drive: Creating a mapped drive letter for easy access.

Share Properties Based on Operating System

  • Windows 7 with HomeGroup/Workgroup Profile: Users can share folders with other members but cannot delete them without administrator permission.
  • Windows 2008 Domain Clients: Only members of the Administrators group can share folders locally or over the network.

Sharing a Folder with Specific Users

This section demonstrates how to share a folder with specific users and adjust their permissions.

Sharing a Folder

  • Right-click on the folder, select "Share with" > "Specific people."
  • Add users or groups by searching for them.
  • Choose the appropriate permission level (Read, Read/Write, etc.).

Limitations of User Sharing Permissions

User sharing permissions have limitations that require administrative intervention for certain actions.

User Limitations

  • Regular users cannot share folders without administrator credentials.
  • Regular users can create folders, become owners, add other users, and assign permissions.

Advanced Sharing Options

This section explores advanced sharing options available in Windows 2008.

Advanced Sharing Properties

  • Right-click on the folder, select "Properties," and go to the "Sharing" tab.
  • Choose between standard sharing or advanced sharing.
  • In advanced sharing, specify detailed permissions for different user groups.

Configuring Advanced Share Permissions

This section explains how to configure advanced share permissions in Windows 2008.

Configuring Share Permissions

  • Open the advanced sharing properties of a shared folder.
  • Add or remove user/group names as needed.
  • Specify permission levels such as Full Control, Change, or Read.

Relationship Between Share Permissions and Security Permissions

This section highlights the relationship between share permissions and security permissions in Windows 2008.

Relationship Between Permissions

  • When granting control total permission in share permissions, it automatically adds full control permission in security permissions for identified users.
  • Windows 2008 simplifies the process by automatically adding security permissions based on share permissions.

The transcript provided is a partial transcript and may not cover all the content of the video.

Advanced Sharing and Security Permissions

In this section, the speaker discusses advanced sharing and security permissions. They explain that when configuring permissions for shared folders on a network, both the sharing and security permissions need to be taken into account. The most restrictive permission between the two will prevail.

Understanding Cumulative Security Permissions

  • When setting up permissions for shared folders, it is important to understand that security permissions are cumulative.
  • For example, if a user belongs to multiple groups with different permissions, they will have all the accumulated permissions from those groups.

Explicit Deny Overrides Other Permissions

  • An explicit deny permission overrides other permissions.
  • If a user or group is explicitly denied access to a folder, they will not be able to perform any actions on that folder, regardless of other granted permissions.

Implicit Deny through Delegation

  • Users or groups that are not listed in the permission settings implicitly have no access to the folder.
  • This means that if a user or group is not included in the list of permitted users, they will be implicitly denied access.

Explaining Explicit Deny Permissions

In this section, the speaker explains what explicit deny permissions mean and how they can be used.

Explicit Deny Overrides Other Permissions

  • Explicit deny means specifically denying access to a user or group.
  • It takes precedence over any other granted permission.
  • It is recommended to use explicit deny sparingly as implicit denial is usually sufficient.

Using Allow and Deny Checkboxes

  • When managing permissions, there are two columns - one for allowing and one for denying.
  • By default, users need an additional click on "Edit" to modify these checkboxes.
  • To explicitly deny access to a user or group, simply uncheck the corresponding checkbox in either the allow or deny column.

When to Use Explicit Deny

  • Explicit deny is useful when you want to ensure that a user does not have access to a folder, regardless of their group memberships.
  • In such cases, you can add the user explicitly and check the deny checkbox for specific permissions.

Understanding Advanced Permission Settings

This section covers advanced permission settings and how they can be used to fine-tune access control.

Standard Permission Tab

  • The standard permission tab displays common permissions such as Full Control, Modify, Read & Execute, List Folder Contents, Read, Write, and Special Permissions.

Intermediate Permission Tab

  • The intermediate permission tab provides more options than the standard tab.
  • It allows specifying whether permissions apply only to folders or files or both.
  • It also includes options for allowing or denying permissions for specific users or groups.

Advanced Permission Tab

  • The advanced permission tab offers even more granular control over permissions.
  • It allows selecting the type of user (e.g., individual user or group), specifying which objects the permissions apply to (e.g., this folder only, subfolders and files), and defining specific permissions for each selected user/group.

Configuring Shared Folder Permissions

In this section, the speaker demonstrates how to configure shared folder permissions using real-world examples.

Sharing Options

  • To configure shared folder permissions, right-click on the folder and select "Properties."
  • Go to the "Sharing" tab and click on "Advanced Sharing."
  • Change the default group from "Everyone" to "Authenticated Users."

Adding Permissions

  • Click on "Add" and add desired users or groups.
  • For authenticated users, grant full control in sharing permissions.
  • Fine-tune security permissions by adjusting settings in the "Security" tab.

Applying Permissions

  • Apply the changes and ensure that the shared folder is visible on the network with the appropriate permissions.

The transcript provided does not cover the entire video, and these notes are based solely on the given content.

Modifying Permissions and Inheritance

The speaker explains how to modify permissions and disable inheritance in order to have more control over user access.

Disabling Inheritance and Modifying Permissions

  • To modify permissions, first, it is necessary to disable inheritance by going to "Advanced Options" > "Standard Permissions" > "Advanced" > "Change Permissions".
  • After disabling inheritance, choose whether to add or remove permissions.
  • If removing permissions, all inherited permissions will be removed and the folder will start with no permissions.
  • To add permissions, grant access to specific users or groups.

Checking Effective Permissions

  • To check the effective permissions of a user, right-click on the folder > "Properties" > "Security" > "Advanced" > "Effective Permissions".
  • This tool shows all the resulting permissions for a specific user at that moment.

Understanding Different NTFS Permissions

The speaker demonstrates different NTFS (New Technology File System) permissions and their effects on user access.

Testing Read-only Permission

  • Setting the permission to read-only allows users to only view the content but not make any changes.
  • Users can open files within the folder but cannot create new files or modify existing ones.

Testing Modify Permission

  • Granting modify permission allows users to read, write, execute applications within the folder.
  • Users can create new files, rename them, and delete them as well.

Maximum Permission: Full Control

  • Full control permission grants users complete control over NTFS settings.
  • Administrators typically have full control permission while regular users should not be given this level of access.

Disconnecting Network Drives and Hiding Folders

The speaker explains how to disconnect network drives and hide folders for specific purposes.

Disconnecting Network Drives

  • To disconnect a network drive, right-click on it and select "Disconnect".
  • Useful when a folder is no longer needed to be accessed over the network.

Hiding Folders on the Network

  • Sometimes it is necessary to hide folders on the network, either by assigning different names or limiting access.
  • Administrators or support technicians often create hidden shared folders to install drivers for multiple computers.

Summary and Conclusion

The speaker concludes by summarizing the different permissions and their effects on user access.

Summary of Permissions

  • Read-only permission allows users to view but not modify files.
  • Modify permission grants users read, write, execute, rename, and delete capabilities.
  • Full control permission provides complete control over NTFS settings.

Importance of Admin Control

  • Administrators should have full control permission while regular users should only be granted necessary permissions.
  • Users should not have the ability to modify NTFS settings or assign permissions to others.

Timestamps are approximate and may vary slightly.

How to Hide and Share Folders

In this section, the speaker explains how to hide and share folders in a network.

Hiding a Shared Folder

  • To hide a shared folder, add the dollar sign symbol ($) at the end of its name.
  • When changing the name of a shared folder, it stops being shared and needs to be shared again.

Searching for Hidden Folders

  • Even if a hidden folder is still on the network, it cannot be found by searching for it using wildcard characters like asterisk (*) or dollar sign ($).
  • Trying to access a hidden folder through the network path will also not reveal it.

Accessing Hidden Folders as an Administrator

  • As an administrator, you can access hidden folders by knowing their exact names and locations.
  • By entering the correct name of a hidden folder in the search bar or network path, an administrator can access it.

Assigning Multiple Names to Shared Folders

  • It is possible to assign different names to shared folders without creating multiple copies.
  • By adding additional names in the sharing properties of a shared folder, different names can be used to access it.

Modifying NTFS Permissions

This section covers modifying NTFS permissions for folders and files.

Inheriting Permissions from Parent Folder

  • NTFS permissions are inheritable by default. Subfolders and files within a parent folder will have the same permissions unless modified.
  • Administrators often design folder structures with intentional inheritance so that all subfolders inherit permissions from their parent.

Blocking Permission Inheritance

  • Permission inheritance can be blocked for specific subfolders or files.
  • By accessing advanced options in security properties, permission inheritance can be disabled.

Adding Custom Permissions

  • When blocking permission inheritance, custom permissions can be added for specific subfolders or files.
  • Existing inherited permissions can be removed and replaced with new ones.

Modifying Permissions for Files

  • Similar to folders, NTFS permissions can also be modified for individual files.
  • Creating a new file will inherit the same permissions as its parent folder.

Accessing Shared Folders from Administrative Tools

This section explains how to access shared folders using administrative tools.

Using Administrative Tools

  • Administrative tools provide access to shared folders and resources.
  • These tools display shared folders with the dollar sign symbol ($) indicating administrative use.

Accessing Shared Folders from Another Console

  • By navigating to "Administrative Tools" and selecting "Computer Management," shared folders can be accessed from another console.

Creating a New Shared Folder

The transcript discusses the process of creating a new shared folder using an assistant in the folder path.

Creating a New Shared Folder

  • To create a new shared folder, use an assistant in the folder path.
  • Specify that the shared folder will have zero permissions.
  • Create a new folder with the name "finanzas".
  • Press Enter, then click Accept and Next.
  • In the next window, specify the name of the shared resource, its path or network connection (NC), and choose the desired permissions.
  • By default, all users have read-only access, but it is possible to customize permissions or grant full access to selected users.
  • Click Finish to complete the process.

Accessing Shared Folders in Windows XP vs. Windows 7

This section explains how accessing shared folders remotely from one computer to another differs between Windows XP and Windows 7.

Accessing Shared Folders in Windows XP vs. Windows 7

  • In Windows XP workgroups, accessing shared folders remotely was done using the dollar sign symbol ($).
  • However, this method no longer works in Windows 7 and Vista due to security considerations.
  • It is important to note that this method still works in domains when using Windows 7 computers.
  • To access a server's data from a Windows 7 computer, enter the server's path followed by the dollar sign symbol ($).

Considerations for Managing Shared Folders

This section provides important considerations for managing shared folders.

Considerations for Managing Shared Folders

  • When managing shared folders, keep in mind that renaming a shared folder requires it to be reshared.
  • When copying a shared folder, the original folder remains shared, and the copied folder inherits the permissions of the destination folder.
  • Moving a shared folder will cause it to no longer be shared.
  • When copying files and folders within the same partition, NTFS permissions are maintained.
  • However, if the destination partition inherits permissions from a folder, ensure that necessary permissions are set to avoid network risks and ensure proper functionality.

The remaining part of the transcript does not contain any relevant information for note-taking purposes.

Video description

Permisos Compartir y Seguridad NTFS