"I am for everyone, everyone for me", of course, good resources to share with everyone, but is your shared folder really safe? Any unreasonable or imperfect security settings not only pose a security risk to the shared folder, but also can cause a fatal blow to the Windows system, so we must "care" the shared folder.
access stringent set
order to ensure the security and stability of the Windows system, many users are using the NTFS file system, access to shared folders not only by "sharing rights" restrictions, but also by the NTFS file system The ACL (Access Control List) contains restrictions on access rights. Below, the author takes the "CCE" shared folder as an example to introduce how to properly set the access rights of the "cceuser" user to the "CCE" shared folder, thereby enhancing the security of the shared folder.
1. Share permission settings
In the Explorer, right click on the "CCE" shared folder, select "Properties", switch to the "Share" tab, click the "Permissions" button, the "CCE permissions" setting pops up Dialog box, click the "Add" button, add the "cceuser" account to the "Group or User Name" list box, where the "cceuser" account has read and write permissions to the "CCE" shared folder, so I want Give the account "Full Control" permission, and finally click the "OK" button to complete the sharing permission settings.
2. NTFS access permission setting
The above is just setting the shared access permission of the "CCE" shared folder. After all, the "CCE" shared folder is subject to both "shared access rights" and "NTFS access rights". The NTFS file system does not allow "cceuser" users to access the share, nor does it work, and also set reasonable NTFS access rights for the account.
After switching to the "Security" tab in the "CCE" Shared File Properties dialog box, first add the "cceuser" account to the "Group or User Name" list box, and then set the access rights for the account. . After selecting the "cceuser" account, select the "Read and Run, List Folder Directory, Read, Modify, and Write" items in the "Cceuser Permissions" list box, and finally click the "OK" button.
After the above operation, the access permission setting of the “cceuser” user of the “CCE” shared folder is completed, and the setting methods of the shared folder access rights of other users are the same, and will not be described again.
Disk Management Reasonable Configuration
Because there are a large number of shared resources in the shared folder, it takes up a certain amount of hard disk space. Some users with write access can upload a large number of files that are not related to work, which not only wastes disk resources, but also is easily infected with viruses. Therefore, the shared folder consumes hard disk space resources without control, and it also brings unexpected security. Hidden dangers must be restricted.
1. Disk quota, limit users
The "disk quota" function provided by Windows system can limit the hard disk space resources used by each Windows user, so that it can indirectly control the size of the shared folder. .
or to "CCE" shared folders and "cceuser" user, for example, where "CCE" shared folder is located in the D disk, the following is necessary to enable the D disk "disk quota" function, specify " Cceuser" The amount of hard disk space a user can use.
In the Explorer, right click on the D drive letter, select the "Properties" option, switch to the "Quotas" tab, select the "Enable Quota Management" item, activate the "Disk Quota" function. Make sure the "Deny disk space to users above quota limit" item is selected. It is also recommended to select "record events when users exceed quota limits" and "record events when users exceed warning levels" in order to record quota alarms in the log, and finally click "Apply".
Click the “Quota Item” button below to pop up the disk quota item window, and then limit the quota for the “cceuser” user. Click "Quotas → New Quota Item", in the Select User dialog box, select the "cceuser" user, click "OK", then set the quota limit for the user in "Add New Quota Item", and select "Restrict Disk Space to" For the project, enter "500" in the blank field, then enter "490" in the "Set warning level to" column, select "MB" for the disk capacity unit, and finally click "OK" to complete the disk quota setting for the "cceuser" user. So that the user can only use 500 MB of shared folder hard disk space. The quota setting method for other users is the same, and you can configure it according to the above steps.
2. Backup restore "disk quota"
backup disk quota program is very simple, because the "CCE" shared folder is located in the D drive, where the author of the D disk backup of Windows system disk quota project as an example, right-click on the "D "Disk", select "Properties" in the pop-up menu, switch to the "Quotas" tab, click the "Quotas" button below, the "Quota Items" management dialog box pops up, click "Quotas → Export", in " In the File Name column, give the backup file a name, and finally click the "Save" button to complete the backup of the disk quota item. The disk quota item backup of other drive letters is the same as the above, and will not be described again.
The recovery disk quota project is also simple. In the quota project management dialog box, click "Quotas → Import", then find the backup file, click the "Open" button, and then click "Yes" in the disk quota prompt box. " button to complete the recovery of the disk quota item.
Tip: backup and restore disk quota projects are based disk drive letter for the unit, pay attention, backup and recovery is performed, only the NTFS file system disk partition in order to carry out the above operations.
3. Mobile sharing, permissions
some attention needs sometimes take a shared folder to move the location, copy it to another directory. Although the copy operation is very simple, it is necessary to copy the user access rights information contained in the shared folder together with the specific shared file, which is not possible with the normal copy operation. This problem can be solved very well by using the "XCOPY" command.
author CCE share files D drive folder, for example, to share files and user access to information contained in the file is copied to the D drive CCEB shared folder. At the "D:\\>" prompt in the "Command Prompt" window, after running the "xcopy CCE CCEB /O /S" command, you can share the CCE shared folder and the included user access rights. Copy it to the CCEB shared folder. The "/O" parameter means "copy file ownership and ACL information", and "/S" means "copy directory and subdirectory".
4. Be prepared, if the backup ACL
ACL information (user access) contained in the shared folder accidental loss of memory alone is very difficult to recover, and may result in the omission, to the shared folder security risk. At this time, the user can use the CACLS command to back up the ACL information of these shared folders.
D drive to share files folder CCE for example, the shared folder that contains a large number of ACL information folder, the following will use the CACLS command to the share of all ACL information folder for backup. In the "Command Prompt" window, switch to the "D:\\>" prompt, after running the "cacls d:\\ CCE /t > d:\\aclsCCE.txt" command, the shared folder CCE will be The included ACL information is backed up to the "aclsCCE.txt" file on the D drive. When the ACL information is unexpectedly lost, you can reset the access rights of the CCE shared folder according to the ACL information in the backup file "aclsCCE.txt" to avoid the omission of some ACL information and ensure the security of the shared folder.