======================== Network Sharing, Rights, and Permissions =============================== =================================== Written By: Culprit ========================================= =================================== Copyright (C) 2000 ========================================== Back in the early days of the personal computer, spreadsheets were the dominant application, and the primary reason for many computer purchases. It was quite common for someone to power up a new computer, load Lotus 1-2-3, stare at the blank grid of rows and columns, and wonder what to do next. The situation is similar today for the novice network administrator. A default installation of a network operation system, such as Windows NT Server, just sits there, of no use to anyone until the administrator performs certain tasks. Let's assume NT Server 4.0 and all of the relevant hardware have been installed successfully. This is the simplest situation possible, chosen so that the basic concepts aren't obscured by extraneous details. - ACCOUNTS AND GROUPS - The first task is the creation of user accounts, for which we use User Manager for Domains. This is an easy-to-use application, but if the network adminstrator doesn't have a clear strategy in mind, can get messy in a hurry. A consitent login name scheme needs to be developed, usually based on some combination of te first and last name that can be up to 20 characters long. The three most common schemes are represented by the following examples; jsmith, janes, and jane.smith. Next, a decision needs to made concerning the creation of groups. Users acquire the rights, permissions, and capabilities assigned to the groups they join. Being added to a group never subtracts rights. This is an efficient way in which to assign permissions to individuals. NT server creates a number of groups by default, such as the powerful Administrators or, at the other end of the scale, the Users group. Members of the Administrators group have the ability to do virtually everything, while members of the Users group have essentially no administrative powers. The are specialized groups, like Paint Operators and Backup Operators, which are similar to Users but with the particular rights required to perform the tasks they have been assigned. It is possible for a user to be a member of multiple groups. As mentioned above, if a user is assigned a permission via membership in a particular group, that permission is not lost as a result of membership in another group that does not have equivalent permissions of rights. Suppose there's a printer on the network reserved for users of an accounting application. it would make sense to create a group called Accounting consisting of these people, and assign the right to use this printer to this group. if there is a group of users with a particular set of requirements that isn't already covered by an existing group with a descriptive name. A windows NT Server is likely to share resources such as files and directories, and printers. increasingly, server-based applications, Internet access, fax serving, and email are being added to the mix. Modems and scanners are other possibilities, but they are still rare. - PRINTER SHARING - Let's look at how a printer is shared. In the simplest situation, the printer we want to share is physically connected to the server. if it is connected to another computer on the network, or perhaps a print server, the concepts are still similar. First it needs to be installed. This is done under NT in much the same way as under Windows 95/98. Next, the printer must be shared. In a small office, it is typical to give everyone full acees to the printer. since it is likely that everyone is a member of the Users group, this is acomplished by giving full control to the Users group. It is not necessary to give permission to individuals. Sometimes it is desired to restrict access to the printer, or to give some individuals less than full control. The four permission levels for printers are no access, print, manage documents, and full control. Perhaps the Administrators group would be given full control., the Users group print access, and som eother group the right to manage documents(ie. managing the print queue). If the server is running windows NT Server 4.0, and all of the users are running NT workstation 4.0, then no additional drivers need to be installed. If, as more typical, there's a mix of Windows 95/98 and Nt workstation among the network users, the windows 95/98 drivers for this printer should be installed on the server, as well. The reason for this is to reduce the administrative burden of providing printing services for users. What does a user do to connect to and use a shared printer for the first time? there are several methods, but the one I find to be the easiest involves navigating to the printer in Network Neighbourhood. it will be listed under the server name, along with all of the other objets being shared on the server. Double-clicking on the printer will download the appropriate print driver to the user's local drive, and install it. that's why it's not worth taking the extra step of installing print drivers on the Nt server for another operating systems. If the driver is updated in the server, it will be updated automatically on the workstation. - DIRECTORY SHARING - Directories are shared in much the same way, but the details are naturally diferent. Once a share is created, the next step is to set the permmission on that share. There are four levels of share access: read, change, full control , and no-access. the difference between change and full control is that someone with the latter permission can change the file and directory permissions, a feature available only on drives formatted under NTFS. If the administrator needs more granular control over permissions on a resource than share access provides, the only way to accomplish that is by using NTFS permissions. when this is done, the permissions on a resource are the lesser of the permissions granted via share and NTFS. Another benefit of using NTFS on a drive is the ability to compress files and directories. Since NTFS compression is a part of the operating system, and not a bolted-on feature, it is safe and efficient. Withoout modern hardware the performance hit is scarecely noticeable. Culprit - www.tdcore.com