Home‎ > ‎CIS 195‎ > ‎

Lesson 03: File and Share Access

  • Create and configure shares
  • Configure share permissions 
  • Configure offline files
  • Configure NTFS permissions
  • Configure access-based enumeration (ABE)
  • Configure Volume Shadow Copy Service (VSS)
  • Configure NTFS quotas

access-based enumeration (ABE): A Windows Server 2012 feature that applies filters to shared folders based on an individual user’s permissions to the files and subfolders in the share. Users who cannot access a particular shared resource cannot see that resource on the network.

access control entry (ACE): An entry in an object’s access control list (ACL) that grants permissions to a user or group. Each ACE consists of a security principal (the name of the user, group, or computer being granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows Server 2008 permission systems, you are creating and modifying the ACEs in an ACL.

access control list (ACL): A collection of access control entries that defines the access that all users and groups have to an object.
advanced permissions: An element providing a security principal with a specific degree of access to a resource.
authorization: The process of determining whether an identified user or process is permitted access to a resource and the user’s appropriate level of access.

basic permissions: A common combination of advanced permissions used to provide a security principal with a level of access to a resource.
effective access: The combination of Allow permissions and Deny permissions that a security principal receives for a given system element, whether explicitly assigned, inherited, or received through a group membership.

NTFS quotas: A Windows Server 2012 feature that enables you to set a storage limit for users of a particular volume.
Offline Files: A Windows feature that enables client computers to maintain copies of server files on their local drives. If the computer’s connection to the network is severed or interrupted, the client can continue to work with the local copies until network service is restored, at which time the client synchronizes its data with the data on the server.

security identifier (SID): A unique value assigned to every Active Directory object when it is created.
security principal: The user, group, or computer to which an administrator assigns permissions.