70-240 in 15 minutes a week: Administration of Resources - Part 1

by Dan DiNicolo

Welcome to the second installment in my '70-240 in 15 minutes a week' series. This week's article covers the second major area of study on our journey through the core exam material: Implementing and Conducting Administration of Resources. Again this ties into the material from the Windows 2000 Professional portion of the exam. This includes a look at topics such as NTFS permissions, file caching, web server management, printing, and more. Because of the size of this topic, I have decided to split it up into two articles, in order to not break our 15-minute rule! Again this week, appearances can be deceiving. Be sure not to overlook the importance of the Professional material on the exam - sometimes it's the little details that bite the hardest. Remember, you're dealing with a quarter of the exam material in Professional alone.

The material that this article will cover includes:

- NTFS Settings (including EFS and Compression)
- User and Group Settings
- File Auditing and Ownership
- File Caching Settings
- Shared Folders

Part 2 of this topic will continue next week with a look at web server settings, printing configuration, Internet printing and more.

NTFS Settings

To begin with, let's revisit an old friend, NTFS. Although NTFS still provides the secure file system you're familiar with from Windows NT 4.0, there are a number of changes in terms of both functionality and configuration. The version of NTFS supplied in Windows 2000 is NTFS 5, as opposed to the NT's version, which was version 4. (Unless you have NT 4.0 SP4 or higher, in which case it also uses NTFS 5). The new version of NTFS in Windows 2000 supports both new and old features including:

- The ability to encrypt files and folders that reside on an NTFS partition using EFS, the Encrypting File System.
- The ability to compress files and folders. 
- The ability to set file and folder security permissions via access control lists.
- The ability of an administrator or user with the appropriate permissions to take ownership of files and folders.
- The ability to audit access to files and folders.

Setting file or folder encryption and compression is easy. Both are implemented as attributes, similar to the System, Read-only, Hidden, and Archive attributes that you are probably already familiar with. Both encryption and compression are set via the Advanced button on General tab of the properties of the file, as shown below. This week's article covers the second major area of study on our journey through the core exam material: Implementing and Conducting Administration of Resources.

Note that although it appears as though you could choose both, encryption and compression are mutually exclusive, so you can only choose one of the two. As far as EFS encryption is concerned, only the person who encrypted a file can open it, with one exception. Windows 2000 includes a special role, set via group policy, called a Recovery Agent. A recovery agent can open an EFS encrypted file, which serves as a backup should the user leave the company or similar. By default, the only recovery agent is the Administrator of the domain (on a non-domain computer, it is the local administrator), though it can be changed to another trusted user or users. 

To make things easier, a user should set a folder to use encryption, and then save all security sensitive files to this folder. This will automatically encrypt the files, and avoid the user having to encrypt files individually. To encrypt a number of files at once, consider using the command line tool Cipher.exe, which does bulk encryption using the parameters (including wildcards) that you specify. Other important things you should know about EFS:

- If a user attempts to open (or copy) a file encrypted by another user, they will receive an 'Access Denied' message.
- If the user who encrypts the file moves it to a non-NTFS volume, the file will no longer be encrypted
- EFS is strictly file-system (not transport) encryption. If you encrypt a file on a server and then open it on your workstation, the file moves across the network unencrypted.
- When you move an unencrypted file into an encrypted folder, it does not become encrypted (retains attribute). However, when you copy an unencrypted file into an encrypted folder, it will be encrypted (inherits attribute).

Want to know more about EFS? Click here.

This article was originally published on Mar 19, 2001
Page 1 of 5

Thanks for your registration, follow us on our social networks to keep up-to-date