PC Help Jansant - Windows 2000 Permissions Guide
Main Menu
Home Page
Computer Guides
Computer Dictionary
Network Setup
Tips and Tricks
Internet Guide
Freeware/Shareware
PC Upgrade Guide
PC Maintenance
Support Forum
HTML Guide
Windows 2000 NTFS Permissions and Share Permissions
A popular question
Can win98 user access the ntfs shared folder in the network?
Yes.
For the user, create a user account
with the same username and password (as on win98) on the computer NTFS
shared folder resides.
Windows 2000 using NTFS as opposed to the FAT filing system offers great
security, allowing great control over the access to files and folders
on the local machine. A user with administrator privileges can apply a
wide range of permissions to files and folders. Local NTFS permissions
are applied to files and folders for users or groups on the local machine.
Windows 2000 also allows a great degree of control over the access of
a shared folder or file, even on a peer-to-peer network. Share Permissions
are applied to users or members of groups who connect to your computer
from the network. It's important to note that NTFS Permissions are only
available if your file system is NTFS, these permissions will not be available
if your using the FAT file system. The only time you should use FAT instead
of NTFS is if your dual booting your PC with Win95/98/ME, and you wish
to access files on the win2000 partition while your using Win95/98/ME.
Win95/98/ME can not read NTFS partitions on the local computer. Windows
95/98/ME can access shared files across the network which are on a computer
using NTFS.
When applying local NTFS Permissions and Share Permissions, it is the
accumulation of all permissions that will apply. The only exception to
this is the Deny permission. Deny always overrides other permissions.
If a user has NTFS Permission Full Control on a file and is a member of
a group that has the NTFS Permission Deny, the user will not be able to
access the file. If a user has the NTFS Permission Read for a file and
is a member of a group that has the NTFS Permission Full Control on that
file, the Full Control permission will be applied. Local NTFS Permissions
apply to users or groups on the local machine, Share Permissions apply
to users or groups accessing resources from another computer on the network.
If a Share Permission and a Local NTFS Permission are present on the same
resource, the user gets the most restrictive permission applied. A user
has the Share Permission Full Control over a shared folder, the same user
has NTFS Permission Modify on a file within this shared folder. The user
will have the most restrictive of the two permissions Modify on that file.
Share permissions have no local significance, unlike NTFS permissions
which always apply. Although Share permissions and Local NTFS permissions
are different, they do impact on each other in some cases. Confused? Just
think about the permissions before you apply them and the possible implications
in different situations.
To change permissions on a file or folder you must be the owner of the
file or have been granted permission to do so by the owner.
Adding Users and Groups in Windows 2000
You must have administrator privileges to add users and groups. To add
users to your computer open the "Control Panel", double left
click "Administrative tools", double left click "Computer
Management", in the left pane select "Local Users and Groups",
and double left click either "Users" or "Groups" in
the right pane. Right click a clear part of the right pane and select
"New User" or "New Group".
Adding users to a group in Windows 2000
To add a user to a group right click the user and select "Properties",
select the "Member Of" tab, left click the "Add" button
and select the group you wish this user to be a member of.
Administrator account
Its a good idea to change the name of your administrator account, hackers know all about these accounts. By changing the name of the account not only does a hacker have to crack your password but they must also guess the name of the administrator account.
Windows 2000 Local NTFS Permissions
NTFS Permission Management
You can access the Local NTFS Permissions by right clicking the file,
or folder, and selecting "Properties", then selecting the "Security
Tab".
Notice at the bottom of the properties sheet on the "Security tab"
you can choose to allow permissions from the parent object to apply also
to this folder or file. In most cases you will untick this unless you
want the same permissions applied to upper directories to apply to this
item also.
The default permission applied is Everyone, I recommend you change this
permission on your data directories and files to suit your security needs.
Be careful changing NTFS Permissions on the top directory of the system
drive, system files or folders, and program files. File and folder permissions
are slightly different.
For a description of
the Local NTFS permissions and their effect view this page.
Local NTFS permissions are actually a group of special permissions that
have been predefined, you can change these to suit your own needs by clicking
the "Advanced" button near the bottom left of the "Security"
tab. In the Access Control Settings dialog box highlight the user you
wish to further control and select View/Edit.
Windows 2000 Share Permissions
Share Permission Management
Although many will refer to this as fileshare, your actually sharing the
contents of a folder. Windows 2000 Share Permissions can be set in two
places. Firstly by right clicking the folder, select "Properties",
select the "Sharing" tab, and right click the "Permissions"
button.
Note: For a win98/95/ME user to access the contents of a shared folder,
they must have an account on both the win2000 computer that is sharing
the resource, and also on the win98/95/me computer from which they wish
to access the resource. The accounts must have the same user name and
password on both machines.
Secondly you can access the Share Permissions of a folder by opening the
"Control Panel", double left click "Administrative Tools",
double left click "Computer Management", select "Shared
Folders" from the left pane, and double left click "Share"
in the right pane. Right click the share you wish to set the permissions
on and select "Properties", select "Share Permissions"
tab. The Local NTFS permissions are also made available here on the "Security
tab". You can also add new shares here, right click a clear area
in the right pane and select "New File Share", browse for the
folder you wish to share. Notice that all your local hard drives are listed
here (including the system directory), for example C$. These are administrative
shares and are hidden, they are not shown in "My Network Places"
or the browsing service of other computers, leave these as they are. If
you want to create a share that does not appear in "My Network Places"
or the browsing service on computers connecting to your machine, you can
hide it by adding a $ to the end of the share name. You can connect to
hidden shares across the network if you know the UNC (universal naming
convention) path and have adequate permissions on that share. A UNC is
expressed as \\computername\sharename.
For a more
in-depth look at Share Permissions read this page.
Fileshare Computer management Windows 2000
Caching
Windows 2000 allows you to make shared files available off-line. This
is a very handy feature, it allows the user to work on files even when
the shared folder is not available on the network. It also allows a user
to work on files on a laptop when they're not connected to the network.
Further more it also speeds up access to the file in normal conditions
because the file the user works on is kept in a cache on their local machine,
also causing less drain on network bandwidth. To enable caching go to
the properties of the share either by right clicking it in Windows Explorer
and selecting "Properties" and selecting the "Sharing"
tab, or using "Computer Management" right click the share, select
"Properties", select "General" tab and click "Caching".
You have 3 options, Manual Caching for Documents, Automatic Caching for
Documents, and Automatic Caching for Programs. By selecting each one a
full description is given in the "Caching Settings" dialog box.
Caching Settings make files available offline
Web-Site Administrators Local Time
Mozy
Online Backup. 2GB Free or $4.95/mo for Unlimited Backup. It's simple,
automatic and secure!
feedback - terms of use - contact - sitemap - advertise - webmasters
©PC Help Jansant