microsoft.com Home  
Microsoft
http://www.microsoft.com/office/ork  
Microsoft Office 2000 Resource Kit Home
 Office 2000 and the Web
 Integrating Office 2000 with Your Intranet
 Using Office Server Extensions
Installing Office Server Extensions
Maintaining Office Server Extensions
Administering Security with Office Server Extensions
Advanced Administration of Office Server Extensions
Architecture of Office Server Extensions
 Overview of Tools and Utilities
Glossary
Index
Administering Security with Office Server Extensions

Using Windows NT Security with Office Server Extensions

Microsoft Office Server Extensions (OSE) use the built-in security mechanisms of Microsoft Windows NT to implement security on an OSE-extended web. When you configure security on an OSE-extended web, you must understand the Windows NT security model. For example, if you plan to assign per-user permissions to documents and folders, you must understand NTFS file system access control lists (ACLs).

As a Windows NT administrator, you can assign a user different levels of access to system resources. A user with a Windows NT account must enter a user name and password to gain access to a file share, printer, server application, and so on. You can also define groups with multiple accounts and then assign privileges to many user accounts simultaneously.

Advantages of the NTFS file system

Microsoft Windows NT Server, Windows NT Workstation, and all versions of Windows 2000 support the NTFS file system. Microsoft Windows 95 and Windows 98 support only the file allocation table (FAT) and the newer FAT32 file systems to format disks.

The NTFS file system offers several advantages over the FAT and FAT32 file systems, including:

  • Fault tolerance
  • Optimization of available disk space
  • Advanced security capabilities, including access control lists and auditing
Advanced security

The NTFS file system contains advanced security features that allow you to set permissions on a per-file and per-folder basis, which is particularly useful in a Web server environment. OSE uses the file and folder permissions feature to control administration, browsing, authoring, and collaboration on your Web site.

By using the Windows 95 and Windows 98 FAT and FAT32 file systems, you cannot set permissions on individual files or folders. Therefore, when you give a user access to a shared drive, that user can modify, rename, or delete any file or folder in the volume. As a deterrent to users who might modify a file, you can set the file to read-only, but any user can easily change that setting.

You can use OSE without the NTFS file system, but the advanced security features are not available to you until you format a disk with the NTFS file system.

Access control lists

An access control list (ACL) is a list of accounts and permissions associated with a file or folder.

You can give accounts the following types of access in a file ACL.

This type of access in a file ACL Permits this access to the file
None No access to a file.
Read (Windows NT 4.0) or Read Data (Windows 2000) View data in a file.
Write (Windows NT 4.0) or Write Data (Windows 2000) Change data in a file.
Execute (Windows NT 4.0) or Execute Data (Windows 2000) Run a program file.
Delete Delete a file.
Change Permissions Change permissions on a file.
Take Ownership Take ownership of a file. (For informational purposes, files are marked with a user account that owns the file. Owners also have all other permissions on the file.)

You can give accounts the following types of access in a folder ACL.

This type of access in a folder ACL Permits this access to the folder
None No access to a folder.
Read (Windows NT 4.0) or List Folder (Windows 2000) View file names and subfolder names in a folder.
Write (Windows NT 4.0) or Create Files (Windows 2000) Add files and subfolders to a folder.
Execute (Windows NT 4.0) or Traverse Folder (Windows 2000) Change to subfolders.
Delete (Windows NT 4.0) or Delete subfolders and files (Windows 2000) Delete subfolders.
Change Permissions Change permissions on a folder.
Take Ownership Take ownership of a folder. (For informational purposes, folders are marked with a user account that owns the file. Owners also have all other permissions on the folder.)

Top

See also

You can convert an existing FAT volume to an NTFS volume without losing data by using a tool named Convert.exe, which is included with Windows NT. For more information, see the Microsoft Windows NT Server 4.0 Resource Kit.
Topic Contents
Next
Previous
Topic Contents   |   Previous   |   Next   |   Top

  Friday, March 5, 1999
© 1999 Microsoft Corporation. All rights reserved. Terms of use.
License