Summary

This chapter examined several aspects of security for an SBS installation. The physical security of the server computer should not be overlooked. Keeping the server away from common areas reduces the chance of accidental disconnection or damage. Providing adequate power and temperature protection helps maintain the integrity of data on the server.

Server data is protected with a combination of NTFS and share permissions. NTFS permissions are applied to files and folders and allow users to read, write, modify, and delete files. Individual permissions can be either allowed or denied, with the Deny permission having higher precedence than the Allow permission. All files and folders lower in the directory tree inherit permissions applied to a folder, unless explicitly removed and replaced with other permissions. NTFS special permissions allow for finer control of access to file resources. File ownership is used to calculate disk space used when disk quotas are enabled. The CREATOR OWNER group permissions apply only to the owner of a file. Files and folders on the server volumes can also be encrypted so that only the user and the Administrator can view the contents.

Share permissions determine the maximum level of access that a user can have to a shared directory on the server. Users and groups can be granted the ability to read files and folders, change files and folders, or have full control over the contents of the share. When share and NTFS permissions are applied in combination, the more restrictive of the permissions is applied.

Strong passwords provide another level of security for data on the server. Password policies can be put in place to ensure the continued security of passwords on the network. The password policy can control the minimum length, complexity, and age of passwords. The policy can be modified in two waysby using the Change Password Policies Wizard or by modifying the Small Business Server Domain Password Policy group policy object directly. Unless the number of remembered passwords or the minimum password age values need to be modified, the wizard should be used to set password policy.