Join Timothy Pintello for an in-depth discussion in this video Introduction to permissions, part of Windows Server 2012: Configure Basic Microsoft Services.
- The next topic of discussion is permissions. Permissions are privileges given to system objects. System objects can be things like users, groups or even computers. Permissions enable objects to carry out specific tasks such as printing or sharing or something like that. Permissions also enable objects to access specific resources such as specific folders or specific printers or even specific groups.
Finally, permissions grant objects different levels of access. Depending on what the object is and who the user is accessing it, you will want to give them a higher or lower level of access. Permissions is the way to do that. Permissions come in two types. There are share permissions, these control access to folders over the network but only folders. They do not control access to files in the folders. In order to access a specific folder on the network the user has to have appropriate share permissions to access that folder.
Share permissions can be used by FAT16 and FAT32 file systems. They can also be used by NTFS file systems but we prefer to use NTFS permissions for NTFS file systems. NTFS permissions are the next type of permissions. For a computer to use NTFS permissions they have to have a NTFS file system running on the computer. This means the computer has to be some derivative of Windows NT, whether it's Windows XP, Windows 8, Server 2003, Server 2012, something of that nature.
Again, just like with share permissions, for a user to access an object, be it a folder or a file, they must have the appropriate NTFS permissions for that access. Share permissions are usually used on small networks running FAT16 or FAT32 file systems. Also they are used on networks where older Windows 98 or Windows 95 systems might have to access the files. On larger networks, generally we do not use share permissions but instead use NTFS permissions.
In fact, many network administrators don't even use share permissions at all, they just bypass them in favor of NTFS permissions. While many administrators choose not to use share permissions, share permissions can be used in conjunction with NTFS permissions. When NTFS and shared permissions are used separately, the least restrictive permission applies. So in other words, if you have a folder that has read permissions for one user and that user has read and write permissions from another group that he's part of then the user will end up getting both read and write permissions to that folder.
However, when NTFS permissions and shared permissions are used together, the most restrictive permissions apply. In the situation we just discussed, where a user gets read permissions from one group and read and write permissions from another group, in the situation of using the permissions together, that user will only get the read permissions, he will not get the write permissions. Permissions can be granted when a folder is created or they can be modified at a later date. One thing you need to be careful of when you're using permissions together is that you don't get conflicts because if the permissions are not handled carefully you'll end up getting a conflict where a user who does need write and read permissions is only getting the read permissions.
The way permissions work is they give each object a specific access control list. This access control list contains something called access control entries. Now the access control entries are basically a specific line for each user on an object or each group on an object. Each object with access to the file folder has an access control entry. The access control list will check the access control entry to determine if access is allowed or not allowed to a particular object that is being protected by permissions.
The access control list checks the access control entry to determine the total permissions of the object. We use a Property Sheet to control what the permissions can do. Share permissions are found on the Share tab. The Property Sheet of a file or folder is found when you right click that file or folder and click on the Properties option below that. The dialog box that comes up is called the Property Sheet. On that Property Sheet are multiple tabs.
The share permissions are found on the Share tab and the NTFS permissions are found on the Security tab. The good thing about permissions is they all work basically the same, they all have basically the same interface. The difference is, depending on if it's a shared or NTFS permission, it will depend on what permissions are available and whether you can apply those permissions to a file or just a folder. The Server Manager provides access to both types of permissions also. This is done in the shared screen we saw earlier.
- Enabling network discovery and file and print sharing
- Sharing a folder
- Adding filer server roles
- Using the Server Manager wizard
- Setting up share and NTFS permissions
- Understanding effective rights and inheritance
- Applying shadow volume copies and NTFS quotas
- Installing and sharing printers
- Configuring remote server management