File Server & Resource Manager

11:07:00 PM | 0 Comments

I) Introduction : 

File Server Resource Manager (FSRM) is an advanced function helps admin manage File Server efficiently .
Administrator can limit  user's disk space usage, stop user from accessing some specific file and supervising user .

II) Practice

Server Manager > Right click on Roles > Add Role, next > check File Services, next > Check File Server Resource Manger, next >  Check the Drive you want to monitor , next and Install.
Close when finished  .

1) Folder & Disk Quota : 

First of all, create a new folder in C:/ or in any drive in your computer .
Start > Administrative Tools, File Server Resource Manager .
Quota Management> Right click on Quotas> Create Quota
Browse -> Specify a path for a folder you want to apply Disk Quota

You can use Disk Quota template or Define custom quota properties , right there , you specify a limit space for user (by soft quota - just for monitoring or hard quota) , add a warning ...

Close a custom disk quota dialog and press Create . Save it as a template for later use if you want .


Done !

*Disk Quota :
For each user you can have different limit disk spaces : in My Computer > Right click on Drive you want to enable Disk Quota> Properties > Quota :

Check on Enable Disk Quota Management
If you don't check Deny disk space to users exceeding quota limit , there will be only a warning for user, NOT a Denial when user reach disk space quota limit.

Specify user by click on Quota Entries  ...  > New Quota Entry . And add user to apply disk quota to him .

2) Prohibit user from copying a file to a Folder

First of all, create a new folder in C:/ or in any drive in your computer .
Start > Programs > Administrative Tools > File Server Resource Manager > File Screening Management  >  Right click to File Screens > Create File Screen ... Specify a Folder you want to prohibit user from doing something.

> Define  custom file screens properties > Custom Properties => Select group you want to block, choose some options, use Edit to view and modify them or you can Create your own option by clicking Create..

You can also exclude some files that user are allowed to copy to C:/Folder by click on Create... and choose file to exclude . Remeber create a file group name

For example :
a) You don't want  user to copy a .EXE files to your Folder, but user can copy a file name GoodFile.EXE , so you type in Files to exclude : GoodFile.Exe
b) You want to prohibit user from copying a file have a extension .XXX , so you type in Files to include : ".XXX" - without quotation marks .

After finishing custom properties, just press OK , at Create File Screen , press Create . Save it as a template if you want.

Done!  If you have any question, don't hesitate to comment here, I will reply within 24 hours ^.^
Thanks for visiting my Blog .

NTFS Permission

11:07:00 PM | 0 Comments

I) What is NTFS Permission :

As you can see : "NTFS" is one of the formats of hard disk drive, just like FAT, exFAT ...  and nowaday, most of hard disk computers (Desktop & Laptop) use  NTFS format.
NTFS Permission help us give different permissions to different users on the same file or folder .

Comparion between Share Permission and NTFS Permission :

                                                   Share                                           NTFS


  • Permission on Folder                       yes                                   yes
  • Permission on File                            no                                   yes
  • Affect a user by logging through      yes                                    yes
  • other computer
  • Affect a user by logging directly       no                                     yes
  • Number of permission         3 (Full, Change, Read)          19 permissions


Try this : Right click on File or Foler > Properties> Security tab

1/ 6 standard Permissions :

 - List Folder Content : You can access shared folder, see what's in it .
 - Read : For example : read the text file . But cannot execute any program .
 - Read & Execute : Read + Execute program .
 - Write : change, create new but cannot delete data .
(note : Write is indepent permission with Read - write can change a file by console without "read" it)
 - Modify  = Read + Write + Delete
 - Full Control : do anything to this file or folder : read, write, delete ...and especially : be able to change the permission of this folder .


2/ 13 special Permissions : 


- More detail & complex  permissions, to serve administration's need .
- For example : give user A the right to delete his own folder he created before but he cannot delete other folder belongs to user B .
- Creator Owner : is a group, when user A create a folder or file, he belongs to this group and he has the right to fully control his Data he created before.

3/ Inheritance permission :


In folder A we have folder B, so if user1 has some permissions on folderA => He will have the same permissions on folder B .

We can remove this inheritance by doing this :

Right click on folder A > Properties> Security > Advanced => change permissions : un-check a option "include inheritable ..." , click Add to keep inheritable table .

4/ Relationship between NTFS permission and Share Permission :


When user A  accesses folder X through the network from other computer. His rights are under 2 effects, one from NTFS, and the other from Share . His rights now are "mutual permission"


NTFS                  Share                           User's Right


modify                read                                  read
write               read               NO right (remember write & read are separated permission)
full control          change                          change/modify

R or M or F          Full Control                     R or M or F               

(R/M/F : Read/Modify/Full Control)

We don't want both permissions : Share & NTFS mix up with each other. So set Share Permission to everyone : Full ControlAnd don't worry, we have NTFS Permission to handle security problem .

(*This post is marked as partially completed - there  are some info I will  supplement later, now I'm kinda busy for life, LOL, let's move on to the next post *)

Share Permission

9:43:00 PM | 0 Comments

I) Introduction :

Sharing helps users access data resources easily and conveniently . There are some computers play a role as a sharing centre , and other computers can access to use resources like Data, Printer or Internet ...

A computer which shares Data resources is called File Server.
This computer is a File Server if it meets these requirements :
- Turn off Firewall
- Using Classic Authentication
- Has a list of users account - so other computers will use these accounts to access File Server.

II) Sharing :

1) Data sharing and sharing permission : 


- We can only share a folder - NOT A FILE .
- Folder A include folder B and C, if you want to share all of them,  sharing  folder A is enough .
- Only Administrators has a right to share .
- Sharing only  affects to users log on from other computers, it won't work with directly logging on  .

(For example computer A has a user A and he has a right to access folder XXX, so if user A log on from computer B - he will see this folder ; if he log on at computer A - he won't see it)

How to Share : Right click on a folder you want to share> Properties> Sharing > Share...
                    Or for more options, choose Advanced Sharing ... > Tick at Share this folder .
Notice :
at Permissions>  Share Permissions : You will see 3 options :
 + Full control : User can do anything to this folder contents
 + Write : User can create new contents or change it, but cannot delete it .
 + Read  : User just read them, cannot change or delete .


2) Let's watch the video :


It's  mostly the best way to understand the bunch of theories, and it's always faster than reading .
But you need more concentration :

AND



Notice that, Computer 2 WILL NOT  access folder created in DESKTOP ...
My teacher told me that is because of Desktop is Work-Place of user and doesn't permit any other user access shared folder on it. Quite ambiguous ! I will find it out and tell ya later !
 

Network Access

10:26:00 PM | 0 Comments

I) Network Access :

1/ Configure IP address :

If you don't know how to set an IP Address for a computer, please watch this video :


2/ Ping :
Set IP address to 2 computers 1 & 2 :

Computer 1 : 192.168.1.1 / 255.255.255.0
Computer 2 : 192.168.1.2 / 255.255.255.0

We will disable Firewall on both of these Computers, and try to use PING  command to test their connnection (before doing that, just plug both cables to a Switch or directly connect 2 computers) .

Watch this video :

3/ Access Authentication :

In Windows : there are 2 models of authentication
a) Classic : 3 STEPS
STEP 1 :
- Computer 1 is want to access Computer 2 will try to use its CURRENT ACCOUNT (username & password) .
STEP 2 :
- If not successful, Computer 1 will use Guest Account to access.

STEP 3 
- If not successful, Computer 1 will see a Dialog Box requires to Type Username/Password in order to access Computer 2.
-If not successful, ACCESS DENIED !

Please watch the video to fully understand what I am saying, it has made me confused at the first time, I know you do, too .




b) Guest Only : 

Using Guest Account to access, if Guest Account has been disabled, Access is denied regardless User is Administrator (because only Guest account has a permission to access)

Cannot boot to Windows when Ubuntu mess things up ?

10:01:00 AM | 0 Comments

Today I got a problem with booting to Windows 7, after helping a girl last night LOL .
She asked me how to divide a partition in Windows, I tried to do it with out Hiren Boot CD, by using Disk Management .  I use dual boot Windows 7 - Ubuntu and I tried to delete partition which hosts Ubuntu OS & SWAP partition .

I got 3 other drive called : C (Windows OS is here), D and E .  Then I extended E by taking all partition I kept my Ubuntu OS before .

Now I got 3 partitions : C, D and E.

Today, I restart my computer and got a prolem when booting , It shows a command line "Grub Rescue"

Hmm... I tried to insert a Windows Install Disk and repair (you should try this first if you got a same problem), but not successful.
I do some searches on Google and found it !

After inserting a Windows Install Disk, you go to Repair and Choose Command Line , and just type "bootrec /fixmbr " (without a quotation marks) .


It works perfectly !

Local Security Policy

9:03:00 PM | 0 Comments

Local Security Policy is a part of Local Policy, it focuses on Security Policies in Windows .

- Start> type Administrative Tools>  Local Security Policy
or
- Start> Run> type secpol.msc 

Let's watch the video :

Part 1 :

Part 2 :

Local Policy

11:51:00 PM | 0 Comments

Policy is a rule that we apply to a computer (User and Group, also) and tell them "Do this, not do that"
For example, I don't want user A access drive C, so I set a rule to suit my need.

Local Policy, as I said before "Local" means these rules will affect locally, only to a computer which you configured .

To use Policy, we use a tool call Microsoft Management Control :
- Start > Run > type MMC (not case-sensitive)
- File > Add/Remove Snap-ins ...

Now, let's watch my video , it's more useful than words ^^ :




So, "Group Policy" Configuration file is hosted in C:/Windows/system32

Thanks for visiting my Blog, see ya later !