LAB6F: CREATING AND SHARING A RESOURCE
One important aspect of a Windows NT Domain is the ability to share applications, files, printers and other resources on the network. Resources created on Windows NT Server computers are available to all users in the domain, and it is a simple administration task to allocate permissions to users.

In this exercise, we will create a shared directory, and allocate permissions accordingly. The shared directory can be used by certain members of the domain [typically a local group] to share files and data.

Before doing this lab, run User Manager for Domains, and add Logon local rights to the group Sales.

1. Logon to the PDC as administrator and start the Windows NT Explorer
2. Create a new directory under the root directory of the Windows NT server partition, and call it TEMP
3. Right mouse click on the new directory TEMP to pop up the menu of options

   

4. Select the Sharing option, which brings up the following window

   

5. Click on the Shared as, Enter SALES DOCS as the share name, and the click on the Permissions tab.

   

6. You can see that by DEFAULT, NT SERVER ASSIGNS THE GROUP EVERONE FULL CONTROL TO A NEWLY CREATED RESOURCE
7. Remove the group EVERYONE, and assign the FULL permission rights to the Local Group Sales. Close NT Explorer.
8. At the BDC, logon as user1, and using Network neighborhood, connect to the share SALES on the PDC
9. Create a new text file, and save it. This verifies that you have the correct permissions.

   Remember that you created a share on the PDC and assigned permissions for that share to the Local group Sales. You removed the permissions for the group Everyone.

   When accessing resources, you must also remember that the permissions at the file system level are also important. We are using an NTFS partition, which has file and directory level permissions associated with it. The next section looks at what the file level permission settings are, and how they affect access.

10. Close Network neighborhood on the BDC
11. At the PDC, where you are logged in as administrator, start up Explorer and highlight the TEMP directory you created earlier, which is shared as SALES
12. Right mouse click on the subdirectory TEMP, and select the option Properties

    

13. From the menu shown about, select the tab Security, then Permissions. This will display a list of the current permissions for the directory TEMP, which looks like

    

    Note how the group EVERYONE has Change [RWXD] rights to this directory.

14. Remove the Group EVERYONE from the permissions for this Directory, the click on OK
15. Log off the BDC, then back on again as user1 and try connecting to the share again.
16. What happened?

    
    	...............................................................
    
    

17. What would you do to correct this problem?

    
    	...............................................................
    
    	...............................................................
    
    

18. Apply your solution and verify that it works before continuing with any further exercises

Summary
Permissions are assigned at the SHARE and at the File system level. By default, Windows NT server places every use created into the group EVERYONE, and, when creating a new directory or share, automatically assigns rights to that resource so the group EVERYONE can access it.

If you want to secure any resources by restricting access, you should ensure that the appropriate permissions have been set at both the share and file system level.