Home > Articles > Operating Systems, Server > Microsoft Servers

Administering Windows 2000 Professional Resources

Review the administration topics covered in the Implementing and Conducting Administration of Resources section of Microsoft's Installing, Configuring, and Administering Microsoft Windows 2000 Professional exam (70-210). Learn how to establish file and folder access, how to share files and folders on a local network or the Web, and how to connect to and share printers.
This chapter is from the book

Introduction

In this chapter, we examine the some of the administration topics covered in the Implementing and Conducting Administration of Resources section of Microsoft's Installing, Configuring, and Administering Microsoft Windows 2000 Professional exam (70-210).

The following material is designed to make you comfortable with establishing file and folder access, as well as sharing files and folders on a local network or the Web. Similarly, you will know how to connect to and share printers. You must also understand how administration differs between file systems.

MCSE 2.1 File and Folder Access

In this section, we look at issues surrounding file and folder access, including moving and copying, naming, compression, permissions, and optimization.

Copying Files vs. Moving Files

Under Windows 2000 Professional, you can either copy or move files. These commands are accessible on any folder menu bar and from the Edit menu bar item, as shown in Figure 2.1.

Figure 2.1Figure 2.1 Selecting to move or copy files.

When you use the Copy command to move files within or between partitions, new files are created that inherit the security characteristics and compression status of the destination parent directory. When you use the Move command to move files between partitions, the same thing occurs. The only difference is that the original files are then deleted. When you use the Move command to move files within partitions, however, the files are not altered, and so they retain their original security and compression characteristics.

Naming Folders and Files

Windows 2000 supports file names that do not adhere to the limitations of the old DOS 8.3 naming convention (e.g., eight characters plus a three-character extension). This so-called long file name support is available under both the NTFS and FAT32 file systems.

Windows 2000 also provides an algorithm to convert long files to the 8.3 naming convention standard to accommodate operating systems that do not provide long file name support. The first six characters of the name, minus any spaces, remain the same. The seventh character becomes the tilde character (~). The eighth character becomes a numeric increment to accommodate for files that have the same first six characters.

After the first four iterations in a volume, however, Windows 2000 changes its tack and no longer converts with the numeric increment. Instead, it keeps only the first two characters, and then inserts five random characters (see Table 2.1).

Table 2.1 Truncated File Names

Original Long file names

file names After the 8.3 Conversion

file tid leans 24.xls

fileti~1.xls

file tid leans 25.xls

fileti~2.xls

file tid leans 26.xls

fileti~3.xls

file tid leans 27.xls

fileti~4.xls

Long file name after four iterations

Truncated file name After Four Iterations

file tid leans 28.xls

filitts1.xls

file tid leans 29.xls

filitts2.xls

file tid leans 30.xls

filitts3.xls

file tid leans 31.xls

filitts4.xls


You should be aware of this if you plan to share files and folders with computers running other operating systems, such as MS-DOS.

Working with File Compression

Windows 2000 Professional provides file and folder compression on NTFS formatted partitions. Compression is allowed for individual files and folders, as well as whole volumes. Any NTFS formatted disk or folder has the ability to contain both compressed and noncompressed files.

Window 2000 file compression can provide up to 2:1 compression. Once enabled, compression takes place automatically and is transparent to both applications and users. NTFS can compress all files in the partition, including hidden and system files (except NTLDR and Pagefile.sys).

Besides being automatic, NTFS compression is optimized for performance. When you select a file to compress, NTFS first determines how much disk space will be saved and compares that to the resources it will take to do the compression. If NTFS decides it is not worth the effort, it does not compress the file. In addition, NTFS compression ratios are not as dramatic as those achieved by other utilities, but neither is performance compromised.

Configuring File Compression

To enable this feature, select a file that you wish to compress, then right-click and select the Properties command to open the Properties dialog box, as shown in Figure 2.2.

Figure 2.2Figure 2.2 NTFS file Properties dialog box.

Here, select the Advanced button to open the Advanced Attributes button, as shown in Figure 2.3.

Figure 2.3Figure 2.3 Enabling file compression.

Next, enable the Compress contents to save disk space checkbox. You may choose to compress entire folders, in which case you are asked if subfolders should be compressed too. You can also compress entire partitions. In truth, however, you are compressing the files within partitions and folders rather than the partitions and folders themselves.

If you enable compression for a folder, then all new files created in that directory are also compressed.

Compression from the Command Line

You can also enable compression from the command prompt using the COMPACT.EXE utility. It reports compression status, ratio, and file size for compressed files in the file list. It can also be used with a number of switches in the format:

COMPACT /<switch> file/folder_name

The possible switches include the following:

/C Compresses files

/U Uncompresses files

/S Compresses all files in a directory (and subdirectories)

/I Continues compression after errors have occurred

/F Forces compression on all files, even if already compressed

/A Compresses hidden and system files

Managing File Compression

The previously mentioned difference between the Copy and Move commands becomes evident when working with compressed files. If you create a file in a compressed directory, it becomes a compressed file. If you use the Copy command to move the file to an uncompressed directory, then the file becomes uncompressed. This is because a new instance of the file has been created that adopts the characteristics of its parent directory.

When the Move command is used, however, a file created in a compressed directory and moved to an uncompressed directory remains compressed. This is because the Move command does not actually move anything, it only directs the source and destination directories to swap pointers, making it appear to move. Since the file does not change, it does not lose its original characteristics.

There is an exception. When relocating a file in another partition, the Move command is unable to play its little trick with directory pointers and must instead copy the file (deleting it from the source partition thereafter). Consequently, a file that is moved from a compressed directory on one partition to an uncompressed directory on another partition would be unco_mpressed.

There is a major difference in the way copying files between computers over the network is handled by Windows 2000 Professional vs. Windows NT 4.0. Under Windows NT 4.0, a file would be decompressed on the server computer before being sent over the network. Under Windows 2000 Professional, a file is copied over the network then decompressed on the client machine. This change makes it faster to copy compressed files over the n_etwork.

Viewing Compressed Files

You may change the display of your compressed file and folders to an alternate color, making it easier to differentiate between compressed and uncompressed data. To do this, select the Folder Options command from the Tools menu bar item to open the Folder Options dialog box, as seen in Figure 2.4.

Figure 2.4Figure 2.4 Changing compressed file display colors.

Under the View tab, enable the Display compressed files and folders with alternate color checkbox.

Troubleshooting File Compression

Note that only NTFS compression is available under Windows 2000 Professional. You cannot use Microsoft's DriveSpace as you can under Windows 9x/Me, for example.

Note also that Windows 2000 Professional supports file encryption, which cannot be used with file compression. You may compress files or encrypt files, but not both.

Working with Permissions

How you control access to your computer's files and folders depends on whether you intend to share them over a network. If you do, share permissions come into play, as described further on. If you do not, you need only be concerned with local security. This restricts access to anyone sitting down at your machine and logging on directly. With local security, you can determine which of your files and folders others may manipulate.

Local security does not exist on FAT-formatted volumes. You have no control over what others do with your data beyond requiring a user name/password log-on. This is scant protection because anyone savvy enough to boot from a system floppy disk could bypass the Windows 2000 Professional log-on and gain direct access to a FAT partition.

Local security under NTFS is quite another matter. First, the only way to access an NTFS partition is through Windows 2000, so the log-on cannot be bypassed. Second, the data that can be viewed after using a given log-on is subject to a wide range of possible permissions controls. In addition, NTFS permissions can be applied to a user who is accessing either a local resource or a shared network resource.

Special NTFS Permissions

The following NTFS special permissions can be applied to any file or folder:

  • Traverse Folder/Execute File. Users with this permission may browse through various folders to locate other folders and files, as well as launch applications.

  • List Folder/Read Data. Users with this permission may see folder and subfolder names. They may also view the contents of files.

  • Create Folders/Append Data. Users with this permission may create folders within a folder, as well as add new data to a file, as long as it does not change existing data.

  • Create Folders/Write Data. Users with this permission may create folders within a folder, as well as add new data to a file that may overwrite existing data.

  • Delete Subfolders and Files. Users with this permission may delete subfolders and files.

  • Delete. Users with this permission may delete folders and files.

  • Read Attributes. Users with this permission may view the system-generated attributes associated with a folder or file.

  • Read Extended Attributes. Users with this permission may view the program-generated extended attributes associated with a folder or file.

  • Write Attributes. Users with this permission may change the system-generated attributes associated with a folder or file.

  • Write Extended Attributes. Users with this permission may change the program-generated extended attributes associated with a folder or file.

  • Read Permissions. Users with this permission may view file and folder permissions.

  • Change Permissions: Users with this permission may view and modify file and folder permissions.

  • Take Ownership: Users with this permission may take ownership of files and folders.

  • Synchronize. Permits threads to synchronize with other threads.

Standard NTFS File Permissions

To apply the standard NTFS file permissions, select a file that you wish to secure, then right-click and select the Properties command to open the Properties dialog box. Next, switch to the Security tab, as shown in Figure 2.5.

Figure 2.5Figure 2.5 Setting NTFS file permissions.

NTFS file permissions combine several NTFS special permissions that can be allowed or denied in the following categories:

  • Full Control
  • Modify
  • Read & Execute
  • Read
  • Write

The special permissions associated with each standard file permission are listed in Table 2.2.

Table 2.2 Standard vs. Special NTFS Permissions

Special Permission

Full Control

Modify

Read & Execute

Read

Write

Traverse Folder/Execute File

Yes

Yes

Yes

No

No

List Folder/Read Data

Yes

Yes

Yes

Yes

No

Read Attributes

Yes

Yes

Yes

Yes

No

Read Extended Attributes

Yes

Yes

Yes

Yes

No

Create Files/Write Data

Yes

Yes

No

No

Yes

Create Folders/Append Data

Yes

Yes

No

No

Yes

Write Attributes

Yes

Yes

No

No

Yes

Write Extended Attributes

Yes

Yes

No

No

Yes

Delete Subfolders and Files

Yes

No

No

No

No

Delete

Yes

Yes

No

No

No

Read Permissions

Yes

Yes

Yes

Yes

No

Change Permissions

Yes

No

No

No

No

Take Ownership

Yes

No

No

No

No


NTFS file permissions can be set individually for each file. If you do, the file permissions override NTFS folder permissions that differ.

Standard NTFS Folder Permissions

To apply standard NTFS folder permissions, select a folder that you wish to secure, then right-click and select the Properties command to open the Properties dialog box.

Next, switch to the Security tab, as shown in Figure 2.6.

Figure 2.6Figure 2.6 Setting NTFS folder permissions.

NTFS folder permissions are also combinations of NTFS special permissions, categorized as follows:

  • Full Control
  • Modify
  • Read & Execute
  • List Folder Contents
  • Read
  • Write

The only difference is the addition of the List Folder Contents permi_ssion.

The special permissions associated with each standard folder permission are listed in Table 2.3.

Table 2.3 Standard vs. Special NTFS Folder Permissions

Special Permission

Full Control

Modify

Read & Execute

List Folder Contents

Read

Write

Traverse Folder/

Execute File

Yes

Yes

Yes

Yes

No

No

List Folder/Read Data

Yes

Yes

Yes

Yes

Yes

No

Read Attributes

Yes

Yes

Yes

Yes

Yes

No

Read Extended Attributes

Yes

Yes

Yes

Yes

Yes

No

Create Files/Write Data

Yes

Yes

No

No

No

Yes

Create Folders/

Append Data

Yes

Yes

No

No

No

Yes

Write Attributes

Yes

Yes

No

No

No

Yes

Write Extended Attributes

Yes

Yes

No

No

No

Yes

Delete Subfolders

and Files

Yes

No

No

No

No

No

Delete

Yes

Yes

No

No

No

No

Read Permissions

Yes

Yes

Yes

Yes

Yes

No

Change Permissions

Yes

No

No

No

No

No

Take Ownership

Yes

No

No

No

No

No


By default, the Full Control permission is granted to the Everyone group when a folder is created. If the default has been changed, or for whatever reason your account no longer has the Full Control permission, you must either be given Change Permissions or Take Ownership permissions, which includes the right to Change Permissions, to be able to reassign Full Control to yourself. You must either be the creator of the file or folder in question or have Full Control or Change Permissions granted to alter permissions on NTFS partitions.

Advanced NTFS Permissions

Although these standard permissions should cover must security scenarios that you are likely to encounter, you are not restricted to them. To apply advanced NTFS file and folder permissions individually, select an object that you wish to secure, then right-click and select the Properties command to open the Properties dialog box. Next, switch to the Security tab (see Figure 2.6). In the lower left, click the Advanced button to open the Access Control Settings dialog box, as shown in Figure 2.7.

Figure 2.7Figure 2.7 Viewing advanced access control.

Double-click any group account in the Access Control Settings window to view and edit special permissions, as shown in Figure 2.8.

Figure 2.8Figure 2.8 Viewing special permissions.

File permissions are applied file by file. Folder permissions, however, can be applied to a folder, a folder plus all of its subfolders, or a folder, its subfolders, and all of the files in that folder and subfolders.

You may select the level of security you prefer from the Apply onto drop-down menu in the Permission Entry dialog box (see Figure 2.8).

Optimizing Access

Unless you explicitly change them, files and folders inherit permissions from their parent objects. For example, if you create a "Downloads" folder at the root level of your computer's hard drive (e.g., C:), then copy the file "MCSE.HTM" into that folder, the file adopts the same permissions as the root. In short, \Downloads inherits its permissions from C:\ and MCSE.HTM in turn inherits its permissions from \Downloads.

You may change this behavior by simply deselecting the Allow inheritable permissions from parent to propagate to this object check box in the Properties dialog box (see Figure 2.6) or Access Control Settings dialog box (see Figure 2.7). This enables the previously described Apply onto drop-down menu.

It also opens the Security dialog box shown in Figure 2.9, in which you may choose to forgo inheritance in favor of your own explicit permissions scheme. Choose with care, for you might make data inaccessible to the system or other users that you should have left alone.

Figure 2.9Figure 2.9 Choosing to bypass permissions inheritance.

You can tell that a file or folder is inheriting its permissions if the permissions check boxes are grayed out, or the Remove button is unavailable (see Figure 2.6).

If your account has Full Control over a folder, you have the power to delete subfolders and files within that folder regardless of the permissions assigned to those subfolders and files individually.

Combined Permissions

Users and groups can both be granted NTFS permissions. Sometimes a user is a member of multiple groups that have different access levels to a resource through NTFS permissions. In such a case, that user's combined permissions, including the least restrictive level granted by these associations, is the effective permission level. The exception comes into play if the user or one of the groups of which the user is a member has been assigned the Deny permission. The Deny permission overrules any other combination of permissions that user might have otherwise been granted.

Taking Ownership

You can assign the NTFS permission to take ownership of files or folders through special permissions. By default, the creator of a file or folder is its owner and has Full Control over it. In order for another user to take ownership, that user must be given that right through NTFS permissions. If the owner has removed every user but himself, only an Administrator can take ownership. (An Administrator always has this access.)

You can give a user permission to use a resource, but you cannot give away ownership. When an Administrator makes himself owner of a resource, he remains owner until someone else that he permits takes ownership, or takes back ownership. This way, an unsuspecting user cannot be made to look like he made changes to someone else's files or folders. It will be apparent that the administrator has ownership.

You can give someone the right to take ownership by granting Take Ownership or Change Permissions special permissions, or Full Control standard permission.

Denying Permissions

Choosing to Deny a permission overrides all other permissions for all users and groups except Administrators. For instance, a user that is a member of Group One, which has Full Control, will be able to Change Permissions. However, if the user is also a member of Group Two, which has been denied Change Permissions, the user is restricted.

Moving or Copying Files

Copying a file from one folder to another applies the permissions of the new host folder to that file. The original file is deleted, and a new one is created in the new folder. Moving a file between folders allows the file to retain its original permissions. The file stays in the same physical location on the disk. In the target folder, a new pointer to the file is created. If a move is made across partitions, however, the file is actually deleted and recreated in the new folder, thus assuming the permissions of the new folder.

Study Break

Assign Special Permissions

Practice what you have learned by assigning special permissions to folders and files.

First, create a folder at the root level of your computer's hard drive (e.g, C:). Next, drag a file into this folder. Open the file's Properties dialog box and switch to the Security tab. De-select the Allow inheritable permissions from parent to propagate to this object check box to access the grayed out checkboxes. Experiment with assigning various standard and special permissions.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020