Permissions Updates
Kenn's
19990608: Permissions Updates
June/1999
Tech
Notes
Tech Note #8
If you are running the NT Server Prep Update, I recommend you always ensure you have the most recent version. As of this writing, the current version is v1999.07.27. A new version will likely be distributed for the instructional server installs this fall/winter.
(Thank you to Neil B, Richard S, Deon W, Mike L, and Ron H for contributing to this update.)
Issues addressed by this update:
a. Sysop Permissions: If you ran the original SETUP and found that Sysop could not run the Check School Network routine and/or that various other aspects of the Sysop account were faulty, you MUST run the updated disk on that server.
Unfortunately, there are approximately 50 NT servers, which were purchased three years ago (Pentium 133s with one 2 GB hard drive), which had incorrect permissions installed on them. These permissions were enabled at the time of installation, but were superseded by the June 1997 standards. I was not aware that any of these systems still had these incorrect permissions in place, but clearly some do. If in doubt, rerun the new SETUP.
Under no circumstances attempt to repair this fault via File Manager. File Manager cannot edit the ACLs of NTFS in an efficient manner. If you sat down with the permissions spreadsheet (ftp://tech.wsd1.org/pub/info/WSD1-NT.WKS) and applied the permissions meticulously one by one it would take you hours. The routine will take just a few minutes to run.
Using File Manager to modify system permissions is extremely dangerous and in some cases can render the system unbootable.
If you have attempted to fix Sysop-related problems using File Manager, you must run the new SETUP.
b. Share Permissions: If you ran the original SETUP and received complaints from the school that students could no longer save to the 2Teacher share, or that they could not copy files to that location more than once, or that programs did not run correctly from the KEYBOARD share, run the updated SETUP.
The issue here is incorrect "Everyone" permissions. As of v1999.06.03 of the NT Server Prep Update disk, this permission should be set correctly, as follows:
PUBLIC - read only
PUBLIC subdirectories - see below
2STUDENT and all subdirectories - read only
2TEACHER - read only root, [RWX][RWXD] in subdirectories
PROGRAMS - read only root, [RWX][RWXD] in subdirectories
KEYBOARD (and any other subdirectory of PUBLIC not named above) and all subdirectories - [RWX][RWXD]
Please note that when you create a new subdirectory of 2TEACHER, PUBLIC or PROGRAMS, it will initially be read-only. The reason for this permission is to prevent users from dumping files into the root of these shares. Once you have created your new directory, you can set the Everyone permission on the new directory to special access [RWX][RWXD].
The special [RWX][RWXD] permission means that users can Read, Write, and eXecute the directory and Read, Write, eXecute and Delete files within the directory. By disallowing directory deletion, we prevent students from accidentally deleting resources on the server. It also prevents moving folders, although it does not prevent copying folders.
DISCLAIMER: This document is intended for the reference of computer support personnel within Winnipeg School Division No. 1. There is no warranty or liability if procedures recommended here have an adverse affect on any systems. Use them at your own risk. Any trademarks mentioned are the property of their owners, none of whom have certified any information provided here. Opinions expressed here are personal only and do not represent the policy of Winnipeg School Division No. 1 or any other organization anywhere.
|
Got a Tech Note to share? Submissions are most welcome! [Click here.] |
To return to the Tech Notes home page, click here. |
To download a copy of all the June/1999 Tech Notes in Rich Text Format, click here. |
| Click here to visit the Information "Super-Cul-De-Sac". |
This page was updated
2001 June 9 |
|
This page hosted by  Get your own Free Homepage Check out my neighbours here in Silicon Valley Peaks by clicking here. |