Share Permissions
Network Only
1st line of defense
Read, Change, Full Control
Folders only
Effective permission with multiple group membership
Deny always wins
Combine with NTFS
Administrative shares
Configuring Access-based enumeration which displays only the files & folders that a user has permissions to access.If a user does not have Read(or equivalent)permission to a folder,windows hides the folder from the user's view.
NTFS Permissions
Primary tool for access control
Files and folders
Applies locally + Remotely
Inheritance applies
-can block parent
-can reapply parent
Standard Permission:Full contorl,modify,R+W,R,W,list
Advanced permissions
Order of inheritance (bottom to top)
1.Explicit Deny
2.Explicit allow
3.Inherited deny
4.Inherited allow
Effective access in Advanced security settings - provide what if scenario
Offline Files
Network Shares (offline settings)
Files available when disconnected or "Work Offline"
Very good sync mechanism
Configure with "Offline settings"(caching) or GPO (Computer Cfg-Admin Templates-Network-Offline files)
Disk Quotas
Limit Disk usage
configuration
-windows explorer
-templates
-soft or hard
-drive only in explorer
-set quota for folders in File server resource manager(FSRM) -very useful for file servers
Data Deduplication
Volume Shadow Copy
VSS Useful for
-VM Snapshots
-Backup operations(VSSAdmin alone is not Backup)
-File recovery
File Recovery
-On the fly restore
-Schedule shadow copies
-Not limited to shares
-Monitor large restore jobs
VSSAdmin query reverts /For=Volume, /All
To configure, right click on the drive->configure shadow copies->Enable
Work Folders
Access to User's own work files
-SMB/Mapped
-Domai joined worktation
-Non-domain joined workstation, bring your own devices(these are advantages over offline files)
Available when connected or not
Offline changes automatically synced when reconnected
Transparent conflict resolution(files will be named <name+pc name>if there is conflict)
Hub/Spoke topology
Works with file screens, classification, quotas, clustering
Grant access in setup (best with Group + fine tune with NTFS permission)
Security policies for encryption, screen lock
Can implement with existing folder redirection,offline files,home
Must be locally attached server storage
-No DFS
-No VNC source
1 work folder per user per device
Not collaborative (look to sharepoint, skydrive pro)
Server Basic Configuration Steps
-Define appropriate users-->Groups
-Add Sync server role (under Files and Storage Services)
-Configure Role
-DNS (create A record), Certs, Proxy
Client Configuration
-Control panel configuration
-Access via "work folders"
-Can enforce with GPO (computer cfg-administrative templates-windows componenets-work folders). (user cfg-administrative templates-windows componenets-work folders)
No comments:
Post a Comment