Setting permissions
In Windows 95/98/Me, you set file-sharing permissions on a folder-by-folder
basis; see the earlier section “Sharing a document or folder on Windows
95/98/Me.”
In Windows 2000/XP, controlling the sharing of files is a bit more complex
because of the enhanced security that comes with those operating systems.
To share folders and drives, you must be logged on as a member of the
Server Operators, Administrators, Power Users, or Users groups. Throughout
the rest of this section, we describe these user types and then show you how
to add users to your 2000/XP network.
User types
The Server Operators group is really only used on large networks that incorporate
Microsoft’s Active Directory technology; if you’re trying to set up your
office computer at home, you might run into this (but it’s not very likely).
The groups that you need to concern yourself with are the Administrators,
Power Users, and Users groups:
Administrators are system gods. Anyone set up as an administrator can
do anything they like — no restrictions.
Power Users can’t do as much as administrators, but they can do a lot —
as long as what they’re doing doesn’t change any of the files that make
Windows operate. In other words, Power Users can add and remove software,
users, hardware, and so on to a system as long as their actions don’t
affect any files keeping the system running the way that it’s running.
Users are just that: Users simply use what the system has to offer and
aren’t able to do anything else. The Users group provides the most
secure environment in which to run programs, and it’s by far the best
way to give access to your resources without compromising the security
of your computer and network.
How do you know what kind of access you have? Unfortunately, that’s not an
easy thing to find out unless you’re an administrator. If you know that you’re
not an administrator, the only way to find out what you can do is by trying to
do it. If you don’t have the proper access to do something, you will get a
warning message telling you exactly that — sometimes the message might
tell you what access you need to have in order to do what you want.
Adding users
For others to get access to what you have shared, you need to give them permission.
You do that by giving them a logon on your computer and assigning
them to a group — essentially adding them to the network as a user. The group
is then given certain rights within the folder that you have shared; every user
in the group has access only to what the group has access to. For more details
on this process, we strongly recommend that you use the Windows Help file to
discover how to set up new users and groups on your system.
In Windows 2000/XP, creating users and adding them to groups is best done
by using the administrator logon. If you’re using an office computer and
you’re not the administrator or a member of the Power Users group, you
won’t be able to create users. Talk to your system administrator to get permission
and help setting up your machine.
We’re guessing that you are the administrator of your home-networked computer
(it’s your network, right?), and so you do have access to the administrator
logon. Thus, you can set up new users by logging onto the machine as
administrator. Like the hierarchical folder permissions, user permissions are
hierarchal as well. If you’re a Power User, you can only create users who have
less access than yourself. By using the administrator logon, you can create
any type of user account that you might need.
Unless you’re very comfortable with the security settings of Windows
2000/XP, you should never give new user accounts more access than the
Users group provides. (For a description of user types, see the preceding section.)
Keep in mind that by creating these accounts, you’re also creating a
logon that can be used to turn on and access your computer directly. For the
purposes of sharing files and peripherals, the standard Users group provides
all the access that any individual on the network would normally need.
To add users to your network, follow these steps:
1. Choose Start➪Settings➪Control Panel and double-click the Users and
Passwords icon.
This brings up the Users and Passwords dialog box.
2. Click the Add button to launch the New User Wizard and add users to
your machine.
3. Follow the wizard’s onscreen prompts to enter a name, logon name,
description, password, and then which group the user will be part of.
New users should always start as part of the Users group (also referred
to as the Restricted Access group), which is the lowest possible access
level. Starting users at the lowest possible access level is the best way for
you to share your files without compromising your network’s security.
Accessing shared files
Whether drives, folders, or single files are set up for sharing on your wireless
home network, you access the shared thing in pretty much the same way. On
any networked PC, you simply log onto the network, head for Network
Neighborhood (or My Network Places, as the case may be), and navigate to
the file (or folder or drive) that you want to access. It’s really as easy as that.
Just because you can see a drive, folder, or file in Network Neighborhood,
however, doesn’t necessarily mean that you have access to that drive, folder,
or file. It all depends on set permissions.
0 comments:
Post a Comment