98-349 Microsoft Windows Operating System Fundamentals – Files and Permissions
- Overview of file systems
We are going to start the most interesting section of my course. Well, at least in my opinion, it is all about file systems, permissions and shares. Every time we think about a network and a Windows operating system, we think about files and shares. Things that we want to of course keep on our devices. And if you decide to get a job in it one day, maybe you’re working in it at the moment.
This is going to be your main task every day users will ask you to do something when it comes to share permissions, homegroup settings, bitloca, EFS, libraries, network locations, mapping drives and so on. Everything that you can see in this section is something that you will do every day if you find the job. For instance, as a Wendell engineer, you can say well, this is not my goal. I think we were talking about operating systems.
So what do you want from me? Well, every time you think about this section, you can have two laptops with Windows Ten and then, yes, you can share a file, you can copy a folder from one place to another and so on. You can configure libraries, create a map drive as well. So yes, even at home you can take advantage of all these things.
We’ll start with Fire systems and talk a little more about Fat 32, NDFs and the next generation Fire system. When you think about Fire systems, one of the oldest one is Fad 32. It was introduced many years ago and we don’t really use it anymore. It is all about NTFS today, which is much better than 532. For instance, the maximum file name is 255 characters. In 532 it was like eight characters. I think the main advantage for NTFS is that the maximum file size is 16 terabytes. In Fat 32 it was 4GB, only it was not enough to create, let’s say, an image of Windows Ten. What’s more, NTFS supports encryption, EFS, allows you to provide security compression and so on.
It is much better. And this is what we’re going to focus on when it comes to shared permissions and effective permissions and so on. This is what you’re going to do every day as well, if you want to configure all these things. When it comes to resilient file system, refs the main uses in large file sharing scenarios, you have storage spaces and you want to take advantage of things that you can keep over there. It is not designed to replace NTFS. It is a bit different when it comes to places where you to use this new system. When it comes to Windows Ten and the home laptop, we want to use NTFS and this is what we are going to do. In our next lecture, we’ll focus on NTFS, show you how you can create a folder, share a folder, create a map drive and so on.
- File Permissions
Yes, we know enough about file systems and what we can do now you all go. I want to connect a virtual machine and configure something. Here we go. The main thing we want to do over here is configure Share permissions. The idea for this exercise is that we have more than one device at home. We want to copy a file from PC One to PC Two.
Of course, we could just connect a USB drive and move it over. That’s fair enough. We want to take advantage of all features in Windows Ten, and we want to share a file. I’ll show you a few tricks and things that will make your life easier. And again, you can take advantage of this solution if you’re at home as well, because you can copy a file from one, let’s say, device to another. When we go to this PC, we want to create a new folder. This is the first thing I want to start. So we right click Go for new. And here we’ll create a new test folder. So we call it test. When I right click on it, I go for properties. And over here I can see this tab, Sharing.
When you click on it, you can say yes, show share it yes. This is like a new method of sharing. I always recommend you Go for Advanced Sharing because you can apply permissions. And here we have to stop for a moment because I have to tell you a little more about this option. We have Share permissions and we have NTFS permissions. When you think about Share Permissions, this means that I want to access a file from PC One, and these files are on PC Two. This is where Share permissions are going to be applied. Is Marius really allowed to access PC Two? Okay, fair enough.
He is allowed. And then if that happens and that’s okay, we go for security. And a lot of people say it is called NTFS Permissions, where we can be very specific and lock it down, specify that Marios can modify this file, can list folders, can execute one file, but he cannot modify, let’s say, a folder name or whatever we want to do. We can be extremely specific when it comes to security. It’s not that complicated when it comes to sharing. When you go for Advanced Sharing and you say, Share this folder, go for permissions, you will see that we have three main options. Full control means do whatever you want.
Change means, of course, I can read, write, modify, and the read as the name indicates, I can have a read access only. Please note that you can have, allow or deny. It is well one sentence. Never ever use deny. Even Microsoft says, well, please make sure you avoid deny because it’s extremely confusing. Because you say deny and you say, well, I don’t want to allow someone to have this level of access. Don’t use it. I appreciate. Sometimes we don’t have a choice and we take advantage of deny. We say well, someone cannot have this option.
Don’t do it. Always say Well, I want to everyone, I want to apply read. This means no change and no full control. Don’t click anywhere close to deny. Please note that we can add a group or a user. Again, it is a bit beyond our discussion, but again it is recommended we group users add. And here my user is called admin. I can check names and just add my user admin. It is not recommended. We should always create a group and put admin in this group. Apply permissions to a group. Why? The idea is that if you create a group, it is very easy to modify things that are in this group. I don’t have to touch permissions anymore. You get the idea.
I can create a group called, let’s say, test one, add admin to this group and that’s it. I can apply permissions and then if I want to modify something, I don’t have to touch permissions. I can ask, let’s say Mike started a new job yesterday or is my friend and he has a laptop. I want to do something about Mike. I create a local account and I can add Mike to this group. I don’t have to touch permissions anymore. It is extremely important to memorize, especially when it comes to a reward scenario, that you should always use a group, if possible.
Here we’re talking about Windows operating systems because all these things apply to, in most cases, service. Here we don’t really care because we want to apply permissions and show how they work. So I can say okay, admin should have full control and in most cases this is what we do. We say yeah, when it comes to share permissions, well, I don’t really care because I can be very specific about this option or admin when it comes to security, okay? I can be very specific what my users can do when it comes to security. And here I can edit and add users.
So I can say let’s say admin and I can be very specific what my user can do. Please note that I have write read list folders, read and execute modify, full control. They’re pretty easy to understand. Write means I can add something to a file read, I can open the file list folders, of course I can see what’s inside and so on. Please note to have special permissions as well.
If you want to be extremely specific about things that you want to use, you go for advanced. And here you can be very specific when it comes to access and permissions. Please note that we have effective access because when you mess up with all these things, when you make a lot of changes, you can be confused what Mike can access, what admin can access, what John can access. And then effective access is going to show you, okay? Here will help you.
This is what admin can do and you can in a way create a report and figure out what’s going to happen. One more option that I want to mention is inheritance. By default, everything will be inherited if I create a folder and then I create a text file inside, admin will have the same level of access. You can disable this option and apply permissions per folder.
Again, it is not recommended. Sometimes you don’t have a choice. You have to do this and then you can be very specific what a user can do. Okay, a really long story, a lot of talking. Now I want to show you how to access this file and what has happened. To summarize, we created this folder test like ten minutes ago or something and we have shared this folder already. It’s sharing and now please note it shows us the network path. This is what you have to provide.
You have to give to your end users if you want to allow them to access a folder on your laptop, on your server, on your network attached storage device and so on. And please note, I can access my test folder and now I can say text document, test go for properties. And I can see that a test document has been created. I can go back to my test folder properties sharing and here I want to say that you know what, just let’s remove him and everyone will have read access only here. Please remember that the most restrictive permission applies.
This means that if I lock it down over here, well, I should not be allowed to modify a file anymore. File Save and now it doesn’t allow me to save a file anymore. Okay, it says no, sorry, you can’t do it. Please remember that if you change anything over here when it comes to sharing, even though you have security in place, that’s not going to work. And the other way around as well. If you change anything over here and you say sure, let’s say you go for full control over here, this means everyone can do whatever we want when it comes to share in our network permissions, that’s okay.
But if you lock it down over here, of course admin or all users will not be allowed to, let’s say, create a file list folders and so on. Please make sure that you remember, as you can see, a pretty difficult topic. Well, not difficult, but an extremely interesting topic when it comes to permissions and how to create a file and share it. I recommend you avoid names because this is always tricky. I recommend you go for CMD type IP config and then you have an IP address over here, and then you just go for Run and you say 192-16-8112. And here you can access using an IP address because names are really tricky, especially if you don’t have a dedicated domain name system server.
It is really tricky. I recommend using an IP address. When you go for this PC, you go for network. As you can see, we have a list of devices that have been identified. Windows says okay, fair enough. I have identified the name. Please provide a username and password that I can use to connect to your device. That’s fair enough. But if something goes wrong over here, please make sure you go for run and identify an IP address. We’ll continue our discussion in our next lecture.
- Mapping a Drive
We’ve learned a lot about file permissions. We know how to share a folder. Now I want to show you how you can achieve the following thing. It would be nice for an end user to have something like this, a network location. I will get rid of it because I want to start from scratch and show you how to achieve it. To make sure we’re on the same page. When I go for network, I have all my devices that have been identified in my network. One of them is this device, okay? And there are two folders that are available for me and one of them is test one. I want to access this folder straight away. I don’t want to go for network. Then click over here, test and so on.
Now I want to go for this PC and access my network place straight away. I don’t want to go through all these sophisticated options, identify a device, you know what I mean? Maybe you have 15 devices in your network. It will be very difficult to find the one that you’re after. It’s not a problem. I’ll show you how you can achieve it. We go for test and the first thing, we rightclick here and we copy address as text. Why? Because when we go to this PC computer, we can map the network drive. We go for a letter that we want, let’s say t and we paste it here. Finish. Here we go. Now I have a network location. We are going to have a happy user. Now our test user, let’s say Mike, is a happy guy because he can double click here and access our shared folder straight away.
Please note we can map a network drive and add the network location as well. Here you will see a wizard which allows you to choose a custom network location. Then you can paste it here. You can view examples. This is what we’ve seen. And then you’re going to create a new network location. I hope you’re okay with it. I want to show you a couple of CMD command line interface commands that you can use to play with shares. It might be beyond our exam here, but they’re really handy. The first one is Net use. Net use is going to list of all network locations. Please note that we have one t, the one that we created a minute ago, but now we don’t have to. This PC click.
Now I can use the Net use command. The Net share command on the other hand, allows you to view your folders and things that you’re sharing at the moment. Do you remember the test folder that we created in our last lecture? Here we go. Windows is telling you, okay, let’s mate. There is a test folder, C test and you can access it. You can ask what is the C dollar share? Well, I have not created it. No, we haven’t. Windows is going to do it for you. It’s called a default share or admin share. And even though you have not shared your C drive, it is available if you put the C dollar sign. Yes, you don’t have to do anything else because this is done by default. And even though we want to share the test folder, only if you’re a local administrator, you can access the whole C drive because it is going to be shared by default. It might be beyond this exam, but it is extremely important, especially if you’re at work and you think that nobody can view files, documents and downloads.
No, you’re wrong. All administrators, all network guys, all admins can actually see the C drive. What does it mean? Well, this means that when we go for users documents here we go, I can see all of course, there is nothing in here, but you get the idea. I can view your documents. You’re an end user. I’m an admin for your network, and yes, I can view your documents. I would never do it. It’s wrong. You should never access you should never access these files unless you ask me to troubleshoot something. But please remember that even though even if we share one folder test, your local administrator can actually access your C drive. How can you achieve it?
Well, you just type the IP address, whatever IP address you have in your network, and then you put C dollar. Okay? And then you can access the whole C drive. If you are a local administrator or a domain administrator. In the bonus section, I will make sure there are some additional lectures when it comes to permissions and shares, because it is a really important topic if you want to go for a Windows Server exam. So please make sure that you check the bonus section. You will find a lot of lectures over there. If you want to learn more about permissions, please feel free to go there and read and learn a little more about permissions.