ACCESS RIGHTS MANAGEMENT COURSE

SERIES 03

TEACHING OBJECTIVE:

At the end of this series, the trainees will be able to explain

the concept of sharing the different resources of the network.

LESSON PLAN:
I. DEFINITION
II. SHARING OF FILES
1-Standard file sharing (in place);
2-Sharing of public folders;
3-Manage sharing permissions;
4-Sharing authorizations;
5-Set the sharing permissions;

[Link] SHARING
[Link] A STORAGE UNIT
V. ACCESS A FILE OR RESOURCE VIA
THE NETWORK
1-Map a network drive;
2-Disconnect a network drive;

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "CNEPD PROPERTY" PAGE 1

I. DEFINITION :

Microsoft Windows Server 2008 supports two models

sharing: standard file sharing and sharing
public files. The first allows remote users
to access the network resources: files, folders, drives,
etc. When you share a folder or a drive, all the
files and subfolders it contains are made available
of a specific group of users. As it is not
necessary to move the files from their current location,
standard file sharing is also called sharing of
files in place.
II. SHARING OF FILES:
Sharing is used to control access for remote users.
authorizations that apply to shared files do not
aucune incidence sur les utilisateurs qui se connectent
locally to a server or workstation that has
shared folders.
Sharing settings determine how the
Files are shared. Here are the differences between the two.
sharing modes supported by Windows Server 2008:
1- Standard file sharing (in place):
Remote users access files, folders and
to readers on the network. When you share a folder or
a reader, you return all its files and subfolders
available to a specified set of users. The
sharing permissions and access permissions constitute
a way to control who can access shared files and
the level of access granted. It is not necessary to move the
files that you share.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 2

 2- Sharing of public folders:
Local users and possibly remote users access
anyway which file placed in the file
%SystemDrive%\Users\Public of the computer. The
Access permissions set on the Public folder determine
the users and groups who have access to
publicly shared files, as well as the level of access that
they benefit. If you copy or move files to the
Public files, their access permissions change to
to conform to those of the Public file. Some permissions
supplements are also added. If a computer
belongs to a working group, it is possible to add a
password protection for the Public folder. This protection
additional is not necessary in a field. Indeed,
only users from the domain can access the data
of the Public file.

As part of standard file sharing, access to

local users to the data stored on a computer is not
automatic step. You control it using the settings of
local disk security. On the other hand, with file sharing
public, the files copied or moved to the Public folder
are made available to all users who open a
session locale. You are also free to grant access
network in the Public folder. However, you will open the folder
Public and its content to anyone with access to
the computer on the network.

The sharing of public folders centralizes file sharing

and user folders. To access this location
unique, in Windows Explorer, click Start, then
on Computer. Click on the leftmost option button
in the address list and on Public. As part of sharing
public folders, copy or move the files to share in
the folder %SystemDrive%\Users\Public of a computer.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 3

 3- Manage sharing permissions:
Sharing permissions define the possible actions.
in a shared folder. By default, when you create a
sharing, all people with access to the network have
to read access to the content of the share. This is a
important change, because in previous editions,
The default permission was Full Control.
4- Sharing permissions:
Starting from the most restrictive, the sharing permissions
available are the following:
No access No permission is granted for the
share.
ReadWith this authorization, users can:
■Afficher les noms des fichiers et des sous-dossiers ;
Access the subfolders of the share;
Read the data and attributes of the files;
Execute program files.
ModifyThe users have read permissions,
as well as the right to:
Create files and subfolders;
■Edit the files;
■Modify the attributes of files and subfolders;
■Delete files and subfolders.
Full control Users benefit from permissions
previous ones as well as, in the case of NTFS volumes, the right to:

■Modify the permissions of files and subfolders.

■Take ownership of files and subfolders. You can
assign sharing permissions to users and
groups.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "CNEPD PROPERTY" PAGE 4

 5- Set sharing permissions:

In Computer Management, add permissions

of users, computers, and groups to the shares in
proceeding as follows:
1-Right-click on the share to manage, then select
Properties.
In the Properties dialog box, click on the tab
Sharing permissions.
3-Choose Add. The Select dialog
Users, Computers, or Groups appear.
4-Enter the name of a user, computer, or group
of the current domain, and click on Check names.
If a unique match is found, the box of
dialogue est automatiquement mise à jour et l’entrée est
underlined.
If no match is found, you are
perhaps mistaken during entry or you are not working
in the right field. Correct and start again.
If multiple matches are found, choose
the name(s) you wish to use and click OK.
Pour ajouter d’autres utilisateurs, ordinateurs ou groupes,
type a semicolon (;) and restart this step.
5-Click OK. Users and groups are added to
the list Groups or usernames.
6-Configure access permissions for each user,
contact, computer and group by selecting a name from
compte, puis en lui accordant ou en lui refusant des
access permissions. Don't forget that you are looking to
define the maximum permissions that can be granted
to grant to a user, a contact, a computer or a
group.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 5

 7-Click OK when you are done. To assign
additional security clearances for
NTFS volumes, refer to the section 'Set up'
permissions related to files and folders
in this chapter.
[Link] SHARING
Installer une imprimante sous réseaux
Windows Server 2008 allows you to install and manage
printers anywhere on the network. To install or
set up a new printer under Windows Server 2008
You must be a member of the group Administrators, Operators
of printing or Server Operators. To connect to
the printer and print documents, you must benefit
adequate access permissions.
A network printer is a printing device that is
directly connected to the network via a network card. Such a
the printer is configured as a printing device
network to be accessible to all users network like
shared printer. The server from which you.
configure becomes the print server for this
printer.
To install a network printer, follow these steps:
1-In Print Management, expand the Servers node
of printing and then that of the server to be exploited.

Right-click on the Printers node of the server and

choose Add a printer. This action starts
Network Printer Installation Assistant.
3-On the Printer Installation page, select the option
Add a TCP/IP printer or web services by address
IP or hostname and click Next.
4-On the Printer Address page, in the Type list
device, choose one of the following options:

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 6

 a. Automatic detectionChoose this option if you
You are not sure about the type of printing device.
Windows Server 2008 then tries to detect it
automatically.

b. TCP/IP Peripheral Choose this option if you are

Sure that the printer is a TCP/IP device.
c. Web Service Printer Choose this option if
Are you sure the printer is a peripheral?
Internet printing.
5-Enter the hostname or the printer's IP address,
like [Link]. With the Detection options
automatic and TCP/IP Peripheral, the assistant defines the
port name has the same value. You can modify it.
6-Click Next and the assistant tries to detect
automatically the printer on the network. If this
detection does not succeed, please check the following points:
You have selected the correct type of printer;
The printer is powered on and properly connected.
to the network;

The printer is correctly configured;

The IP address or the name corresponds well to the IP address of
the printer.
7-Click on Previous to review the type of device,
the IP address or the name you assigned to this
printer.
8-If the information is correct, it remains to identify the
device. In the Type area of the Information page
additional requirements regarding the port, select
Standard then the model of the printer or its type
network card or select Custom and then click
Parameters to define specific settings,
like the SNMP (Simple Network Management Protocol) protocol and behavior

Network Management Protocol.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 7
 9-On the Printer Driver page, choose one of the
following options:

If Windows detects the type of printer connected to

selected port and finds a compatible driver, it
list by manufacturer and model and the Use the driver option
the printer selected by the Assistant is selected
by default. To accept this setting, click on
Next.
If no compatible driver is available and you
you want to choose an existing driver installed on the computer,
select the Use a printer driver option
existing on the computer. After selecting the driver
appropriate, click Next.

If no compatible driver is available and you

to install a new one, select the option
Install a new driver. Indicate the manufacturer and the
printer device model and click on
Next. Windows Server 2008 can thus assign a
printer driver to the printing device.
Choose the manufacturer, then the model. If the manufacturer and the
Employee models do not appear in the list, click
on the disk provided to install the new driver.
10-Assign a name to the printer. This is the name that
will appear in Print Management.

11-Indicate if the printer is accessible by users

remotely. To do this, select the option Name of
share and enter a name. In a large company
scope, choose a logical name that situates
geographically the printer.
12-If you wish, enter a description of
the location and a comment. This information
help users locate printers and
determine the capabilities.
INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 8
 13-Check the settings on the last page. When you
Are you ready to finish the installation, click Next.

14-After Windows has installed the printer driver and

I set up the printer, a status page appears. Make sure to
you that the installation of the driver and the printer was successful
before proceeding. In case of error, resolve them
problems and repeat this process. To test
the printer, check the box Print a test page and
click on Finish. To install another printer,
check the box Add another printer and click on
Finish. When the assistant has completed the installation of the
new printer, the Printers folder contains a
additional icon labeled based on the chosen name. It
It is possible to modify the printer properties and
to check its status at any time.
IV. SHARING A STORAGE UNIT:
Volumes are fundamentally created and managed like the
partitions. A volume is a section of disk that we use
to store data directly.
Before making a hard drive available to users, it
must be configured according to the use for which it is intended. Windows
Server 2008 provides several ways to configure disks
hard. The chosen method mainly depends on the types of
data to be processed and the needs of your network environment.
In the case of standard user data, stored on
workstations, configure each hard drive as
from an isolated storage unit. The data is then recorded
on the hard drive of the workstation for use and a
local access. Although data storage on a single
Although this method is convenient, it is not always the most
reliable. To improve reliability and performance, combine
several disks. Windows Server 2008 supports the
partition aggregates and RAID networks (Redundant Array of
Independent Disks), integrated into the operating system. The
INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "CNEPD PROPERTY" PAGE 9
RAID systems are generally installed on servers
Windows Server 2008 rather than on workstations.
So when we use fixed disk drives on
Microsoft Windows Server 2008, it is often necessary to
carry out complex disk configurations, such as the
creation of fragmented volumes or RAID sets
Redundant Array of Independent Disks, redundant network of
independent disks). In an aggregate, you can create a
unique volume spread across multiple drives. Users
access this volume as if it were a single drive,
regardless of the number of readers it is distributed to. A
A volume that only covers a disk is said to be simple. A volume
covering several disks is called fragmented. In a network
RAID, you protect your important business data.
and in some cases, improve disk performance.
Microsoft Windows Server 2008 recognizes three of the levels of
RAID technology: 0, 1, and 5, which correspond to
respectively to the mirrored volume, aggregated by bands and
aggregated by bands with parity.
V. ACCESSING A FILE OR RESOURCE
VIA THE NETWORK:
Users can connect to a network drive and to
shared resources available on the network. This connection
takes the form of a network drive to which users
access it as any other reader of their system.
Note:
When users connect to network drives, they
are not only subject to the permissions defined for the
shared resources, but also to those of the files and
Windows Server 2008 files. The differences between these
authorizations are generally the source of difficulties
encountered by users to access a file or a
specific subfolder of the network drive.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 10

 1- Map a network drive:
If the client computer is running Windows Vista, here is
how to map network drives:
1-In the user's session, open the Explorer
Windows on his computer;
2-In the Tools menu, select Connect a drive
network. The Connect Network Drive dialog
appears;
3-Using the Reader field, create a reader now.
network for a shared resource. Select a letter
available to create a network drive accessible in
l’Explorateur Windows;
4-In the File field, enter the access path of the
share in UNC format. To access the DOCS share of a
server ROMEO, for example, use the path
\ROMEO\DOCS. If you do not know the location of the
share, click on Browse to search for shares
available. After selecting the appropriate sharing,
click OK to close the Find dialog
dossier ;
5-If you want this network drive to be
automatically connected during subsequent sessions, check the
case Reconnect at login. In the case
opposite, uncheck this box and double click on the drive
network to connect to;

6-To connect using a username

different, click on Different Username, then enter a
username and a password. Click OK to
close the dialog box Connect as.

7-Click Finish to map the network drive.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "CNEPD PROPERTY" PAGE 11

 2- Disconnect a network drive:
To disconnect a network drive:
In the user's session, launch the Explorer
Windows on his computer;
In the Tools menu, select Disconnect a drive
network. The Disconnect Drives dialog box
network is displayed;

c-Select the drive to disconnect, then click on

OK.

PRACTICAL WORK:
TP1: Creating a new user account (10 minutes)
TP2: Creation of a new group account (10min)
TP3: Install and share a fax printer for
network users (30min)
TP4 :Share a folder or a drive (10 minutes)
TP5: Define permissions for shared folders
(30 min)

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 12

PRACTICAL WORK:

In order to carry out this practical work, the student must have
of a virtual machine or a physical machine on which
is installed Windows Server 2008 or Windows Server 2003
with all the default roles (AD, DNS...).
TP1: Creation of a new user account (10 minutes)
To manage domain users, create accounts
users in Active Directory domain services
(AD DS).
To carry out this procedure, you must belong to the
minimum to the Account Operators group, Admins of
domain, Company administrators or to an account
equivalent. Or simply access with the account
Administrator.
To create a new user account using
the Windows interface:
1-To open Active Directory Users and Computers,
click on Start, on Control Panel,
double-click on Administrative Tools, then
sur Users and Active Directory computers;
2-In the console tree, click with the
right-click on the folder to which to add an account
the user Users and computers
Active Directory\domainnode\folder

3-Point to New, then click on User.

In FirstName, type the user's first name.
5-In Initials, enter the user's initials.
6-In Name, type the user's name.
7-Modify the Full Name to add initials or
reverse the order of the last name and the first name.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 13

 8-User login name,
type the user's login name,
click on the UPN suffix (User Principal Name)
in the dropdown list, then click on Next.
If the user plans to use another name to...
connect to computers running the systems
Microsoft® Windows® 95, Windows 98 Operating System
in Windows® NT, you can replace the name
user session login as it appears
user login name
(before Windows 2000) by another name.

9-Password and Confirm password,

enter the user's password, then select
the appropriate password options.
TP2: Creation of a new group account (10min)
To create a new group account using
the Windows interface
1-To open Active Directory Users and Computers,
click on Start and on Control Panel,
double-click on Administrative Tools, then
on Active Directory users and computers.
2-In the console tree, click with the
right-click on the folder under which to create a new one
group; Users and computers
Active Directory\domainnode\folder
3-Point to New, then click on Group.
4-Enter the name of the new group. By default, the name that
you type is also entered as the name prior to
Windows 2000 of the new group.
5-In the group range, click on one of the options.
6-In Group Type, click on one of the options.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 14

TP3: Install and share a fax printer for
network users (30min):
Yes, when you install the fax server role, you
you have not connected any fax device to the computer,
une connexion d’imprimante-télécopieur locale, la fonction de
fax is automatically created in the folder
Imprimantes du Panneau de configuration. Si cette connexion
the printer-fax is damaged or deleted, you
can you create another one by adding a new account of
fax. If you have installed the fax server role and
that a fax printer is already installed, carry out the
steps of the following procedure that allow sharing
the printer so that users can connect to it.
The procedure below explains how to create and then share
a new fax printer for your users
may have access.

1-Click on Start, then on All Programs, then

Fax and scanning Windows.
2-Click on Tools, then on Fax Accounts.

3-In Fax Accounts, click on Add to

open Fax Configuration.
4-On the page, choose a modem or a server
fax, click on Connect to a modem
fax.
5-You may be asked to install a modem. For this
do, follow the instructions of the Assistant Addition of
matériel.
6-In the pageChoose a modem name, type a
name for the fax modem, then click
surFollowing. The default name is Fax Modem.
7-In the page Choose how to receive the
Faxes, click on the option of your choice.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "CNEPD PROPERTY" PAGE 15

 The new fax modem must appear in
Fax accounts, account name.
9-Then, to share the printer that has just been
created, click on Start, then on Panel of
configuration.
10-SubMaterial, click on Show devices
and printers.
11-Dans la liste d’imprimantes, cliquez avec le bouton droit
on Fax, click on Printer Properties,
then on the Share tab, select Share
this printer, then give the printer the name
what you want the users of your network
see.
12-If you want to allow the use of this
printer to users whose computers are
equipped with different versions of Windows, click
Additional drivers to install the drivers
necessary.
13-In Additional Pilots, check the box
pour l’architecture à prendre en charge. Il vous est
requested to provide a path to the driver.
Indicate the path access to
C:\Windows\System32\DriverStore\FileRepository\
[Link]* on computers showing
the architecture that you want to support.
14-To be sure that the files have been correctly copied,
in Windows Explorer browse the hierarchy
until %windir%\System32\spool\drivers\ and find the
folder that contains files for the architectures
selected.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 16

TP4: Share a folder or a drive (10min)
To share a folder or drive using the interface
Windows :
1-Open the Computer Management component;
2-If the User Account Control dialog
The user's action appears, confirm that the displayed action
is the one you want, then click on Yes.
3-In the console tree, click on Tools
system, then click on Shared Folders and click
surShares.
4-In the Action menu, click on New share.
5-Follow the steps of the Folder Creation Assistant
shared, then click on Finish.

TP5: Define permissions for shared folders

(30min) :
Sharing permissions apply to users who
connected to a shared folder on the network. Share some
authorizations do not affect users who open a
locally, or using Remote Desktop.
To define permissions for users who open
a local session or using Remote Desktop, use
the options on the Security tab instead of the Sharing tab
of permissions. This defines permissions at the level of the
NTFS file system.
If the sharing permissions and system permissions
files are defined for a shared folder, the permissions
the most restrictive apply when connecting to the file
shared.
For example, to provide read access to a folder
shared with users in your domain, on the Share tab
permissions, set permissions for the
groupAll the world control total. On
In the Security tab, specify a more restrictive access by defining
INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 17
permissions to the Domain Users group for a
read access. Result: a user member of the
domain user group has read access
only from the shared folder when the user is connected via
network sharing, via Remote Desktop or has logged in
locale.
To set permissions on a shared folder using
of the Windows interface
1-Open the Computer Management component.
2-If the User Account Control dialog
The user's action appears, confirm that the displayed action
is the one you want, then click on Yes.
3-In the console tree, click on Tools
system, then click on Shared Folders and click
surShares.
4-In the information panel, click with the button
right-click on the shared folder, then click on Properties.
5-Under the Sharing Permissions tab, set the
authorizations you wish:
Click on Add to assign to a user or to a
group the permission to access a shared folder. In
the dialog box Select users, the
computers or groups, search or type the name
of the user or group, then click OK.
Click on Delete to remove access to the folder
shared.
To define individual permissions for
the user or group, in Permissions for
group you user selectAllow
Refuse.
6-To define file and folder permissions that
apply to users who log in locally
or using Remote Desktop services, click on
the Security tab and define the authorizations
appropriate.

INF 0706/CYCLE II/SERIES 03 INF 0706.[Link] "PROPERTY CNEPD" PAGE 18