CONFIGURING AND MANAGING NTFS SECURITY - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

CONFIGURING AND MANAGING NTFS SECURITY

Description:

ACCESS CONTROL LISTS (ACLs) Store access control entries (ACEs) ... Stored in ACLs (which are collections of ACEs, grouped by resource) ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 23
Provided by: Cerr4
Category:

less

Transcript and Presenter's Notes

Title: CONFIGURING AND MANAGING NTFS SECURITY


1
CONFIGURING AND MANAGING NTFS SECURITY
  • Chapter 7

2
OVERVIEW
  • Understand the structure of NTFS security
  • Control access to files and folders by using
    permissions
  • Optimize access to files and folders by using
    NTFS best practices
  • Audit NTFS security
  • Troubleshoot access to files and folders

3
MASTER FILE TABLE (MFT)
4
SECURITY DESCRIPTORS
5
ACCESS CONTROL LISTS (ACLs)
  • Store access control entries (ACEs)
  • Assigned to security descriptor for file system
    object
  • Evaluated to control access to objects
  • There are two types of ACLs
  • Discretionary ACL (DACL) Permissions
  • System ACL (SACL) Auditing

6
ACCESS CONTROL ENTRIES (ACEs)
  • Stored in ACLs (which are collections of ACEs,
    grouped by resource)
  • Consist of user or group SIDs with permission
    entries
  • Can be set for Allow, Deny, or Audit
  • Allow and Deny ACEs can exist in the same ACL
  • Audit ACEs are kept in SACLs
  • Deny ACEs override Allow ACEs

7
STANDARD NTFS PERMISSIONS
8
SPECIAL PERMISSIONS
9
PERMISSION INHERITANCE
  • Subfolders and files inherit permissions
  • Inheritance can be blocked
  • Blocking required for new permissions

10
COPYING OR MOVING NTFS OBJECTS
11
PLANNING NTFS PERMISSIONS
  • Consolidate data
  • Assign permissions to folders
  • Assign most restrictive permissions possible
  • Use groups for permission assignment
  • Avoid excessively blocking inheritance
  • Avoid the Deny ACE

12
ASSIGNING STANDARD PERMISSIONS
13
ASSIGNING SPECIAL PERMISSIONS
14
WHY CANT I CHANGE PERMISSIONS FOR THIS FOLDER?
15
TAKING OWNERSHIP OF FILES
16
CACLS.EXE
17
MULTIPLE NTFS PERMISSIONS
  • Sum of all ACEs for user or group
  • Most lenient permission is the effective
    permission
  • Deny overrides all

18
VIEWING EFFECTIVE PERMISSIONS
19
AUDITING NTFS ACCESS
20
DISCUSSION
21
SUMMARY
  • NTFS permissions work only on NTFS volumes.
  • Security descriptors are stored in the Secure
    file.
  • ACLs list ACEs assigned to an object.
  • ACEs map users or groups to permissions.
  • Permissions are inherited by default.
  • Effective permissions are the sum of ACEs.

22
SUMMARY (CONTINUED)
  • Ownership cannot be given.
  • Deny ACEs override all other ACE types for a
    particular permission.
  • Avoid the Deny ACE to limit complexity.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CONFIGURING AND MANAGING NTFS SECURITY" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!