microsoft.com Home | |||
http://www.microsoft.com/office/ork |
Microsoft Office Server Extensions (OSE) use the built-in security mechanisms of Microsoft Windows NT to implement security on an OSE-extended web. When you configure security on an OSE-extended web, you must understand the Windows NT security model. For example, if you plan to assign per-user permissions to documents and folders, you must understand NTFS file system access control lists (ACLs).
As a Windows NT administrator, you can assign a user different levels of access to system resources. A user with a Windows NT account must enter a user name and password to gain access to a file share, printer, server application, and so on. You can also define groups with multiple accounts and then assign privileges to many user accounts simultaneously.
Microsoft Windows NT Server, Windows NT Workstation, and all versions of Windows 2000 support the NTFS file system. Microsoft Windows 95 and Windows 98 support only the file allocation table (FAT) and the newer FAT32 file systems to format disks.
The NTFS file system offers several advantages over the FAT and FAT32 file systems, including:
The NTFS file system contains advanced security features that allow you to set permissions on a per-file and per-folder basis, which is particularly useful in a Web server environment. OSE uses the file and folder permissions feature to control administration, browsing, authoring, and collaboration on your Web site.
By using the Windows 95 and Windows 98 FAT and FAT32 file systems, you cannot set permissions on individual files or folders. Therefore, when you give a user access to a shared drive, that user can modify, rename, or delete any file or folder in the volume. As a deterrent to users who might modify a file, you can set the file to read-only, but any user can easily change that setting.
You can use OSE without the NTFS file system, but the advanced security features are not available to you until you format a disk with the NTFS file system.
An access control list (ACL) is a list of accounts and permissions associated with a file or folder.
You can give accounts the following types of access in a file ACL.
This type of access in a file ACL | Permits this access to the file |
---|---|
None | No access to a file. |
Read (Windows NT 4.0) or Read Data (Windows 2000) | View data in a file. |
Write (Windows NT 4.0) or Write Data (Windows 2000) | Change data in a file. |
Execute (Windows NT 4.0) or Execute Data (Windows 2000) | Run a program file. |
Delete | Delete a file. |
Change Permissions | Change permissions on a file. |
Take Ownership | Take ownership of a file. (For informational purposes, files are marked with a user account that owns the file. Owners also have all other permissions on the file.) |
You can give accounts the following types of access in a folder ACL.
This type of access in a folder ACL | Permits this access to the folder |
---|---|
None | No access to a folder. |
Read (Windows NT 4.0) or List Folder (Windows 2000) | View file names and subfolder names in a folder. |
Write (Windows NT 4.0) or Create Files (Windows 2000) | Add files and subfolders to a folder. |
Execute (Windows NT 4.0) or Traverse Folder (Windows 2000) | Change to subfolders. |
Delete (Windows NT 4.0) or Delete subfolders and files (Windows 2000) | Delete subfolders. |
Change Permissions | Change permissions on a folder. |
Take Ownership | Take ownership of a folder. (For informational purposes, folders are marked with a user account that owns the file. Owners also have all other permissions on the folder.) |
You can convert an existing FAT volume to an NTFS volume without losing data by using a tool named Convert.exe, which is included with Windows NT. For more information, see the Microsoft Windows NT Server 4.0 Resource Kit.
Topic Contents | Previous | Next | Top Friday, March 5, 1999 © 1999 Microsoft Corporation. All rights reserved. Terms of use. | ||
License
|