Join Lisa Bock for an in-depth discussion in this video Exploring NTFS, file, share, and registry security, part of Foundations of IT Security: Operating System Security.
- The file system itself can provide an additional level of security. Modern Windows operating systems use the New Technology File System. Prior to that, the File Allocation Table, or FAT, was used. FAT is a simple Windows file system and is a table that exists at the very top of the volume. FAT has serious limitations in providing security. FAT only support read-only, hidden, system, and archive file attributes and not the wide-variety of permissions that are available in New Technology File System.
The New Technology File System is what is used in today's Windows operating systems. New Technology File System has advanced ability to secure the file system by granting or denying various permissions. That allows control over which users and groups can gain access to files and folders stored on a New Technology File System volume. With New Technology File System, user defined attributes can be added to a file. And, for accountability, the New Technology File System adds a timestamp, indicating when the file was last accessed.
New Technology File System Permissions define the type of access granted such as Full Control, Modify, List Folder Contents, Read and Write and which can be applied to folder and files and active directory objects. Only drives formatted as New Technology File Systems will have the Permissions tab. The ability to assign a Permission is a powerful security mechanism. However, it can be difficult to sort out a Permission problem, so you should be familiar with the various Permissions and how they're enforced.
One concept is that of Inheritance. Inheritance means that Permissions will propagate from the Parent to the Child. Inheritance is used in the file system in act of directory permissions. However, it does not apply to shared permissions. The types of permissions in New Technology File Systems are explicit permission, this is directly applied to the file or folder; inherited, permissions that are granted to a folder extended to child objects, such as subfolders or files within the parent folder; and effective permissions consist of explicit and any inherited permissions.
The Registry in a Windows operating system stores configuration settings for the file system, along with other objects and everything else on the computer. Sometimes when you want to move or copy a folder or file, you'll maybe want to preserve the original permissions. The administrator can modify the registry to hold that, and that can be done through the registry. The New Technology File System Permissions are based on the permissions granted to each individual user.
This is at the Windows log in regardless, as if they're on the local machine or accessing the resource over the network via a shared folder. A drive or folder can be shared and clients can have access by using the universal naming convention, which is the server name and then the sharename. The New Technology File System and Share Permissions are as follows. The New Technology File System Permissions include Full Control, Change, Read and Execute, List Folder Contents, Read, Write, and Special Permissions.
The Share Permissions are Full Control, Change, Read, and No Access. Now, these permissions are used according to how the resource is accessed. Share permissions are if accessed through the network, and New Technology File System Permissions are effective all the time. Keep in mind, the most restrictive permission will be enforced, meaning if No Access permission is set on a New Technology File System, and Full Control is set on the Share, an access level of No Access will result.
In the Microsoft operating system, several Hidden Administrative Shares are automatically created and indicated by a $ at the end of the share name. Permissions on Hidden Administrative Shares cannot be modified. Now we'll take a look at a folder and take a look at the permissions. I'm in Windows 7 operating system, and I have a folder called, "Secret." I'm going to right-click and take a look at the properties. Here it tells me the properties of this folder.
I'll go to Security tab and down below you'll see Advanced. Now first of all, within that Security, you'll see the different groups and user names that are accessing this folder. Now I'm going to go to Advanced, and at this point, you can see the permissions. Now I'm going to focus in on Sherlock Holmes. Now Sherlock Holmes is a user in the system, and you can see now his permission is list folder and read data.
I'm going to go to Effective Permissions. And here I can say, let's take a look at the group or user name and I'm going to select Sherlock Holmes. And now you can see Sherlock Holmes is able to list folder and read the data only. So the New Technology File System allows us a powerful ally in providing granular control over access on our folders and files.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Creating strong passwords
- Understanding biometric security
- Adjusting permission behavior
- Enabling auditing
- OS hardening
- Using the Microsoft Baseline Security Analyzer
- Protecting email