Chapter 5 - Config, Managing and Troubleshooting
Managing Folder and File Security
• After creating accoutns and groups for sharing resources you must
create Access control Lists (ACLs) to secure these objects then set
them up for sharing.
• Discretionary ACL (DACL) - an ACL that is config by a server
administrator or owner of an object. ex. admin will set up folder about
policies and HR director can own it and share it to HR.
• System control (SACL) - contains info used to audit the access to an
object. ex. softdrink company has secret recipe contained in SACL.
company can monitor who views files contents and add restrictions to
Configuring Folder and File Attributes
• Use of attributes is retained in the NT file system (NTSF) from its
predecessor File Allocation Table (FAT). They are stored as header info
with each folder and file along with other characteristics like volume
label, subfolder, date and time of creation.
o Read-only - folder can't be deleted.
o Hidden Folders
Advanced Features in folder options
• Archive attribute - folder/file needs to be backed up bc it is new or changed.
The backup system ensures each file is saved following the same folder or
subfolder scheme as on the server.
• Index Attribute vs. Windows Search Service - legacy features. Index
attribute is used to index the folder and file contents so that files name, text,
creation or mod date, author and other prop can be quickly searched in
win2k8. The indexing service creates a catalog of docs to be tracked and
• Compress Attribute - a folder and its contents can be stored on disk in
• Encrypt Attribute - NTSF encrypt attribute protects folders and files so that
only the user who encrypts the folder or file is able to read it by using
Encrypting File System (EFS) which uses:
o Symmetric encryption: uses single key to encrypt the file or folder
o Asymmetric encryption: two encryption keys are used to protect the
key for encrypting the file or folder and is connected to a user account.
o *note: you can decrypt by using cipher /? in cmd)
• Configuring Folder and File Permissions - controls access to an object,
such as a file or folder.
Permission Description Applies to
Full Control Do ALL below Folders and Files read, add delete, execute and
modify files: cannot delete
subfolders and their file
contents, change permissions,
Modify and execute files Folders and Files
imples the capabilities of both
list folder contents and read
(traverse folders, view file
contents, view attributes and
Read and Execute permissions and execute files) Folders and Files
Can list (traverse) files in the
folder or switch to a subfolder,
view folder attributes and
permissions, and execute files
List Folder Content but cannot view file contents Folders only
view file contents, view folder
attributes and permissions, but
cannot traverse folders or
Read execute files Folders and Files
can create files, write data to
files, append data to files, create
folders, delete folders (but not
subfolders), and modify folder
Write and file attributes Folders and Files
see p. 192 for special permissions
• Configuring Folder and File Auditing - enables you to track activity
on a folder or file such as read or write activity
• Configuring and File Ownership - first owned by the account that
creates them, such as an admin account. Ownership can be transferred
by the 'take ownership' special permission or full control permission.
Configuring Shared Folders and Shared Folder