Both Windows 2000 Server and Windows Server 2003 use the same mechanisms to provide file system security. Rights can be assigned to users, groups, and some special entities, which include the "everyone" assignment. Table 3 describes the basic file permissions that can be used with NTFS on Windows Server platforms.
|
Right |
Description |
|---|---|
|
Full Control |
Provides all rights |
|
Modify |
Allows files to be modified |
|
Read & Execute |
Allows files to be read and executed (that is, run) |
|
List Folder Contents |
Allows the files in a folder to be listed |
|
Read |
Allows a file to be read |
|
Write |
Allows a file to be written to |
An added complexity to file system security on Windows platforms is that the shares created to allow users to access folders across the network can also be assigned a set of permissions. Although these permissions are quite basic (Full Control, Change, and Read), they must be considered because, when assigned, they are combined with NTFS permissions. The rule in this situation is that the most restrictive permissions assignment applies. For example, if a user connects through a share with Read permission and then tries to access a file to which he has the NTFS Full Control right, the actual permissions would be Read. The most restrictive right (in this case, the Share Read permission) overrides the other permissions assignment.
In addition to the basic file sharing and permission systems, Windows server systems also include some advanced features to further enhance the file and server capabilities. These features include the following:
-
Disk quotas The amount of disk space available to a user can be restricted and managed through disk quotas. This is a useful element of control over disk usage.
-
Encrypting File System (EFS) EFS allows files to be encrypted while on the disk, preventing unauthorized access. The main advantage of EFS is that it keeps the files encrypted even if the user or organization loses physical control of the drives, such as with a laptop computer.
-
Distributed File System (DFS) DFS allows multiple directories on distributed servers to be represented through a single share point, simplifying access for users and administration.
Windows server systems support the FAT, FAT32, and NTFS file systems. However, if you are configuring a server, you are unlikely to use FAT or FAT32 as they do not offer any file level security. Also, you need NTFS if you want to take advantage of features such as disk quotas, DFS, EFS, file compression, or auditing. You also need NTFS to support Active Directory.
Although it is possible to convert a partition formatted with FAT or FAT32, it is recommended that you format a drive as NTFS when you are creating partitions rather than converting at a later date. Drives originally formatted with NTFS have less fragmentation and better performance than those converted from FAT. If you do need to convert a partition, you can use the CONVERT utility, but the process is one way. Once you have converted from FAT, you can never go back.
Windows server provides comprehensive print server functionality. Clients are able to connect to printers across the network without the need for locally installed printer drivers. The drivers are stored on the server and downloaded when the user connects to the printer, making it easy to ensure that users are using the latest version of the correct driver.
Printing on a Windows server can be controlled through a permission mechanism similar to that used in file system security, though it is less complex. Preconfigured groups also allow you to delegate the management of printing functions, which can be a good idea in large environments.
All these features combine to make Windows a very solid choice as a file and print server.
