Click Advanced. In the Advanced Security Settings dialog box, click the Effective Permissions tab. in .NET

Generation QR-Code in .NET Click Advanced. In the Advanced Security Settings dialog box, click the Effective Permissions tab.

Click Advanced. In the Advanced Security Settings dialog box, click the Effective Permissions tab.
Create QR-Code In Visual Studio .NET
Using Barcode encoder for .NET Control to generate, create QR image in .NET framework applications.
www.OnBarcode.com
QR-Code Recognizer In Visual Studio .NET
Using Barcode reader for VS .NET Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
Figure 8-33: Permissions comparison 9. Click Select. This opens the Select User Or Group dialog box. Enter the name Jeff_Phillips and then click OK. Review the effective permissions of the Jeff_Phillips user account, as shown in Figure 8-34. The permissions differ from those assigned to the user account because of permissions assigned through group membership.
Bar Code Creation In VS .NET
Using Barcode drawer for Visual Studio .NET Control to generate, create barcode image in Visual Studio .NET applications.
www.OnBarcode.com
Barcode Reader In Visual Studio .NET
Using Barcode recognizer for .NET framework Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
Figure 8-34: Determining effective permissions
Generating QR Code In C#
Using Barcode printer for VS .NET Control to generate, create QR image in Visual Studio .NET applications.
www.OnBarcode.com
Draw QR Code JIS X 0510 In VS .NET
Using Barcode generator for ASP.NET Control to generate, create QR Code image in ASP.NET applications.
www.OnBarcode.com
Lesson Summary The Icacls.exe utility can be used to manage NTFS permissions from the command line. You can use this utility to back up and restore current permissions settings. There are six basic NTFS permissions: Read, Write, List Folder Contents, Read & Execute, Modify, and Full Control. A Deny permission always overrides an Allow permission.
QR-Code Printer In Visual Basic .NET
Using Barcode maker for Visual Studio .NET Control to generate, create QR-Code image in .NET applications.
www.OnBarcode.com
PDF417 Generation In .NET
Using Barcode printer for .NET Control to generate, create PDF-417 2d barcode image in .NET framework applications.
www.OnBarcode.com
You can use the Effective Permissions tool to calculate a user's effective permissions to a file or folder when she is a member of multiple groups that are assigned permission to the same resource. The most restrictive permission applies when attempting to determine the result of Share and NTFS permissions. Auditing allows you to record which files and folders have been accessed. When a file is copied, it inherits the permissions of the folder it is copied to. When a file is moved within the same volume, it retains the same permissions. When a file is moved to another volume, it inherits the permissions of the folder it is copied to. When you encrypt a file, it generates an EFS certificate and private key. You can encrypt a file to another user's account only if that user has an existing EFS certificate.
Linear Creator In Visual Studio .NET
Using Barcode generation for Visual Studio .NET Control to generate, create Linear image in .NET applications.
www.OnBarcode.com
Drawing DataMatrix In Visual Studio .NET
Using Barcode maker for VS .NET Control to generate, create Data Matrix 2d barcode image in Visual Studio .NET applications.
www.OnBarcode.com
Lesson Review You can use the following questions to test your knowledge of the information in Lesson 2, "Folder and File Access." The questions are also available on the companion DVD if you prefer to review them in electronic form. Note ANSWERS Answers to these questions and explanations of why each answer choice is correct or incorrect are located in the "Answers" section at the end of the book. 1. You are logged on to a computer running Windows 7 Enterprise that you share with Jeff Phillips. You want to store some files on an NTFS-formatted USB flash drive that both you and Jeff can access. You want to encrypt these files but do not want to use BitLocker To Go. You are able to encrypt the files, but when you try to add Jeff, you do not see his certificate listed. Which of the following should you do to allow you to use EFS to encrypt files to both your and Jeff's accounts A. Get Jeff to change his password. B. Get Jeff to encrypt a file on the computer. C. Give Jeff write permission to the files. D. Let Jeff take ownership of the files. 2. Which of the following permissions are also set when you apply the Read & Execute (Deny) NTFS permission (Choose all that apply.) A. List Folder Contents (Deny) B. Read (Deny) C. Modify (Deny) D. Write (Deny) 3. Jeff_Phillips's user account is a member of four separate security groups that are each assigned different permissions to a folder on a client running Windows 7. Which of the following tools can you use to determine Jeff's permissions to a file hosted in that folder A. Robocopy
Draw UCC - 12 In VS .NET
Using Barcode printer for VS .NET Control to generate, create UPCA image in .NET applications.
www.OnBarcode.com
Royal Mail Barcode Creation In .NET Framework
Using Barcode creation for .NET Control to generate, create RoyalMail4SCC image in .NET framework applications.
www.OnBarcode.com
B. C. D.
Encode DataMatrix In Java
Using Barcode encoder for Java Control to generate, create Data Matrix ECC200 image in Java applications.
www.OnBarcode.com
Draw DataMatrix In None
Using Barcode drawer for Font Control to generate, create ECC200 image in Font applications.
www.OnBarcode.com
Icacls Cipher The Effective Permissions tool
Code 128 Code Set B Reader In C#
Using Barcode reader for VS .NET Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
Bar Code Scanner In .NET Framework
Using Barcode Control SDK for ASP.NET Control to generate, create, read, scan barcode image in ASP.NET applications.
www.OnBarcode.com
4. The contents of the directory C:\Source are encrypted using EFS. The directory D:\Destination is compressed. Volumes C and D are both NTFS volumes. Which of the following happens when you use Windows Explorer to move a file named Example. txt from C:\Source to D:\Destination (Choose all that apply; each answer forms part of a complete solution.) A. Example.txt remains encrypted B. Example.txt becomes compressed C. Example.txt retains its original NTFS permissions D. Example.txt inherits the NTFS permissions of the D:\destination folder 5. You want to have a record of which user accounts are used to access documents in a sensitive folder on a computer running Windows 7 Enterprise. Which of the following should you do to accomplish this goal A. Configure EFS B. Configure auditing C. Configure NTFS permissions D. Configure BranchCache Answers 1. Correct Answer: B A. Incorrect: Jeff needs an EFS certificate for you to be able to encrypt a file that he can access. Changing a password does not generate an EFS certificate. B. Correct: If Jeff encrypts a file on the computer, it generates an EFS certificate. You can then use this EFS certificate to encrypt the file to his account. C. Incorrect: Jeff does not need write access to the file for you to be able to use EFS to encrypt the file to his account. Jeff needs an encryption certificate, which can be generated by having Jeff encrypt a file on the computer. D. Incorrect: Letting Jeff take ownership of the files does not allow you to use EFS to encrypt the file to his account. Jeff needs an encryption certificate, which can be generated by having Jeff encrypt a file on the computer. 2. Correct Answers: A and B A. Correct: When you apply the Read & Execute (Deny) permission, Windows also automatically applies the List Folder Contents (Deny) and Read (Deny) permissions. B. Correct: When you apply the Read & Execute (Deny) permission, Windows also automatically applies the List Folder Contents (Deny) and Read (Deny) permissions. C. Incorrect: Windows does not apply the Modify (Deny) permission when you apply the Read & Execute (Deny) permission. D. Incorrect: Windows does not apply the Write (Deny) permission when you apply the Read & Execute (Deny) permission. 3. Correct Answer: D
Barcode Drawer In .NET
Using Barcode generator for Reporting Service Control to generate, create barcode image in Reporting Service applications.
www.OnBarcode.com
Read QR Code 2d Barcode In None
Using Barcode recognizer for Software Control to read, scan read, scan image in Software applications.
www.OnBarcode.com
Incorrect: Robocopy can be used to copy files and their associated NTFS permissions but cannot be used to calculate permissions. B. Incorrect: Icacls can be used to display permissions but cannot be used to calculate the result of cumulative permissions. C. Incorrect: Cipher is used to manage certificates and cannot be used to calculate the result of cumulative permissions. D. Correct: The Effective Permissions tool can be used to calculate the result of cumulative permissions that accrue through multiple group memberships. 4. Correct Answers: A and D A. Correct: Encrypted files remain encrypted when copied or moved to compressed folders. B. Incorrect: Encrypted files remain encrypted when copied or moved to compressed folders. Only unencrypted files become compressed when moved to compressed folders. C. Incorrect: Files retain their original NTFS permissions only when they are moved between folders on the same volume. If you move them between volumes, they inherit the permissions of the destination folder. You can use Robocopy to move files and retain their NTFS permissions, but Robocopy was not mentioned in the question text. D. Correct: Files that are moved using Windows Explorer inherit the NTFS permissions assigned to their destination folder. 5. Correct Answer: B A. Incorrect: EFS can be used to limit which users can access a document by encrypting it only to certain user accounts, but it cannot be used to track which user accounts have been used to access files. B. Correct: Auditing allows you to track which user accounts are used to access files and folders. You can configure auditing to track successful and failed attempts to use any of the special permissions. C. Incorrect: You cannot use NTFS permissions to record which user accounts are used to access documents; you can only use NTFS permissions to restrict which user accounts are used to access documents. D. Incorrect: BranchCache is used to speed up access to files across the wide area network (WAN); it cannot be used to record which user accounts access documents in a sensitive folder. Lesson 3: Managing BranchCache BranchCache is a technology that is new to Windows 7 and Windows Server 2008 R2 that speeds up branch office access to files and Web sites hosted on servers across WAN links. BranchCache works by caching content hosted on remote severs in a cache on the local area network (LAN). Rather than retrieving content across the slower WAN link, clients check the locally hosted cache to see if a copy of the data they are requesting is present. If it is present, and certain conditions are met, the client uses the cached copy. If the requested data is not preset, the data is retrieved across the WAN link, stored in the local cache, and then accessed
Bar Code Drawer In Visual Studio .NET
Using Barcode printer for Reporting Service Control to generate, create bar code image in Reporting Service applications.
www.OnBarcode.com
Linear Barcode Generator In Java
Using Barcode printer for Java Control to generate, create Linear Barcode image in Java applications.
www.OnBarcode.com
by the client. The advantage of BranchCache is that it stops the same file being transmitted multiple times across the WAN link and speeds up local access. After this lesson, you will be able to: Use Group Policy to configure BranchCache settings. Use Netsh to configure BranchCache settings. Understand the difference between BranchCache distributed cache mode and hosted mode. Estimated lesson time: 40 minutes
BranchCache Concepts BranchCache is a feature that speeds up branch office access to files hosted on remote networks by using a local cache. Depending on which BranchCache mode is used, that cache is either hosted on a server running Windows Server 2008 R2 or in a distributed manner among clients running Windows 7 on the branch office network. The BranchCache feature is available only on computers running Windows 7 Enterprise and Ultimate editions. BranchCache can cache only data hosted on Windows Server 2008 R2 file and Web servers. You cannot use BranchCache to speed up access to data hosted on servers running Windows Server 2008, Windows Server 2003, or Windows Server 2003 R2. BranchCache becomes active when the round-trip latency to a compatible server exceeds 80 milliseconds. Several checks occur when a client running Windows 7 uses BranchCache: The client checks if the server hosting the requested data supports BranchCache. The client checks if the round-trip latency exceeds the threshold value. The client checks the cache on the branch office LAN to determine whether the requested data is already cached. o If the data is cached already, a check is made to see if the data is up to date and whether the client has permission to access it. o If the data is not already cached, the data is retrieved from the server and placed in the cache on the branch office LAN.
Cache modes determine how the branch office cache functions. BranchCache can operate in one of two modes: Hosted Cache mode or Distributed Cache mode. You will learn about these modes during the rest of this lesson. Hosted Cache Mode Hosted Cache mode uses a centralized local cache that hosted on a branch office server running Windows Server 2008 R2. You can enable the hosted cache server functionality on a server running Windows Server 2008 R2 that you use for other functions without a significant impact on performance. This is because if you found that files hosted at another location across the WAN were being accessed so frequently that there was a performance impact, you would use a solution like Distributed File System (DFS) to replicate them to the branch office
instead of using BranchCache. The advantage of Hosted Cache mode over Distributed Cache mode is that the cache is centralized and always available. Parts of the distributed cache become unavailable when the clients hosting them shut down. You will learn more about Distributed Cache mode later in this lesson. Hosted Cache mode requires a computer running Windows Server 2008 R2 be present and configured properly in each branch office. You must configure each BranchCache client with the address of the BranchCache host server running Windows Server 2008 R2. When setting up the Hosted Cache mode server, it is necessary to do the following: Install the BranchCache feature. Install an Secure Sockets Layer (SSL) certificate where the subject name is set to the fully qualified domain name (FQDN) of the hosted cache server. This involves importing the SSL certificate into the Local Computer's certificate store, making note of the certificate thumbprint, and then binding the certificate using the command netsh http add sslcert ipport=0.0.0.0:443 certhash=<thumbprint> APPID={d673f5eea714-454d-8de2-492e4c1bd8f8} Ensure that all clients that trust the certificate authority that issued the SSL certificate installed on the hosted cache server.
Hosted Cache mode is not appropriate for organizations that do not have their own Active Directory Certificate Services infrastructure or do not have the resources to deploy a dedicated server running Windows Server 2008 R2 to each branch office. Note MORE INFO: CONFIGURING HOSTED CACHE SERVERS To learn more about configuring a Windows Server 2008 R2 server as a hosted cache server, including how to change the default ports used, consult the following document on TechNet: http://technet.microsoft.com/enus/library/dd637793(WS.10).aspx. Distributed Cache Mode Distributed Cache mode uses peer caching to host the branch office cache among clients running Windows 7 on the branch office network. This means that each Distributed Cache mode client hosts part of the cache, but no single client hosts all the cache. When a client running Windows 7 retrieves content over the WAN, it places that content into its own cache. If another BranchCache client running Windows 7 attempts to access the same content, it is able to access that content directly from the first client rather than having to retrieve it over the WAN link. When it accesses the file from its peer, it also copies that file into its own cache. The advantage of distributed cache mode is that you can deploy it without having to deploy a server running Windows Server 2008 R2 locally in each branch office. The drawback of Distributed Cache mode is that the contents of the cache available on the branch office LAN depend on which clients are currently online. If a client needs a file that is held in the cache of
a computer that is shut down, the client needs to retrieve the file from the host server across the WAN. Quick Check Which BranchCache mode should you use if there are no servers running Windows Server 2008 R2 at your branch office Quick Check Answer You should use Distributed Cache mode. Hosted Cache mode requires a server running Windows Server 2008 R2 on the LAN.
Configuring BranchCache Clients Running Windows 7 Configuring Windows 7 as a BranchCache client involves enabling BranchCache, selecting either Hosted Cache mode or Distributed Cache mode, and then configuring the client firewall to allow BranchCache traffic. You can configure BranchCache either using Group Policy or by using the Netsh command-line utility. The firewall rules that you configure depend on whether you are using Hosted Cache or Distributed Cache mode. You can use predefined firewall rules or manually create them based on protocol and port. The required firewall rules are as follows: The BranchCache - Content Retrieval (Uses HTTP) predefined rule. If this rule is not available, create rules that allow inbound and outbound traffic on TCP port 80. This rule is required for both Hosted Cache and Distributed Cache mode. You can create this rule using Windows Firewall With Advanced Security, as shown in Figure 8-35.
Figure 8-35: Predefined BranchCache firewall rule The BranchCache Peer-Discovery (Uses WSD) predefined rule. If this rule is not available, create rules that allow inbound and outbound traffic on UDP port 3702. This rule is only required when using Distributed Cache mode.
The BranchCache Hosted Cache Client (HTTPS-Out) predefined rule. It this rule is not available, configure a rule that allows outbound traffic on TCP port 443. This rule is required only when using Hosted Cache mode.
You need to configure the firewall rules only when you configure BranchCache using Group Policy. When you configure BranchCache using Netsh, the appropriate firewall rules are set up automatically, as shown in Figure 8-36.
Figure 8-36: Firewall rules automatically configured Configuring BranchCache Using Group Policy BranchCache can be configured using Netsh or through Group Policy. You are more likely to use Group Policy when you want to apply the same settings to a large number of computers. To configure BranchCache on clients running Windows 7 using Group Policy, open the Local Group Policy Editor and navigate to the Computer Configuration\Administrative Templates\Network\BranchCache node. As Figure 8-37 shows, there are five BranchCacherelated policies.
Figure 8-37: BranchCache policies These policies have the following functions: Turn On BranchCache This policy enables BranchCache and configures the BranchCache service to start manually. Windows starts the service when you make an attempt to access data on a compatible remote server that exceeds the round-trip latency threshold.
Set BranchCache Distributed Cache Mode This policy sets the client to use Distributed Cache mode. For this policy to work, you must also have enabled the Turn On BranchCache policy. Set BranchCache Hosted Cache Mode This policy sets the client to use Hosted Cache mode. When configuring this policy, as shown in Figure 8-38, it is necessary to specify the location of the host cache server by FQDN. The SSL certificate installed on the server must match the FQDN and the client must trust the issuing certificate authority. For this policy to work, you must also enable the Turn On BranchCache policy.
Figure 8-38: BranchCache Hosted Cache Mode policy Configure BranchCache For Network Files This policy allows you to specify the roundtrip latency value that triggers the use of BranchCache. If you do not configure this policy, the default value is 80 milliseconds. You only need to configure this policy if the default value of 80 milliseconds is inappropriate for your organization's network environment. Set Percentage Of Disk Space Used For Client Computer Cache This policy allows you to set a custom amount of total disk space the computer uses to store BranchCache files. Other clients on the branch office network are able to access this content if the Distributed Cache mode is used. If you do not enable this policy, the cache size defaults to 5% of the total disk space of the client computer.
Configuring BranchCache Using Netsh You can use Netsh in the BranchCache context to configure and diagnose problems with BranchCache. There are several options that you can configure using Netsh, such as the local caching option, that are not available when you configure BranchCache using Group Policy. Another advantage of using Netsh to configure BranchCache is that it automatically enables the relevant firewall rules for each caching mode. When you use Group Policy to enable BranchCache, you must also configure appropriate firewall rules. You learned about these firewall rules earlier in this lesson.
You must run all Netsh BranchCache configuration commands, except for the show status command, from an elevated command prompt. You can use the following commands to configure BranchCache: Netsh BranchCache reset This command resets the current BranchCache configuration, disabling and stopping the service, resetting the registry defaults, deleting any cache files, and setting the service start type to Manual. This command also disables any configured BranchCache firewall rules. Netsh BranchCache show status This command displays the current service mode, including whether that service mode is configured using Group Policy, and displays the current status of the BranchCache service. Netsh BranchCache set service mode=distributed This command sets the client to use the Distributed Cache mode, starts the BranchCache service, and changes the startup type to Manual. It also enables the BranchCache - Content Retrieval (Uses HTTP) and BranchCache Peer Discovery (Use WSD) firewall rules. Netsh BranchCache set service mode=local This command sets the client to use the local cache mode, starts the BranchCache service, and changes the startup type to Manual. It does not enable any firewall rules. When you set the local caching mode, the client stores files retrieved over the WAN in a local cache but does not share the contents of that cache with any other clients on the branch office network. It is only possible to set this mode using Netsh. Netsh BranchCache set service mode=hostedclient location=hostedserver This command sets the client to use the Hosted Cache mode, specifies the location of the hosted cache server, starts the BranchCache service, and changes its startup type to Manual. It also enables the BranchCache - Content Retrieval (Uses HTTP) and BranchCache Hosted Cache Client (Uses HTTPS) firewall rules. Netsh BranchCache set cachesize This policy allows you to set the size of the local cache. You can do this as a percentage of hard disk space or by specifying a number of bytes. Netsh BranchCache set localcache This policy allows you to set the location of the local cache.
Configuration settings applied using Group Policy override settings applied using Netsh. Verifying the State of the BranchCache Service You can verify the state of the BranchCache service, which must be operational for BranchCache to function, using the Services console. You can open this console by typing services.msc into the Search Programs And Files box on the Start menu. To view the properties of the service, double-click the BranchCache service. Verify that the service is started and the startup type is set to Manual, as shown in Figure 8-39.
Figure 8-39: BranchCache service status Configuring File and Web Servers Running Windows Server 2008 R2 BranchCache works only when retrieving data hosted on Web and file servers running Windows Server 2008 R2. To configure a server to support BranchCache, perform the following steps: 1. Install the BranchCache feature on the server running Windows Server 2008 R2 using the Add Features Wizard, as shown in Figure 8-40. The Web server role of Windows Server 2008 R2 automatically uses BranchCache after you install the BranchCache feature.
Figure 8-40: Installing the BranchCache feature on Windows Server 2008 R2 2. When adding the File Server Role, ensure that you add the BranchCache For Network Files Role service, as shown in Figure 8-41.
Figure 8-41: Installing BranchCache for Network Files 3. Edit the Computer Configuration\Administrative Templates\Network\Lanman Server\ Hash Publication for BranchCache policy. Enable the policy and select one of the following options: 4. Allow Hash Publication Only For Shared Folders On Which BranchCache Is Enabled Allow Hash Publication For All Shared Folders
If you choose to enable BranchCache only on selected shared folders, use the Share And Storage Management console on the file server running Windows Server 2008 R2 to edit the properties of the share that you want to use with BranchCache, and then click Advanced. In the Advanced dialog box, enable BranchCache, as shown in Figure 842.
Figure 8-42: Enabling BranchCache on each share Note MORE INFO: CONFIGURING SERVERS TO SUPPORT BRANCHCACHE To learn more about configuring Windows Server 2008 R2 to support BranchCache, consult the following TechNet document: http://technet.microsoft.com/en-us/library/dd637785(WS.10).aspx. EXAM TIP Remember the syntax of the netsh branch cache set service command and that it configures the BranchCache service and firewall rules automatically.
Practce: BranchCache Configuration BranchCache can use the Distributed Cache mode to share a cache of remote files and Web server data among clients running Windows 7 on a branch office network. Distributed Cache mode can be configured using Group Policy or by using the Netsh command-line utility. Example EXERCISE: Configuring BranchCache In this exercise, you use the Netsh command-line utility to configure the BranchCache client settings of a computer running Windows 7. To complete this practice, perform the following steps:
1. 2. 3.
Log on to computer Canberra using the Kim_Akers user account. Open an elevated command prompt. Issue the following command:
Netsh BranchCache show status Verify that the service mode is set to disabled and the current status of the service is stopped. 5. Issue the following command: Netsh BranchCache set service mode=distributed 6. Verify that the status message indicates that two firewall rules have been enabled and the service startup type has been set to Manual. 7. Issue the following command: Netsh BranchCache show status 8. Verify that the service mode is set to Distributed Caching and the current status of the service is running. 9. Issue the following command: Netsh BranchCache set cachesize size=25 percent=True 10. Issue the following command: Netsh BranchCache show localcache 11. Verify that the maximum cache size is set to 25% of hard disk. 12. Issue the following command: Netsh BranchCache reset 4.
Copyright © OnBarcode.com . All rights reserved.