Lesson 6. Shared folder for downloaded files. Set up folder sharing

Page 16 of 16

Sharing in Windows Vista

Let's now take a closer look at how you can organize network access to the resources of a computer running Vista OS. In general, the process is similar to that in Windows XP, but there are some differences.

Setting up access using "Shared Folders"

What in XP was called " General documents", began to be called simply the "General" folder. By moving files to it, you can easily provide access to them to other network users. However, the following points must be taken into account. If in the settings the network status is set to " Public place", access to shared folders will be automatically disabled for security reasons. Also, to access the shared folder, the following settings must be configured. Sharing with password protection– disabled (otherwise only computer users who have accounts on it and after entering a password will have access to the shared folder). Network discovery– included. File sharing is enabled. Sharing public folders – enabled (additionally, you can choose whether users can edit and create files in public folders on this computer).

Setting up access without using "Shared Folders"

If for some reason moving files to the General folders is not practical, you can configure network access to separate folders. To do this, select the folder for which you want to configure permissions. Right-click on it and select Sharing from the menu that opens.

The Share File dialog box opens. In the center of the window there is a list of users who will be allowed access to the specified folder. The user account that is used in this moment, is automatically added to this list. To add other accounts, use the drop-down list located just above. If you need to provide access to all network users and local computer, select the Everyone account. If you need to provide access to an account that has not yet been created on the local computer, select the Create a new user line. After selecting an account, you must click the Add button. Selected Account will appear in the list window. You can now change the access level for this account.

To do this, click the downward arrow to the right of your account. You can specify the following permissions - reader (fun detail: in the help files, reader is translated as Reader; this level allows you to view files), co-author (allows you to view files and add new ones; edit and delete files added by him), and co-owner (allows you to read, edit , add and delete any files in the shared folder). If you want to remove a user from the list, select Remove.

When the list of users is completely configured, click the Share button located at the bottom of the window. After the system configures the folder, a window with summary information will open.

This window displays the network name of the folder to which the general access. You can use the links to email this name or copy it to your clipboard. Another one useful link located at the bottom of the window (it is also located at the bottom of the Network and Sharing Center window). It allows you to view at once all the resources on your local computer that are shared.

Printers installed locally on the system can be used by any computer user. To allow your printer to be used by others on your network, you must share it. Access settings are also located in the Network and Control Center. Click the arrow button next to the Usage section shared printers. To share the printer, select the Enable printer sharing check box. It should be noted that if the Password Protected Sharing option is enabled, only those users whose accounts already exist on the local computer will have access to the printer.

Windows 2000/XP/2003 systems allow you to configure access to files and folders using installation permits, those. defining rules associated with an object that are used to control user access to that object. Permissions allow you to prevent unauthorized access to files and folders and are an important component of the Windows computer protection system.

Options to protect files and folders using permissions in to a large extent depends on file system computer. IN modern systems Windows 2000/XP/2003 most widely used file systems are FAT32 (File Allocation Table) and NTFS (file system new technology), and the NTFS system is actively replacing the FAT32 system. The reason is that the NTFS file system provides significantly more ample opportunities according to exact and efficient setup access to files and folders, providing, unlike FAT32, the ability to set permissions not only for the folder as a whole, but also for individual files and subfolders. NTFS also allows you to specify which users and groups have access to shared files and folders, which is completely inaccessible for FAT32 systems.

Additional tool NTFS protection in Windows 2000/XP/2003 is to encrypt individual directories using EFS systems(Encrypting File System- encrypted file system). Encryption is a whole separate branch of the science of cryptography, which allows you to turn a coherent set of data into a jumble, understandable only to those for whom this data is intended. Although we won't cover EFS tools in this book (if you're interested, check it out), you should consider this feature when choosing between NTFS and FAT32 file systems.

Windows 2000/XP/2003 allows you to set members of a specific group
access permissions to each file and file folder NTFS systems. We emphasize that this feature is implemented only for the NTFS file system, but not for the FAT16 and FAT32 file systems. File system protection gives the system administrator the ability to protect files and folders from unwanted viewing, modification, or deletion.

Windows 2000/XP provides extensive permission settings. When setting permissions for a file or folder, an administrator can now view permissions inherited from parent folders. Additionally, directories may not use inherited permissions from their parents. The point is that if the administrator determines that permissions should be applied to all subfolders, then each directory within the current directory will receive new permissions that override the previously set ones and may pose a security threat to the information in those folders. IN new version The NTFS file system offers permission settings that are somewhat more efficient and secure.

Default, Windows system 2000/XP/2003 grants each newly added user or group all permissions to access files and folders NTFS volumes. For this purpose, the system has a group All(Everyone), which, by default, includes all users who have local and network access to the computer and group members All(Everyone) every folder and NTFS file is open for full access. Thus, each new user, when logging in, will be able to read, write, execute, delete and modify files and folders. This poses a major threat to integrity and confidentiality computer information, and after adding a new user, you should immediately change the access permissions to file system resources.

To change access permissions for the My Documents folder in Windows 2000, do the following (the procedure is similar in Windows XP/2003).

4.1 In dialogue Windows Explorer 2000, right-click on the shared folder for which you want to change the access permissions.

4.2 Select from the appeared context menu paragraph Properties(Properties); a dialogue will appear on the screen Properties(Properties).

4.3 Click on the tab Access(Sharing); The dialog shown in Figure 11 will be displayed.

Figure 11 – Shared folder access properties dialog box

4.4 Click the button Permissions(Permissions); the dialog shown in Fig. will be displayed. 12. On the list Name(Group or user name) lists the user and group accounts that have been assigned permissions to of this object listed Permissions(Permission for) at the bottom of the dialog.

Figure 12 – Account Permission Settings dialog box

4.5 Click the button Add(Add); a dialog will be displayed Select: Users, Computers or Groups(Select Users, Computers, or Groups), shown in Figure 13. The dialog lists all available groups, including system, built-in and created by the user.

Figure 13 – Selecting a group to set permissions

4.6Select from the drop-down list Search in(Search in) container in which the group account you need is stored; V in this case we chose A1ex.

Figure 14 – New members have appeared in the list of users and groups

4.7 Click on a group Financial, and then click on the button Add. Now in the dialogue in Fig. 14 will be listed a new group, along with the group All(Everyone).

4.8 Setting permissions to access files and folders is a very important procedure, since errors can lead to holes in the computer’s security. Therefore, Windows 2000/XP systems provide many other, more subtle options for setting permissions, which can be accessed by clicking the button Additionally(Advanced) in the dialog fig. 15. This will display the dialog shown in Fig. 16.

Figure 15 – Permissions for the All group by default

Figure 16 – Additional properties for folders and NTFS files

Features Windows 2000 provides to control access to folders and files NTFS, are quite extensive (Windows XP/2003 systems provide even more advanced tools):

Tab Permissions(Permissions) allows you to edit the list of users and groups, as well as set access permissions using a very extensive set of options, displayed by clicking on the button Show/Change(Edit).

Tab Audit(Auditing) allows you to set the mode audit, i.e., monitoring user actions when working with folders and files - you can, for example, set up tracking of attempts of unauthorized access to a file system resource. This is a very important information security feature, and we'll cover it in the “Setting Up Auditing” section later in this chapter.

Tab Owner(Owner) displays a list of owners of a folder or file, i.e. users who have the right to set access permissions on a folder or file. By default, the owners of folders and files are members of the Administrators group, and only by becoming the owner of a folder or file can you perform all possible actions with them.

Progress

1. Learn the principles of installing and configuring network printers.

2. Explore the settings for sharing files and folders

3. On the desktop, create a folder named “Student’s last name and group” (for example, Ivanov 3VT). Perform all steps in paragraphs. 3, 4 in relation to the created folder.

3.Progress of work

4.Answers to security questions.

Control questions

1. What tabs does the printer properties window contain?

2. Give the concept of public access.

3. What is the difference between the concepts “user” and “group”?

4. What built-in groups does Windows 2000 have?

5. What types of permits are there?

To configure shares on the NAS, select "Control Panel" > "Privilege Settings" > " Shared Resources".

This chapter covers the following topics:

Shared folders

You can create multiple shares on the NAS and specify permissions for users and user groups to access those shares. Maximum amount The shares that can be created on the NAS depend on its model. If your NAS model is not available, please visit http://www.qnap.com.

Maximum number of shared folders	NAS models
	TS-110, TS-210, TS-112, TS-119, TS-119P+, TS-212, TS-219P+, TS-x20, TS-x21, TS-410, TS-239 Pro II+, TS-259 Pro+
	TS-412, TS-419P+, TS-410U, TS-419U, TS-412U, TS-419U+, SS-439 Pro, SS-839 Pro, TS-439 Pro II+, TS-459U-RP/SP, TS- 459U-RP+/SP+, TS-459 Pro+, TS-459 Pro II, TS-559 Pro+, TS-559 Pro II, TS-659 Pro+, TS-659 Pro II, TS-859 Pro+, TS-859U-RP, TS-859U-RP+, TS-809 Pro, TS-809U-RP, TS-x70, TS-879 Pro, TS-1079 Pro, TS-879U-RP, TS-EC879U-RP, TS-1279U-RP, TS -EC1279U-RP, TVS-471, TVS-671, TVS-871, TVS-871U-RP, TVS-1271U-RP, TVS-463, TVS-663, TVS-863 and TVS-863+.

To create a share, follow these steps:

To delete a shared folder, select the folder's checkbox and click Delete. In this case, you can select "Also delete data. (Files mounted ISO image will not be deleted)" to delete the folder and the files inside it. If you do not select the option to delete data in the folder, the data will be saved on the NAS. If you create a shared folder again with the same name, the data will be available again.

Icon	Name	Description
	Folder properties	Change folder properties. Can be hidden or shown network drive, enable or disable opportunistic locks, change folder path and comments, restrict Recycle Bin access to administrators only (recovering files from a network Recycle Bin will only be available to administrators), enable or disable write-only permission for FTP connections, and enable encryption and synchronization folders.
	Folder permissions	Editing access rights to a folder and its subfolders.
	Update	Update information about a share.

Folder permissions

Configuring access permissions to folders and subfolders on the NAS. To change basic folder permissions, find the folder name in Permissions Settings > Shared Folders and click Folder Permissions. The folder name will be shown on the left, and the users for whom access rights have been configured will be shown on the right. At the bottom of the panel, you can also specify access rights with guest accounts. Click Add to select other users and groups and specify their permissions. Click the "Add" button to confirm. Click the "Delete" button to remove the configured permissions. You can select multiple items by holding down Ctrl key. Click the "Apply" button to save the settings.

Subfolder Permissions

The NAS supports subfolder permissions to securely manage shares and subfolders. You can specify read, read-write permissions for individual users to each resource and subfolder, as well as deny access to them.

To set permissions for subfolders, follow these steps:

Go to the "Privilege Settings" tab > "Shared Folders" > "Shared Folders". Select the root directory, such as Department, and click the Resource Permissions button. The name of the shared folder and first-level subfolders will be shown on the left. This panel shows the users for whom permissions have been configured. Special permissions are shown below. To view second-level subfolders, double-click a first-level subfolder. Select root folder(Dept). Click "+Add" to specify the access type: read-only, read-write, or deny access for users and their groups.

Special Permissions: This option is only available for root folders. Select this option and select Read Only or Read/Write to allow the user access to all contents of the folder, regardless of pre-configured permissions. When a user with special permission connects to a folder over Microsoft networks, they will be identified as an "administrator". If a user is granted special rights along with "read and write" permission, that user will get full access and will be able to configure folder access permissions in Windows. Please note that the owner of all folders created by such a user will be the "administrator". Since there is no NAS quota limit for the "administrator", the number of files created by a user with special permission and their sizes will not be limited by the predefined quota settings. This option should only be used for administration and backup tasks.

Settings for access to Microsoft network sites

By default, NAS folders can be accessed using Samba (Windows). You can specify allowed IP addresses and hosts by following these steps:

Symbols used:

When using wildcard characters, a dot (.) is also included in the host name. For example, if you enter *.example.com, "one.example.com" and "one.two.example.com" will be selected.

Folder encryption

To protect your data, NAS shares can be encrypted using 256-bit AES encryption. Encrypted shared folders can be mounted for regular access read/write only with a password for authorized users. The encryption feature protects sensitive data in the folder from unauthorized access, even if stolen hard drives or the entire network storage.

Encrypting and blocking a shared resource

To encrypt and lock a share, follow these steps:

Encryption check

After blocking a resource, it will become invisible in the file station. When you unlock the share, it will become visible again in the file station.

Unlocking a Share

To unlock an encrypted and locked share, go to Control Panel > Privilege Settings > Shares, click Manage Encryption in the Action section, and enter the password or upload the encryption key file.

Encryption management

To change encryption settings after a folder has been encrypted, go to Control Panel > Privilege Settings > Sharing and click Manage Encryption in the Action section.

Standard shares cannot be encrypted.

ISO Shared Folders

You can mount ISO image files on the NAS as ISO shares. The NAS supports mounting up to 256 ISO shares.

Models TS-110, TS-119, TS-120, TS-121, TS-210, TS-219, TS-219P, TS-220, TS-221, TS-410, TS-119P+, TS-219P+, TS -112 and TS-212 only support up to 256 network shares (including 6 standard network shares). The maximum number of ISO image files supported by these models is less than 256 (256 minus the standard 6 shares and the number of folders for network recycle bins).

For mounting ISO file on the NAS using the web interface, follow these steps:

The NAS supports mounting ISO image files using a file station. additional information see File Station.

Merging folders

All shared resources on the Microsoft network can be consolidated into a resource portal on the NAS, through which NAS users can access network resources. You can associate up to 10 folders with one portal folder. To use this feature, follow these steps:

Advanced Permissions

"Advanced Folder Permissions" and "Windows ACL" provide permission control at the subfolder and file level. These settings can be enabled together or separately.

Protocols	Permission	Options	Setup Instructions
Advanced folder permissions		3 (read, read and write, prohibited)	NAS web interface
Windows ACL	Samba	13 (NTFS permissions)	Windows Explorer
Both	FTP, AFP, file station, Samba	See application notes (https://www.qnap.com/i/en/trade_teach/con_show.php?op=showone&cid=6).	Windows Explorer

Advanced folder permissions

Use "Advanced Folder Permissions" to directly configure folder permissions on the NAS. There are no depth restrictions for subfolder permissions, but it is recommended that you only change permissions for first- and second-level subfolders. With Advanced Folder Permissions enabled, click Folder Permissions on the Public Folders tab to configure permissions at the subfolder level. Details See the "Shared Resources" > "Resource Access Permissions" subsection of this topic.

Windows ACL

To configure permissions for subfolders and files from Windows Explorer, use the Windows ACL setting. All are supported Windows permissions. Details about Windows work ACL see description standard resolutions NTFS:

You can share Drive folders with colleagues. Once they have access, they will see a copy of the shared folder in their Drive.

Changes you make to a shared folder (such as renaming, adding, or commenting on a file) will be visible to all participants. Information about changes will also be displayed in their Stories.

Full folder access will allow members to edit your files and upload new ones. This way you can work on the same data together.

Note. You can create 50 shared folders and accept invitations to 50 other users' folders.

Folder Access

Access rights

When sharing a folder, you can grant the participant the following rights:

View only - permission to view and download files from the shared folder.

In this case, the participant will not be able to change or add files either on the service page or using programs or applications. (The Yandex.Disk program does not synchronize changes that the participant with limited access made it in a shared folder on my computer.)

Full access - permission to upload new files, change files (rename, edit, publish) and delete them.

Comment files All participants can use the shared folder, regardless of access rights.

Access to separate files and folders inside the shared folder are not configured. Members of a folder lose access to a file in a shared folder if the owner or member with full access deletes the file or moves it to closed folder.

To see who has access to a folder, select the folder and top panel click .

In the same window you can:

change access rights;
deny access to participants (a copy of your folder will be deleted from their Drives).

The new permissions will be automatically applied to the shared folder member as soon as they are changed.

Are other people's folders taking up space on my Disk?

No, a shared folder only takes up space on its owner's Drive. When you accept the invitation, the service will copy the entire folder to your Disk, but the space occupied by the folder will not be taken into account. Therefore, you can accept an invitation to access a folder of any size, regardless of the size of your Disk.

How to quickly navigate to a shared folder?

A list of folders that you have opened or accessed can be seen on the page Shared folders. Each shared folder is marked with an icon.

Actions on shared folders

All members can rename and move the shared folder in their Drive. This does not affect granted or received access rights in any way.
Each participant can refuse access to the shared folder by deleting its copy from their Drive.
The owner of the folder can delete it. For this you need disable sharing to the folder, then delete her and Empty trash. In this case, all participants will lose access rights to the folder.
A member with full access can view, download, change , publish And delete files from a shared folder.
A member with View Only access can view and download files from the shared folder.
Note. If you want to, but cannot, edit or delete a file from a shared folder, ask its owner for full access to the folder.

Comments on public folders

Members of a shared folder can leave comments on the folder and files within it, reply to comments, and put Likes and Dislikes. All participants can comment, regardless of access rights.

To leave a comment:

You cannot change your comment after publication, but you can delete it and write a new one.

The owner of a shared folder can delete comments from all participants and disable comments on a file or folder. You cannot disable comments for all files in a shared folder at once.

When a share member leaves a comment:

You will see a pop-up notification on the right top corner screen.
Information about the comment will appear in the list of all notifications.
If you have Yandex.Disk installed, you will see a message in the lower right corner of the screen.

To view all notifications, to the left of your account portrait, click the icon.