Security occurs at a number of levels in Windows.
This section isn't a comprehensive treatment of the topic—it only gets
you started. Of course, the first task you'll complete is to add users
to the server and use shares to make resources available. Making a resource
available as a share isn't always enough to make it available to the
user. The user must have both share and physical permission to use a
resource.
Consequently, you also need to use the ICACLS command to provide physical access. You can determine the existing rights for a
directory or file by typing the directory or filename with its complete
path. For example, if you want to determine who has access to the root
directory of the C drive, you'd type ICACLS C:\ and press Enter. The results appear as shown in Figure 3.3.
The letters beside each of the entries tells you which rights the
specified user or group has to the file or directory. For example, the
letter F denotes full access, while M denotes modify access. When an entry has
more than one letter after it, that entry has all of those rights. To
grant access to a particular user or group, you use the grant syntax for
the ICACLS command. For example, to grant user John full access to the C:\Users directory, you'd type ICACLS C:\Users /Grant John:(F)
and press Enter. If the system can't allow access due to User Access
Control (UAC) or other reasons, then you'll see an Access Denied error
message. Otherwise, you'll see a Successfully Processed message, along
with the number of entries that the command has processed.
It's important to set
security policies for the server. Of course, you could always open the
GPEdit console in a client machine and use it to connect to the remote
server. Any group policies that you set at the server affect everyone
who logs into the server. Set any local policies at the machine the
policies affect
Along with user
and resource security, you'll need to consider communication and network
security.
