|
To a large extent, working with Windows Server 2003 means using the Windows NT File System, usually known as NTFS. This file system's advanced features include attribute-level Access Control Lists (ACLs) for objects, so you can control not only which users or groups can access a volume, directory, or file, but also which operations users or groups can perform against a volume, directory, or file.
Windows 2003 also supports the FAT and FAT32 file systems (FAT stands for File Allocation Table ), which don't include object-level access controls. However, FAT and FAT32 do support so-called file shares (shared directories with the files they contain) that do support access controls. Understanding how shares work and how NTFS permissions combine with share permissions is a major focus of this chapter. We show you how to figure out what a user can (and can't) do to your files based on his or her account permissions, the groups to which he or she belongs, and the underlying defaults that apply to Windows Server 2003 itself.
Chapter 12 discusses this information as it applies to Active Directory.
|