WIN2000 adds a feature different from WIN98 and previous versions of WINDOWS, that is NTFS permissions. Thanks to this feature, folder and file level security control can be implemented in WIN2000. The account and password in WIN98, in WIN98, as long as you know the account and password, then you can completely control the computer, but can not achieve the function of only allowing a folder or a file to be read for an account. In WIN2000, this can be achieved perfectly. OK, Let's go!
First, let's talk about the prerequisites to achieve this function, it is your partition must be NTFS partition, if it is FAT or FAT32 partition, it is impossible to achieve this function, in fact, if your computer There is only one WIN2000 operating system, or as long as your system does not have WIN98 and WIN98 before, then using NTFS partition is a very good choice, which will greatly improve the stability and security of your system. If your partition is FAT32 partition, you can pass this command to turn him into a NTFS partition:
convert x: /fs: ntfs
where x can be an actual letter replace. However, it should be noted that WIN98 does not recognize the NTFS format partition, which means that if the NTFS format is used in the WIN98 partition, WIN98 will not be available. Moreover, the command is irreversible, that is to say, the command can only convert FAT32 to NTFS format, and cannot convert NTFS format to FAT32 format. If it is to be converted back, it can be implemented by software such as PQ.
Ok, now, right now, after using the NTFS partition, you must grant NTFS permissions to each user account that needs to access a resource. Users must be explicitly authorized to access the set resources. If there is no permission, it will be denied access to the resource. For example: suppose there is a file, I set NTFS permissions for him, I set it to be accessible only to myself and A users, then except for me and A, any other account login will not be able to use the file, WIN2000 will give A prompt for the words "There is no proper permission to read". This achieves the security of the file, and the security is valid both on the computer and on the network, that is, even if I connect to the computer through the network, only the user and I can use the file, others It is also unusable. Although the file is shared, other people can only see this file, but they can't read it. Oh, it's a bit visible, can't eat?
man named Access Control List in the WIN2000 (ACL, Access Control List) stuff, which contains the user can access the resource accounts, groups, and computers. When a user accesses the resource, then it must have its account in the ACL, then WIN2000 allows the user to access the resource, otherwise refused
The point to be explained here is that it is different from what we imagined. WIN2000 does not identify users based on whether the user name is the same. Each account has a Security ID (SID, security identifier) when it is created. WIN2000 identifies the user based on whether the SID is the same. If the SID is different, Username and other settings are exactly the same, WIN2000 will also think that it is not the same two accounts, it is like when we receive the award, only recognize whether your ID card is consistent, regardless of whether your name is the same or not, and The SID is randomly given by WIN2000 when creating the account. Therefore, when an account is deleted, an identical account is re-established. The SID is different from the original one, and then his NTFS permissions must be reset. .
now talk about the practical application of NTFS permissions. Right-click on the file or folder you want to set permissions for and select Properties -> Security. At this point you can see the account or group that is allowed to use the file. By default, there is the Everyone group, which represents all users. The following sections are the permissions that can be set for this group or account. If Everyone's permissions are set to full control, it means that all users can manipulate the file at will, including reading, modifying, deleting, and so on. This is also the default permissions for WIN2000. You can also add accounts, set permissions for the account, as long as you own the operation will know how to operate, and now I just give an example to explain:
Suppose you have a file called FILE, I want to Only the three users USER1, USER2 and USER3 can use the file, but the USER1 user can operate the file at will, the USER2 user can only read the file, but can not perform other operations such as modification, USER3 can read, can Write, but can not delete the file, I will explain the specific operation method.
1, right-click FILE, select Properties -> Security
2, the following "allow inheritable permissions from parent to propagate to the object" before removing the hook. He will pop up a dialog box and choose to delete. In other words, delete all accounts such as Everyone above.
3, points are added, a pop-up dialog box, select USER1, adding, OK.
4, then select USER1, after "full control" of the "allowed" tick below.
5, USER2 is added in accordance with the previous method.
6, selected for USER2, tick "Read" after the "permit", the other hook all removed.
7, add USER3.
8, USER3 is selected, the "modified" behind "allow" tick, Confirm "full control" to remove the hook.
9, select "Advanced", select USER3, click "View /Edit." Remove the "Allow" check from the "Delete" inside.
10, get! ! ! ^ - ^
this time, with USER1 landing, then you have full control over the file
landing USER2, you can open the file, saving time when there will be "can not create a FILE, please A prompt box to confirm that the path and file name are correct. This means that USER2 cannot save the file now. Of course, no other operations can be performed. He can only read the file.
with USER3 landing, you can open the file, you can save. When the file is deleted, the message "Unable to delete FILE: Deny access. Source file may be in use" appears, indicating that the file cannot be deleted.
***** Reminder: Before usage rights are not fully clear, it is best just to create a file of no use, then tested, so relatively safe. Otherwise, it is not my business to make important documents deleted.
As to the folder security settings, and almost above steps, but more than a folder inheritance, which means you can choose permission settings are only for the work folder, and the folder or Subfolders and files of this folder work. Just tick the "Reset permissions on all child objects and allow to propagate inheritable permissions".
in Windows 2003+IIS6.0 environment Download PHP from http://www.php.net and extract it to c:\\php;
Introduction Since NT4.0, Microsoft has started with Terminal Server, but there was no Chinese vers
Because of work, I often need to use Asp to develop some small programs. When developing and using r
Windows Server 2008 includes a backup tool called Windows Server Backup. This tool is not pre-instal
Windows 2000/XP operating system super command syskey
Windows 2000 boot CD production
In the windows 2003 server design asp code needs to pay attention to the local
Windows 2000 Active Directory and installation configuration articles
Contact Management in Windows 2000 Email
Windows 2000 security maintenance
Win 2003 switch machine optimization skills two
Windows 2008 PKI combat 3: Certificate Services
Cross-Windows Server 2008 Remote Management Barrier
Win10 system logout and lock the computer several methods
Vista disk mirroring tool detailed
Win10 preview version of the official download how to download and use?
How to view hidden files under Windows 10 system
Vista system disk space solution
Teach you how to get Windows XP with Windows 7 Start Menu Tips
The seven taboos for the use of mobile hard disks
Potplayer 1.6.54266 update download: volume can be adjusted to 200%
LOL battle night skin can not receive LOL battle night reward can not receive