William Stanek - Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant
Здесь есть возможность читать онлайн «William Stanek - Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant» весь текст электронной книги совершенно бесплатно (целиком полную версию без сокращений). В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: ОС и Сети, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.
- Название:Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant
- Автор:
- Жанр:
- Год:неизвестен
- ISBN:нет данных
- Рейтинг книги:3 / 5. Голосов: 1
-
Избранное:Добавить в избранное
- Отзывы:
-
Ваша оценка:
Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant: краткое содержание, описание и аннотация
Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.
Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant — читать онлайн бесплатно полную книгу (весь текст) целиком
Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.
Интервал:
Закладка:
■Using, configuring, and managing Resource Manager disk quotas
Data is the heart of any enterprise and few aspects of administration are more important than ensuring that data is protected. Although file and folder permissions protect important resources by restricting access, protecting enterprise data isn’t just about file and folder permissions. To secure enterprise data appropriately, you need a firm understanding of object management, ownership, inheritance, and auditing. To help ensure that enterprise data is manageable, you also need to know how to implement quotas that restrict the amount of data that can be stored on servers.
Object management, ownership, and inheritance
Windows Server 2012 R2 takes an object-based approach to describing resources and managing permissions. Objects that describe resources are defined on NTFS volumes and in Active Directory Domain Services (AD DS). With NTFS volumes, you can set permissions for files and folders. With Active Directory, you can set permissions for other types of objects, such as users, computers, and groups. You can use these permissions to control access with precision.
Objects and object managers
Whether defined on an NTFS volume or in Active Directory, each type of object has an object manager and primary management tools. The object manager controls object settings and permissions. The primary management tools are the tools of choice for working with the object. Objects, their managers, and management tools are summarized in Table 4–1.
TABLE 4–1Windows Server 2012 R2 objects
| OBJECT TYPE | OBJECT MANAGER | MANAGEMENT TOOL |
|---|---|---|
| Files and folders | NTFS | File Explorer |
| Printers | Print spooler | Printers in Control Panel |
| Registry keys | Windows registry | Registry Editor |
| Services | Service controllers | Security Configuration Tool Set |
| Shares | Server service | File Explorer, Computer Management, Share And Storage Management |
Object ownership and transfer
It’s important to understand the concept of object ownership. In Windows Server 2012 R2, the object owner isn’t necessarily the object’s creator; instead, the object owner is the person who has direct control over the object. Object owners can grant access permissions and give other users permission to take ownership of the object.
As an administrator, you can take ownership of objects on the network to ensure that you can’t be locked out of files, folders, printers, and other resources. After you take ownership of files, however, you can’t return ownership to the original owner (in most cases). This prevents administrators from accessing files and then trying to hide the fact.
The way ownership is assigned initially depends on the location of the resource being created. In most cases, the Administrators group is listed as the current owner, and the object’s actual creator is listed as a person who can take ownership.
Ownership can be transferred in several ways:
■If the Administrators group is initially assigned as the owner, the creator of the object can take ownership, if she does this before someone else takes ownership.
■The current owner can grant the Take Ownership permission to other users, allowing those users to take ownership of the object.
■An administrator can take ownership of an object, if the object is under his administrative control.
To take ownership of an object, follow these steps:
1.Open the management tool for the object. For example, if you want to work with files and folders, start File Explorer.
2.Press and hold or right-click the object you want to take ownership of, and then tap or click Properties. In the Properties dialog box, tap or click the Security tab.
3.On the Security tab, tap or click Advanced to display the Advanced Security Settings dialog box where the current owner is listed under the file or folder name.
4.Tap or click Change. Use the options in the Select User, Computer, Service Account, Or Group dialog box to select the new owner.
5.Tap or click OK twice when you have finished.
TIP If you’re taking ownership of a folder, you can take ownership of all subfolders and files within the folder by selecting the Replace Owner On Subcontainers And Objects check box. This option also works with objects that contain other objects, in which case you would take ownership of all child objects.
Object inheritance
Objects are defined by using a parent-child structure. A parent object is a top-level object, and a child object is an object defined below a parent object in the hierarchy. For example, the folder C: \ is the parent of the folders C: \Data and C: \Backups. Any subfolders created in C: \Data or C: \Backups are children of these folders and grandchildren of C: \.
Child objects can inherit permissions from parent objects; in fact, all Windows Server 2012 R2 objects are created with inheritance enabled by default. This means that child objects automatically inherit the permissions of the parent; therefore, the parent object permissions control access to the child object. If you want to change permissions on a child object, you must do one of the following:
■Edit the permissions of the parent object.
■Stop inheriting permissions from the parent object, and then assign permissions to the child object.
■Select the opposite permission to override the inherited permission. For example, if the parent allows the permission, you would deny it on the child object.
To stop inheriting permissions from a parent object, follow these steps:
1.Open the management tool for the object. For example, if you want to work with files and folders, start File Explorer.
2.Press and hold or right-click the object with which you want to work, and then tap or click Properties. In the Properties dialog box, tap or click the Security tab.
3.Tap or click Advanced to display the Advanced Security Settings dialog box.
4.On the Permissions tab, tap or click Change Permissions to display an editable version of the Permissions tab.
5.On the Permissions tab, you’ll see a Disable Inheritance button if inheritance currently is enabled. Tap or click Disable Inheritance.
6.You can now either convert the inherited permissions to explicit permissions or remove all inherited permissions and apply only the permissions that you explicitly set on the folder or file.
Keep in mind that if you remove the inherited permissions and no other permissions are assigned, everyone but the owner of the resource is denied access. This effectively locks out everyone except the owner of a folder or file; however, administrators still have the right to take ownership of the resource regardless of the permissions. Thus, if an administrator is locked out of a file or a folder and truly needs access, she can take ownership and then have unrestricted access.
To start inheriting permissions from a parent object, follow these steps:
1.Open the management tool for the object. For example, if you want to work
Читать дальшеИнтервал:
Закладка:
Похожие книги на «Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant»
Представляем Вашему вниманию похожие книги на «Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.
Обсуждение, отзывы о книге «Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.