Windows Server 2003 The Advanced Option Folder Security

  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |

The Advanced Option (Folder Security): NOTE: Typically the Allow permission will always be overridden by the Deny permission unless the folder or file inherits conflicting settings from different parents. When this occurs, the setting inherited from the parent closest to the object in the subtree will have priority. In cases where you want to prevent only certain files or subfolders from inheriting permissions you can use the following steps to stop the rights from being applied to the folders or files. Just right-click on the folder or file and click the Properties button | Click Security then choose the Advanced option. If you are unable to make changes to the boxes because they are shaded this means that the folder or file already has inherited permissions from the parent folder. Inherited permissions on folders or files can be changed in three various ways:

1. If you change the parent folder then the child folder will inherit the permissions.
2. Take the check mark out of the Inherit from parent the permission entries that apply to child objects.
3. Override the inherited permissions by choosing either Allow or Deny.

Clear the button that reads Inherit from parent the permission entries that applies to the child objects. Include these with entries explicitly defined here option. A dialog box will appear and explain to you that once you have selected this option for this particular file or folder, none of the parent permission entries applied will be applied to this file or folder. If you are certain that you want to prevent this folder or file from inheriting permissions from the parent, click the Remove option. 

Removing the Parent Permission entries from a child object.After the Remove option has been selected, the file or folder will not inherit permissions from the parent folder. The following screen will appear.Permissions that have been removed from a file or folder. After this screen has appeared and you select the Apply button, another dialog box will appear that makes you confirm that this is REALLY what you want to do This is to prevent accidental removal of permissions from files and folders.

Removing permissions from a file or folder:
Click Yes to remove the permissions from the folder or file. In this example, we removed all permissions from the folder named TestFolder so that the owner is the only user who can access the folder. To reapply the permissions that had previously been removed from the file or folder, just right-click the file or folder, then click the Advanced option. In the Permissions tab, select the checkbox Allow

inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here option. Then choose Apply. The permissions from the parent folder will reappear in the dialog box. After selecting Apply, click the OK button. Security descriptors are used by Active Directory to store access controls permissions. These security descriptors are made up of two access control lists: the System access control list (SACLS) which is

used to identify the groups and users that can be audited for object access, and the Discretionary access control list (DACLS) which is used to identify users and groups that try to access an object and are denied access. To view this information, open Active Directory Users and Computers, click on the View menu, then select Advanced Features option. The Security tab will display this information.

Shared Folders: If you have forgotten which folders are being shared on a server or computer you can easily view the folders by using the Shared Folders console. This does not show you all folders on the computer, but it will help you out if you need information on shared folders. NOTE: Share Permissions do not apply to terminal service clients or users who log on locally. The NTFS file system or access control should be used to set share permissions instead.

To access this console, you will need to add the Shared Folders snap-in to an MMC console. If you need to refresh your memory on how to do this, we covered these steps in the section entitled "Sharing Folders using Shared Folder Console" . A screen will appear allowing you to select a Computer you wish to view shared folders.

Viewing the Shared Folder Management Console: Once the computer has been chosen, just click the Finish option and Close then select OK. The console will open and show the shared folder information. Viewing Shared Folders using the Shared Folders console.
The folder with the blue-sleeved arm under it lets me know that this folder is on my local computer and is being shared. To view the settings and permissions on the folders just go to the folder in Windows Explorer and right-click it. From the shortcut menu, select Properties. NOTE: Some folders are shared by default and it is not advisable to change the share permissions on folders without knowing in advance what repercussions the change will cause to the system. 

Auditing Folders and Files:Files and folders may be audited by Network Administrators to enhance and secure network information. This is a great option to implement when you need to make certain documents and folders (let's say,Human Resource information stored in a folder on the network) remain secure. Group Policy can be used to audit files and folders. As well, auditing can be set up on files and folders by manually right-clicking the file or folder and selecting Advanced from the menu. The Auditing tab is shown

Auditing Files and Folders: Before you turn auditing on for a domain or OU, you need to make sure you have your Security Logs settings in the Event Viewer set up properly. Security Logs fill up amazingly fast, even on a small network,so make sure you have them set to grow to a reasonable size.To access the Security Logs click on Start select Administrative Tools and choose Event Viewer. Select the Security Log from the list.

Jada Brock-Soldavini is author of book InsideScoop to Windows Server 2003 Certification Examination 70-290 Managing and Maintaining a Microsoft Windows ServerTM 2003 Environment. Jada works for the State of Georgia as a Network Services Administrator. She has co-authored or contributed to other numerous works pertaining to Microsoft Windows technologies. In her spare time she enjoys cooking, writing and reading anything that pertains to Network and Security technology. To buy my book, please visit www.totalrecallpress.com.

Article Rating (1 stars):
  • article full star
  • article no star
  • article no star
  • article no star
  • article no star
Rate this Article:
  • Article Word Count: 959
  • |
  • Total Views: 4490
  • |
  • permalink
  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |
>