Introduction to Windows XP Administration of Resources

  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |

On a daily basis, a network administrator will spend a great deal of time managing the peculiarities of his or her clients. "I can't print!" a user will say, or "I printed my document an hour ago, and it still hasn't come out of the printer!" Someone can't get to a file that they needed access to "yesterday". A client shared his or her "C:" drive to give a co-worker access to a file and now is upset because that co-worker can see their personal information that is sitting in another folder on the hard drive.

Such is the day-to-day lot of network support. Windows XP offers some valuable solutions to some of the challenges that widespread access to information can supply. You can keep track of who has access to what and when. You can limit, or deny access altogether, to sensitive files and folders. Best of all, when difficulties arise, as they will, there can be quick and effective resolution.
We are going to spend this chapter looking at the "how to" of managing and troubleshooting the information items which include files, file systems, folders, printers and other devices.

Managing Files and Folders
File Compression Methods
One thing in life these days is certain, at least in the world of the computer. There is NEVER enough hard drive space. These days there is more drive space than ever, and at a low cost, but the more space you have, the more you will need! Fortunately, Windows XP comes with some great tools that will help you manage the drive space you have to make more out of less. There are two different methods to compress files in Windows XP. The first method is a part of NTFS; the other is a utility such as WinZip.

The compact utility is an extension of the NTFS system, and as such can only be used on NTFS partitions. The nicest thing about this compression method is that it is dynamic. Once a file is compressed, it will automatically decompress for you to use the file, and then recompress when you are finished. You can manipulate the compression of a file using Windows Explorer or with the command line utility compact.exe. In fact, both of these methods rely on the same information and DLL's in order to work.
With Windows Explorer, to compress a file, folder, or volume, all you need to do is to change the attribute on the object.

The attribute that you want to select is Compress contents to save disk space. After pressing OK, if the object is a folder, you are then prompted on whether or not to apply this setting to all subfolder and files.

At a Command Prompt, you can run the utility compact.exe. This utility, run without parameters, will display the compression state of the current directory and any files contained within.

Compress and Expand
NOTE: Compress.exe is available in the Windows XP Resource Kit

This utility can only be used at a command line. It is used to create compressed copies of one or more files, such as the 3rd party utility WinZip does. In order to use a file on which you have used compress.exe, you need to use expand.exe.

These commands should not be regularly used on NTFS volumes, but should be reserved for FAT-based volumes (which have no internal compression mechanism). However, there are times where the use of these tools can be useful, such as distributing files (like a company bitmap used for the desktop) inside an unattended setup.

Moving and Copying Compressed Files
For purposes of this section, when discussing compressed files, we are talking about files that have been compressed using compact.exe or have their compression attribute enabled.

Moving a file or folder within the same NTFS volume
When you move a file within a partition, essentially what you are doing is changing the pointer to the file. Nothing happens physically to the data. For that reason, when you move a file within the same NTFS volume, the compression attribute of the file remains the same. If you move an uncompressed file into a folder that is compressed, the file remains uncompressed. In the same vein, if you move a compressed file into an uncompressed folder, the file will stay compressed.

Copying a file within the same NTFS volume, or between NTFS volumes
When you copy a file, you are actually creating a new file with the same data as the original. The compression attribute of the new file will be the same as the target folder. A copy created in an uncompressed folder will be uncompressed, whether or not the original was uncompressed, and vice versa. It does not matter whether the copy takes place within the same volume or between NTFS volumes.

Moving a file between NTFS volumes, or from a FAT/FAT32 volume to an NTFS volume
When you move a file between volumes, what is actually happening is that Windows 2000 is copying the file onto the target volume and then the original is deleted. Therefore the same rule applies when moving a file between NTFS volumes as when you copy a file - the file takes on the compression attribute of the target folder. If you move a file from an NTFS volume to a FAT or FAT32 volume, it will lose its compression attribute. Dynamic compression works only on NTFS volumes.

NOTE: Any file compressed with the compress.exe utility will remain compressed whether or not it is copied, moved within or between volumes. The only way to uncompress these files is with the expand.exe utility.

Adding files to an almost full NTFS volume
When writing a file to a compressed folder, NTFS reserves enough space for the uncompressed file. It will reclaim the space after the write has taken place. For that reason, when copying or saving a file to a compressed folder on an NTFS volume that is almost full, you may get an error message stating that there is not enough disk space, even if there is enough for the compressed file. You may also get read errors when you open a compressed file on an almost-full volume. This is because the file is dynamically uncompressed when opened, and there is not enough space on the volume for the file in its uncompressed state.

Regain space by deleting unnecessary files, or save the files to a different volume. You can have compression handle the data more efficiently by recopying all files back into the folder, copying the largest files or the files that compress well (such as bitmaps) first.
Some files are uncompressed even though the parent folder is compressed.

Remember that files that are copied or moved between NTFS partitions will inherit the compression attribute of the parent folder, but files moved within the same partition won't. Compress individual files through the properties window in Explorer, or uncompress and recompress the entire folder.

Performance degradation
The current implementation of NTFS compression works more efficiently on Windows XP than on Windows 2000 Server. However, you may notice a slight degradation in performance because a compression file will always be first decompressed before any action is taken on it, including copying or transfers, and then recompressed on completion of the action. Compression performance is measured by size reduction and speed of transfer. Performance monitoring of your network will enable you to decide whether the gain in disk space is greater than the effect on bandwidth when a file is transferred on the network. Comparing the file and folder sizes before and after compression will tell you how well those particular files and folders are being handled by compression.

Compression and encryption
We will be discussing encryption in detail in Chapter 8; for the moment, it is important to note that you cannot have a file or folder that is both compressed and encrypted.

Control access with NTFS permissions
NTFS permissions are vital in an organization to protect and control access to files to prevent unauthorized access, tampering, or theft of documents and information. It is imperative to know that NTFS permissions are applied both locally (at the same computer) and over the network (on the corporate LAN or the Internet).

NTFS permissions are handled similarly to the way they were in Windows NT 4.0. However, Windows XP allows a finer degree of granularity for greater control. There are five basic NTFS permissions on a file: Full Control, Read, Write, Modify, and Read & Execute. Folders have six permissions, the same five as on files with an additional one: List Folder Contents. Each of these permissions can be allowed or denied on an individual or group basis.

By default, files and child folders inherit the permissions of the parent folder. First level folders inherit the permissions of the NTFS volume. Let's walk through how these permissions can be changed to allow for more controlled access to folders and files. Let's create a new NTFS volume, and assign it drive letter "F". By default, the volume assigns the Everyone group full permissions.

We will now create a new folder in this volume, named Test. The permissions for the Test folder are inherited from the volume as indicated by the checkbox "Allow inheritable permissions from parent to propagate to this object". The permission checkboxes are also faded out, indicating the inherited permissions. These faded checkboxes cannot be changed.

However, you can still specify permissions on the folder to explicitly deny access to a specific inherited permission, or to grant (or deny) access to a user or group.

A file created in this new folder will also, by default, inherit these permissions, with the exception of "List Folder Contents", which is reserved for folders only.

NOTE: While the Windows XP online help seems to indicate that the Everyone system group from Windows NT 4.0 has been replaced by the Authenticated Users system group, this is not the case. By default, the Everyone group is still given full access to NTFS volumes. Because the Everyone group includes not only authenticated users, but the Guest account as well, this default permission should be changed for security reasons.

There are times when the inherited permissions will not apply to a specific folder (or even file). When situations like this arise, you can effectively stop the inheritance from occurring by deselecting the check box next to Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here.

A security dialog box will appear (Figure 7.7) which gives you three options:

This will copy the inherited permission to the object, and will allow you to select or deselect checkboxes (they will no longer be shaded).

This will remove all inherited permissions, leaving only those that have been explicitly assigned. New permissions will have to be assigned on a user and group basis, by clicking the "Add" button.

This will cancel the operation leaving the permissions as they were.

Each of the basic NTFS permissions is a generic permission that modifies a collection of advanced permissions.
Each of these advanced permissions grant a user or group the ability to perform a specific task on the file or folder. Here is an explanation of each permission.

Traverse Folder
Traverse Folder allows moving through folders to reach other files or folders, even if the user has no permissions for those folders (applies only to folders). Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder.

Execute File
Execute File allows running program files (applies to files only).
Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder.

List Folder
List Folder allows viewing file names and subfolder names within the folder (applies to folders only).

Read Data
Read Data allows viewing data in files (applies to files only).

Read Attributes
Allows the attributes of a file or folder, such as read-only or hidden, to be viewed. Attributes are determined by NTFS and can be changed.

Read Extended Attributes
Extended attributes are defined by programs, and can vary from program to program. This permission allows those extended attributes to be viewed.

Create Files
Create Files allows the creation of files within the folder (applies to folders only).

Write Data
Create Files allows the creation of files within the folder (applies to folders only).

Create Folders
With Create Folders, the user can create folders within the folder (applies to folders only).

Append Data
Append Data allows the user to make changes to the end of the file but not change, delete, or overwrite existing data (applies to files only).

Write Attributes
The user can change the attributes of the file or folder, as defined by NTFS.

Write Extended Attributes
The user can change the extended attributes, as defined by the program.

The user can delete the file or folder.

Delete Subfolders and Files
The user can delete the file or subfolder EVEN IF delete permission has not be granted on that specific file or folder.

Read Permissions
The user can view the permissions (such as Full Control) on the file or folder.

Change Permissions
The user can change the permissions on the file or folder.

Take Ownership
The user can become Creator/Owner of the file or folder. The Creator/Owner of a file or folder can always change its permission, regardless of whether the "Change Permission" permission has been granted.

This permission applies to only to multithreaded, multiprocessing programs, and not users. It is, however, part of the Full Control permission.

Therefore, what happens if you want a user, or group of users, to have Full Control on a folder, except for the permission to "Take Ownership"? That is where the "Advanced" permissions come in. If a user is allowed all advanced permissions, he or she has "Full Control".

Deborah Timmons is a Microsoft Certified Trainer and Microsoft Certified Systems Engineer. She came into the Microsoft technical field after six years in the adaptive technology field, providing technology and training for persons with disabilities. She is the President and co-owner of Integrator Systems Inc.

Article Rating (2 stars):
  • article full star
  • article full star
  • article no star
  • article no star
  • article no star
Rate this Article:
  • Article Word Count: 2299
  • |
  • Total Views: 738
  • |
  • permalink
  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |