-----Original Message-----
From: BrainBuzz.com [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 24, 2001 2:29 PM
To: Win2K Tips and Resources - Text
Subject: The Basics of File Sharing
============================================================
Win2K News - January 24, 2001
Windows 2000 News & Resources
http://www.Cramsession.BrainBuzz.com
Over 23,000 Subscribers and Growing!
============================================================
This Week's Contents:
1) Feature Article - File Sharing Basics
2) Ask Uncle Bill
3) Security Advisories
* Patch for "PowerPoint File Parsing" Vulnerability
4) News Headlines & Resources
What's New with Windows 2000 DHCP
Windows 2000 Certificate Services - What, why,
where and how?
What's a Global Catalog Server and where should
I put it?
The Win2k WINS Server: The King is Dead, Long Live
the King
Book Review: Windows 2000 Complete
Automatically Add a User Name to My Computer Object
Microsoft Using the BSOD to Sell Windows 2000
Analysis of Alleged Syskey and EFS Vulnerability
Windows 2000 Reference Desk
Internet Security Magazine Reviews ISA Server
Topaz Ups the Ante for SMS
Support Webcast: Admin and Implement Group Policies
5) Windows 2000 Trivia
~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~
WINDOWS 2000 MAGAZINE
Windows 2000 Magazine - Only $37 A Year! Every issue of
Windows 2000 Magazine is packed with superb coverage of
security, Exchange, Active Directory, and more--and offers
unrivaled solutions you can't find anywhere else. Order
today (at 25% off our regular rate!), and find out why your
peers think we're simply the best independent resource for
Windows NT/2000 professionals.
http://ad.brainbuzz.com/?RC=1006&AI=1841
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For information on how to advertise in this newsletter
please contact mailto:[EMAIL PROTECTED] or visit
http://cramsession.brainbuzz.com/marketing/default.asp
============================================================
1) Feature: The Basics of File Sharing
============================================================
This article is about a very basic feature of network
operating systems that most of us in the industry take for
granted: File Sharing. When you read about "File Shares" you
automatically know what the writer is talking about and go
onto the next subject. File Shares are part and parcel of
your everyday work and probably a big part of your network
maintenance and troubleshooting activities.
But if you are working as an industry Professional, you
probably don't remember way back when you started your first
network and when you began to study network operating
systems. I recall the experience all too well, and when the
writers of the books would refer to file shares, I had no
idea what they we're talking about. Well, a decade makes a
difference and now I'd like to help others who are starting
out.
---------------------
What's a File Share?
---------------------
If you're used to stand-alone computing you've never had a
reason to know about file shares. However, once you network
a couple of computers together, you can take advantage of
one of the coolest features a network has to offer: the
ability to access files located on another computer.
The question is, how do you allow computers to access, open,
copy, move, change and delete files on another computer on
the network? You allow files on a computer to be accessed by
another computer on the network by "Sharing" a folder or the
hard disk. When you share that folder, it "opens it up" to
the network. Other computers on the network can then access
the contents of the shared folder.
The "File Share" is just that. A directory on a local
computer that has been configured to make the files
contained within that folder accessible to other computers
on the network. The computer that shares files then can be
thought of as a "server", and the computers that access the
files in the shared folder are considered "clients". The
network client computer that accesses the shared files on
the server participates in a "client/server" relationship.
---------------------------
How Does File Sharing Work?
---------------------------
When a computer wants to access files via a file share on
another computer, a command is send to the I/O Manager
(remember this from your NT/Win2k architecture studies?).
The I/O Manager sends the request to the Redirector (also
known as the Workstation Service). The redirector forwards
the request to the correct protocol stack (NWLink - TCP/IP
- NetBEUI), and the protocols send the request to the
destination computer.
Once the request arrives at the machine sharing the files,
it is intercepted by that machines network protocol stack
and is passed up to the Server Service. It's that Server
Service that allows the machine to share and make available
files for other computers on the network.
The Server Service directs other services on the machine to
get the file from the hard drive, and then it sends the file
information back to the computer that made the request. The
requesting computer gets the file and passes the information
up its protocol stack and up to the user agent (application)
that began the process. At this point, you can work with the
file.
A critical point to keep in mind is that you don't share
individual files. Even though the thing is called a "File
Share", it is actually a container that is shared. If you're
a well-heeled admin you might think this is obvious, but I
have taught more than my share [sic] of admins who I've
caught right-clicking on a file looking for the "share"
command.
-----------
Permissions
-----------
There are two ways you can control access to file shares:
via Share Permissions or via NTFS Permissions. Of course,
the folder must be located on an NTFS partition or volume
if you plan to use NTFS permissions.
A lot of hot air has been spent regarding the subject of
"resolving" Share and NTFS Permissions. That was a big deal
in the Windows NT 4.0 exams, although somewhat less
emphasized on the Windows 2000 exams. The reason why it
should be de-emphasized is because you shouldn't apply share
permissions in the first place.
Best practices dictate that you should use the default
"Everyone: Full Control" permissions for your Share
Permission and then use NTFS Permissions to control access
to folders and files. This is the best policy, because you
have granular control and can reduce the liability for
confusion when you limit access via NTFS Permissions only.
When you use NTFS Permissions you can apply permissions to
each folder in a Share hierarchy individually. You can also
apply permissions that apply to an individual file, which is
not something you can do with Share Permissions.
---------------------
Administrative Shares
---------------------
The operating system creates several shares that are used
for administrative purposes. Note that all of these shares
(except for the NETLOGON share) end with the "$" sign. When
you end a share with this sign, the share will not appear in
the Browse List. However, do not think of this as a form of
security, because anyone can connect to the share using the
UNC path. The share is only hidden from casual browsers.
C$, D$, etc.
The operating system automatically shares the root of each
drive, which is the drive letter with the dollar sign
appended to it. On a Windows 2000 Professional computer,
only members of the Administrators and Backup Operators
group can access these shares. On a Windows 2000 Server
computer, add the Server Operators group.
ADMIN$
The <systemroot> folder on a Windows 2000 Professional and
Server computer is automatically shared as ADMIN$. Only
members of the Administrators group have access to this
share.
IPC$
The IPC$ share is used during remote administration of a
computer and when viewing a computer's shared resources.
Note that you cannot view the contents of this folder using
the "net use" command.
PRINT$
The hidden administrative share is used for remote
administration of printers. Note that you cannot view the
contents of this folder via the "net view" command. You can
view the contents by typing the UNC path in the Run command
text box.
NETLOGON
This share is used by the Netlogon service of a Windows 2000
Server computer while processing domain log on requests.
Note that this share does not have the same purpose in
Windows 2000 as it did in Windows NT 4.0. In Windows 2000,
startup and shutdown scripts can be placed in this share and
it does not participate in the Replicator service (there is
no replicator service in Windows 2000). Note that this
administrative share is not hidden.
FAX$
Fax clients in the process of sending a fax use this
administrative share. It's used to temporarily cache and
access cover pages stored on a server.
Note that all these shares require you to be a member of the
administrators group to access them, and that they are
created automatically by the operating system. You can
unshare these folders, but they will reappear when you
restart the computer. There are registry entries you can
make to prevent these shares from reappearing, however.
---------------------------------------
Using Windows 2000 Administrative Tools
---------------------------------------
Windows 2000 includes a neat administrative tool you can use
to manage shared folders. Share administration can be done
via the Computer Management console. You can access the
Computer Management console either by right clicking on the
My Computer objects on the desktop and then clicking the
Manage command, or by typing "compmgmt.msc" at the Run
command or command line.
After you open the Computer Management console, expand the
System Tools node and then expand the Shared Folders node.
There you will see all the shares on your computer,
including all of the hidden shares. If you right click on
any of the shares in the right pane, you will be able to
manipulate properties of the share, such as the number of
users that can access the share and the Share and NTFS
permissions. You can also unshare the folder from this
interface.
When you right click on the "Share" node in the left pane,
you can create a new share on your computer. You can also
connect to another computer by right clicking on the
Computer Management node in the left pane and then clicking
on the Connect to another computer command.
----------
Conclusion
----------
File Shares have been the core of Microsoft networking since
it got into the business. They let you access information on
other computers on your Microsoft network by accessing files
in these shared containers. You can control access to these
shared folders by using either Share or NTFS permissions.
The operating system creates a number of administrative
shares. In most cases, you must be a member of the
administrators group to access this information. These
administrative shares make it easier for you to access
information on remote computers for administrative purposes.
Thomas W. Shinder, M.D., MCSE, MCT
Your Kindly Win2k News Editor
Questions? Comments? Come to the Win2K News TalkBack Forum.
http://boards.brainbuzz.com/boards/vbt.asp?b=781
============================================================
2) Ask Uncle Bill
============================================================
---------
QUESTION:
---------
Uncle Bill - I've been studying Microsoft Proxy Server and
also for the Win2k Network Design exam, and I'm little
confused about the terminology. Some places talk about
screened subnets, others talk about DMZs, and then some
other ones talk about perimeter networks. Are these things
the same, or is Microsoft trying to say something different
for each one? Thanks.
----------------
UNCLE BILL SAYS:
----------------
DMZs, screened subnets, and perimeter networks represent the
same entity - a network that you would like to set apart
from your internal network because the machines on that
network are at higher risk of intrusion from users on an
external network, typically the Internet. Note that this
network does *not* connect directly to an external network:
its sits in a "neutral" zone in between the internal and
external networks.
The nice thing about a perimeter network is that you can
place your publicly available servers, such as web, ftp,
mail and DNS, on the perimeter network. When Internet users
need to access your servers, they first go through your
firewall and then to the perimeter network. By placing your
perimeter network behind a firewall, you can control the
exact nature of the traffic moving in and out of your
perimeter network though proper firewall configuration. You
also protect your internal network by placing another
firewall between it and the perimeter network.
To get a better understanding of this issue, Cisco has a
great article on how to configure perimeter networks for
small and large businesses. Check out the link below:
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/tech/firew_wp.htm
-------------
Don't Be Shy!
-------------
Got a question about MCSE certification or an event log
error that just won't go away? Send it in! We'll be
answering a question or two every week. Post your
submissions to Uncle Bill at the Win2K News TalkBack Forum.
http://boards.brainbuzz.com/boards/vbt.asp?b=781
============================================================
3) Security Advisories
============================================================
* Patch for "PowerPoint File Parsing" Vulnerability
This patch fixes a vulnerability that could allow a user to
construct a PowerPoint file that, when opened, could run code
on the reader's systems.
http://www.microsoft.com/technet/security/bulletin/MS01-002.asp
============================================================
4) News Headlines and Resources
============================================================
* Some provided links may be too long to fit in your window
without wrapping. Be sure to copy and paste these long
links into your browser's address bar.
------------------------------------------------------------
What's New with Windows 2000 DHCP
------------------------------------------------------------
You know that DHCP is your friend. Because of it, you don't
have to walk about with a clipboard and document the IP
addressing information on all of your network devices. If
you've used the Windows NT 4.0 DHCP Server and you're
considering the upgrade to Win2k, you're in for a treat.
Check out this article to learn about User/Vendor Classes,
Rogue Server detection, and more!
http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1102&tn=What%2
7s+New+with+the+W2K+DHCP+Server&pi=S1C23&pn=Windows+2000
------------------------------------------------------------
Windows 2000 Certificate Services - What, why, where and how?
------------------------------------------------------------
Certificate Services jellify more MCSE-aspirant brains than
any other Win2k service. Do you know the what, why, where
and how of the Win2k Certificate Server and related
services? Do you know when and how to use certificates?
Check out and print this baby for the details.
http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1103&tn=Window
s+2000+Certificate+Services&pi=S1C23&pn=Windows+2000
------------------------------------------------------------
What's a Global Catalog Server and where should I put it?
------------------------------------------------------------
When I first ran across the term "GC" Server I got quite a
vivid picture in my mind. In medical circles, the acronym GC
stands for "gonococcus". Well, that's not the GC we're
talking about here. The Global Catalog server is a key OM
(Operations Master) in your Windows 2000 domain. To learn
more about the GC role and where to place these servers,
check out this article now.
http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1104&tn=Placem
ent+of+W2K+GC+Servers%2E&pi=S1C23&pn=Windows+2000
------------------------------------------------------------
The Win2k WINS Server: The King is Dead, Long Live the King
------------------------------------------------------------
Win2k promised to free us from the chains of NetBIOS. After
all, all core domain functions in Win2k use DNS, not NetBIOS.
But NetBIOS is not dead yet, and almost all of your MS Server
software prior to Win2k is dependent on NetBIOS. That's why
you need to use the new and improved WINS Server in Win2k.
Check this article out to learn about new features in the
Win2k WINS Server.
http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1105&tn=WINS+E
nhancements+in+W2K&pi=S1C23&pn=Windows+2000
------------------------------------------------------------
Book Review: Windows 2000 Complete
------------------------------------------------------------
Looking for a good overall roundup of Win2k articles and
book chapters? Check out this review of Windows 2000
Complete. Hey, its only $19.99 USD!
http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1109&tn=Window
s+2000+COMPLETE&pi=S1C20&pn=Product+Reviews
------------------------------------------------------------
Automatically Add a User Name to the My Computer Object
------------------------------------------------------------
Hal Bennick provides another hot tip. This one shows you how
to include the logged on user name with the "My Computer"
object on the desktop.
http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1127&tn=Tweak+
My+Computer+in+W2K%2E&pi=S1C1&pn=How+To%27s
------------------------------------------------------------
Microsoft Using the BSOD to Sell Windows 2000
------------------------------------------------------------
Now even Microsoft is getting on the bandwagon! They've been
running a series of advertisements extolling the virtues of
Win2k at the expense of Win9x. This is a great marketing
scheme, and points out the honest truth: Win9x is not a
stable OS and that was never a secret. Check this article
out for details.
http://www.theregister.co.uk/content/4/16139.html
------------------------------------------------------------
Analysis of Alleged Syskey and EFS Vulnerability
------------------------------------------------------------
Microsoft has received reports about possible exploits that
allow users to get around the protection provided by the
Win2k Resource Kit application known as "Syskey". The
biggest concern expressed was that such an exploit may
allow unauthorized users to access files protected by EFS.
Read this analysis of the situation provided by Microsoft.
http://www.microsoft.com/technet/security/efs.asp
------------------------------------------------------------
Windows 2000 Reference Desk
------------------------------------------------------------
Are you hunting down the answer to a particularly difficult
Windows 2000 problem? Or maybe you want to check out the
best Win2k info sites out there? Search now more! Check out
the labmice.net "Reference Desk" and begin surfing. Of
course, check Brainbuzz.com first before wandering away.
http://www.labmice.net/refdesk/default.htm
------------------------------------------------------------
Internet Security Magazine Reviews ISA Server
------------------------------------------------------------
If you've ever audited the hack attempts on your Internet
interface, you know that securing your internal network from
Internet intruders is a must. Internet Security Magazine
reviews Microsoft's new ISA Server and gives it a thumbs up!
http://www.infosecuritymag.com/articles/january01/departments_products1.shtm
l
------------------------------------------------------------
Topaz Ups the Ante for SMS
------------------------------------------------------------
After working with Win2k for a bit, you might think that it
undercuts SMS by offering package deployment features with
the OS. However, SMS isn't dead: in fact, it's going to get
better. The next version of SMS, code-named "Topaz" is in
the works. Check out this article for more info.
http://www.zdnet.com/enterprise/stories/main/0,10228,2675065,00.html
------------------------------------------------------------
Support Webcast: Admin and Implement Group Policies
------------------------------------------------------------
This support webcast covers group policies and how to deploy
them in Win2k. They'll also talk about the difference
between policies in Windows NT 4.0 and Win2k.
http://support.microsoft.com/servicedesks/webcasts/wc020901/wcblurb020901.as
p
------------------------------------------------------------
5) Windows Trivia
------------------------------------------------------------
--------------------
This Week's Question
--------------------
You are the primary support person for a computer lab at a
community college. Recently, a special profile was created
on one of the Windows 2000 Professional workstations for a
visually impaired user. The user makes use of both Windows
Magnifier and Windows Narrator.
You receive a complaint from the user that on two occasions
when she's had to take a break to inject insulin, both
Windows Magnifier and Windows Narrator have "turned off" on
her. With some help from the lab monitor she has found that
she can get them back if she logs off and then back on, but
she cannot do this unaided and it eats her lab time (which
is hard to get). The lab monitor asks you to stop the user's
disability settings from turning off.
Can you do this, and how?
--------------------
Last Week's Question
--------------------
Back when you were running beta releases of Windows 2000
Server, the operating system would display information on
the type of operating system being run along with the build
number in the bottom right hand corner of your desktop.
Now that you've upgraded to the retail versions of Windows
2000 Professional and Server and are dual-booting them on
the same machine, you'd like to have the information on the
OS you are running displayed on the desktop, but full
versions of Windows 2000 don't do this by default. Is it
possible to force a full version of W2K to display this
information?
------------------
Last Week's Answer
------------------
So long as you're not using Active Desktop, this is do-able.
We found the instructions for this courtesy of John Saville's
Windows 2000 FAQ site.
http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=16535
~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~
BEACHFRONT
We GUARANTEE you will pass your exam or you get your money
back! Win2K News subscribers save up to 50%. Call Today.
Win2K Titles Special Only $99.95 each
Win2K Accelerated Exam Special Only $169.95
Order by January 31, 2001 and receive a FREE AUDIO QUIZZER
with each WIN2K title purchased! Check out out new Cisco
2.0, Linux, CompTIA and Citrix Advanced titles today.
CALL (800) 845-8569 FOR MORE INFORMATION OR VISIT US AT
http://www.beachfrontdirect.com/csb49.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
============================================================
Please send comments about this newsletter to the editor:
http://boards.brainbuzz.com/boards/vbt.asp?b=781
============================================================
(C) 2000 BrainBuzz.com. All Rights Reserved.
============================================================
-------------------------------------------------------
Come visit the Cramsession Discussion Boards for chats
about the Questions of the Day.
http://forums.cramsession.brainbuzz.com/boards/
-------------------------------------------------------
_______________________________________________________
This message is from BrainBuzz.com.
You are currently subscribed to
Win2K Tips and Resources - Text
as: [EMAIL PROTECTED]
To un-subscribe from this newsletter by e-mail:
send a blank email message to:
mailto:[EMAIL PROTECTED]
OR
To un-subscribe from this newsletter or any other
please visit our site at:
http://www.cramsession.brainbuzz.com/signup/unsubscribe.asp
-------------------------------------------------------
To subscribe to this newsletter and many others visit
the web page:
http://www.cramsession.brainbuzz.com/signup/
OR
To subscribe to this newsletter by e-mail:
send a blank email message to:
mailto:[EMAIL PROTECTED]
For help on subscribing and unsubscribing please visit:
http://cramsession.brainbuzz.com/webfeed.asp
_______________________________________________________
