Managing File Security
In the Sharing and Discovery area, files and folders can be shared in many different ways. The way we setup file sharing can increase or decrease our computers security. For instance, if we share a folder and allow anyone on the network to access those files, with read, write, and execute ability, it opens the computer up to attack, albeit only across the network. The majority of files to be shared should be placed into the Public Shared folders. These folders can be found using the Windows Explorer.
If, however, you have a specific folder you wish to share with other users on the network, then you may wish to enable the file sharing as previewed in Section 4: How to Share a Folder. Using a single folder also enables you to select users from the dropdown menu when setting up the share properties. The Public folders are accessible by anyone on the network, not just the users you specify. Of course convenience is also a factor. If you share large videos, pictures, or documents across the network, then you may not want to copy them to the Shared folders first, but rather share their existing folder on the network.
The Sharing folders give users the simplicity of one central location for all shared files. If you don’t share files across the network very often, then using the Shared folders makes it easy and simple.
File Permissions
File permissions are rules setup for specific files and folders as they relate to the users accessing the system, either across the network or locally. These rules can be modified for a more effective secure connection. For instance, you may wish to share you documents with your housemate, but not wish for them to modify, remove, or add to the document folder. In this case, simple user permission modifications can limit the user’s access to only Read the file, but not write or execute.
Different File Permissions Explained
Full Control – Grants users access to modify, create, and run programs inside the folder. Anything that can be done as the owner of the folder can be done when a user has Full Control permissions.
Modify – the modify permissions allows users to change existing files within a folder, but they are limited in that they cannot create new files.
Read and Execute – the read and execute permissions allows a user to execute programs inside a folder.
Read – allows users to open and “read” files in a folder, but they cannot make changes to those files.
Write – Users can create new files and folders and make changes to existing files and folders.
EXERCISE: Make a folder available to a user, but limit that user to Read capabilities only.
1. Open the Windows Explorer and find the folder you wish to modify.
2. Right click the folder and select Properties.
3. Select the Security tab from the Properties dialog box.
4. Highlight the user you wish to limit in the list (single mouse click over the username).
5. Select the Advanced tab under Permissions for that user (lower right).
6. Choose the User and select Edit.
7. Make the only option to allow Read, all others will be Deny.