Secondly, only Windows NT and subsequent Windows 2000/XP/2003 have strict privileges and other definitions. In addition, if you want to use the file access permission, the file must also be located in the partition of the NTFS file system. Compared with the fat and FAT32 file systems, the NTFS file system supports larger partitions while keeping the cluster size unchanged. It also has a series of security features, which are recommended. However, the DOS and Windows 9x operating systems do not support such file systems. There are two ways to obtain the partition of the NTFS file system: Create a partition and format it as the NTFS file system; or convert the existing partition of the fat or FAT32 File System to the NTFS file system while retaining data. This conversion can use the convert.exe program of windows. In the command line state, enter "convert C:/Fs: NTFS" and press enter to convert the C drive. For other disks, replace C with the corresponding drive letter. In addition, you may need to restart the system to convert the system disk.
User Account
When using Windows 9x, we may not know much about the user account concept, because the user concept in Windows 9x is not very complete, so it is rarely used. However, in Windows NT/2000/XP, user accounts are an important factor that is closely related to system security, the operating system assigns permissions to each user based on different user accounts and pre-settings to complete certain tasks. In addition, each account is independent of each other and does not disturb each other.
Simply put, the account in the system can be compared with the account in QQ and other instant messaging software. For example, we can apply for a QQ number and use our own password to create a QQ account. With this account, we can log on to QQ and chat with other friends we added in advance, using various services provided by QQ. However, a person can also apply for multiple QQ numbers, and these numbers do not affect each other. For example, the friends we add in the first number will not be automatically added to the second number.
By using an account in windows, we can log on to the Windows operating system (either local or network), use the corresponding system resources, and view our files. In addition, we can do more with Windows accounts, for example, each account has an independent favorites, my document folder, desktop shortcut settings, cookies, etc, general settings made by each user using their own accounts on the system will not affect other users.
To solve this problem, you only need to create your own account for each family member. Note that in Windows XP, Microsoft uses a variety of simple methods to simplify account and permission settings. In this way, although the settings are simpler, there are fewer configurable options, only the simplest goals can be achieved. To perform more complex settings, you also need to use a traditional account like Windows 2000 and the permission setting method. Fortunately, this can also be used in Windows XP, which will be detailed later.
The following describes the goals we want to achieve. I believe most users who care about this article also aim at the same purpose:
Every computer user has his/her own independent account and does not affect each other.
Everyone has a dedicated folder to save their own private files. Others cannot view, modify, or delete others' private files.
Log on with an account with administrative permissions. In the control panel, open the "User Account" setting window. You will see Figure 1. Under the "select a task" option, click "Create a new account". Then, the system requires you to provide the account username. after entering the username, click "Next, then select the Account type (figure 2 ). By default, Windows XP provides two types of accounts: Computer administrators and restricted accounts. As the name suggests, a Computer Administrator is the person with the highest control permissions on the computer. Such accounts can perform any settings on the system to view, modify, or delete all files on the computer. Therefore, we must be careful when creating such accounts, because wrong settings of users using such accounts may cause serious system barriers. For security reasons, we do not recommend that you use the Administrator account in daily use. So here we select the Account type as "Restricted Users ". Next, we create a restricted account for each of my dad, mom, and sister.
Figure 1
Figure 2
| After the computer is started, the desktop will not appear immediately, but a welcome screen similar to Figure 3 will appear. On the welcome screen, you can click your account name and enter your password (if needed) to log on to Windows. Every user can see identical initial desktop settings after logging on with their own account, and any modifications they make on the desktop (such as adding or deleting a desktop shortcut or changing the wallpaper) it takes effect only for yourself and does not affect others. Figure 3 At the same time, they can save their private documents to the "My Documents" folder and set the folder to private. The method is as follows: log on to the system using your account, right-click the "My Documents" folder, select properties, and open the "share" tab, select "set this folder to private" (figure 4), so that others cannot access the folder. Apart from viewing the files saved by the other party in my documents, they cannot delete any files or folders in their own my documents folder. In addition, these users can also set a password for their own account, so that they must first enter the correct password when choosing to use their own account to log on, otherwise the login will be rejected. Figure 4 Note: Setting folders to private is only valid when simple file sharing is enabled. After simple file sharing is disabled, you can only set the access permission for this folder in the traditional way. The specific method will be described in detail later. In addition, not all folders can be directly set as dedicated, only out of folders in the user configuration file (that is, the "My Documents" folder by default) can be set to private, For details, refer to the Microsoft Knowledge Base Article q307286: you cannot select the "set this folder to private" option: http://support.microsoft.com /? Kbid = 307286. At the same time, using the NTFS file system on the system disk is also a prerequisite for setting folders as private. If you are using Windows 2000 or want to implement more complex permission settings under Windows XP Professional, continue to read the following content. Note: The following content is suitable for Windows 2000, Windows XP Professional, and Windows Server 2003 operating systems. It is not suitable for Windows XP Home, and the hard disk file system is NTFS. We will still take Windows XP Professional as an example, because after Windows XP Simple file sharing is disabled, other settings are not much different from Windows 2000 and Windows Server 2003. |
Log on with an account with administrative permissions. in Windows XP, open my computer, and click "Folder Options" under the "Tools" menu to open the "View" tab of the folder options. Here, cancel the "use simple file sharing (recommended)" option (figure 5 ).
Figure 5
Then we assume that we want to accomplish the following goals: create a "Temp" folder under the root directory of the C drive, and save several files as needed. We want our dad to be able to access this folder and its files and delete any file, but they cannot assign permissions to others. Mom can only view the file content and cannot modify or delete the file; prohibit your sister from accessing this folder.
Right-click the temp folder and select "properties". The folder Properties dialog box is displayed, and the "Security" tab is displayed. You can see the interface shown in figure 6. The permission settings of several default security groups are displayed. Next, we set permissions for Dad, click the "add" button next to him, enter the username of the dad account, and press Enter. We can see that there are more dad accounts in the user list. Add the accounts of mom and sister to this list in the same way, and then set them in sequence.
Figure 6
Because we allow Dad to read, modify, and delete files, select Dad's username in the window above, select modify, read and run, list folder directories, read, and write in the "allow" check box below (figure 7 ). Please note that do not simply select to allow the parent account to have "Full Control" permission on the folder. Because full control means that in addition to being able to read, write, modify, and delete the target folder, other users can also be assigned permissions. This is obviously not safe enough. Therefore, it is best not to assign full control permissions to others, especially Restricted Users.
Figure 7
Mom's permission is read-only, therefore, select "read and run", "list folder directories", and "read" in the "allow" check box after selecting the mom account (figure 8 ).
Figure 8
Because the sister is denied access to this folder, after selecting the sister's username, select "Full Control" under the "deny" check box (figure 9 ).
Figure 9
After the configuration is complete, click "OK" to exit, because a user's access to the folder is denied, the system will pop up a dialog box to remind us whether to continue (Figure 10 ), of course, you have to choose to continue.
Figure 10
This problem may occur after we have set permissions for a folder. We reinstalled the operating system and opened some folders that have previously been set permissions. The system prompts that access is denied because they do not have permissions. You may wonder why you have no permissions? Although I had previously set access permissions, I used the same user name and password to log on after the system was reinstalled. Why didn't I have the permission? This is because your Sid has changed.
Sid is short for security identifier (Security Identifier). It is the main way for Windows operating systems to identify different accounts. Each account is created with a unique SID in the operating system. This Sid is always associated with the corresponding account until the account is deleted. However, after deleting an account and re-creating an account with the same name, the account still does not use the same SID. This can be understood as a human fingerprint. Each person's fingerprint is different and can be renamed, but the fingerprint can never be changed. There may also be many people with the same name and surname, but no one has the same fingerprint. Therefore, whether it is management or permission setting, Windows actually relies on the SID of each account to differentiate users. In this way, you can understand why an account with the same name and password created in the new system still cannot access files that have been configured with permissions.
In this case, the administrator needs to obtain the folder ownership. If simple file sharing is disabled, right-click a folder that cannot be opened, select properties, and open the "Security" tab in the Properties window. A warning window will appear. Ignore it and click OK to close it. On the Security tab, click the "advanced" button to open the "advanced property Settings" window, and then open the "owner" tab (figure 11 ). On the owner tab, select a new user as the new owner, and then select "Replace sub-container object..." at the bottom ...." Click OK. Wait a moment. After the ownership of the folder and all word folders is obtained, you can access the folder as usual or assign different permissions to different users.
Figure 11
Now we may think that the system administrator has full control permissions on the system. Since I am a System Administrator, can I view other users' private files? Of course I can. In addition, I can also take ownership of files or folders from others, or assign myself appropriate permissions to resources that I have no permission to access. Because the specific method is the same as the method for setting permissions above, I will not talk about it more.
Share files through the network
After using the user account and setting the appropriate permissions, the family is more active in using the computer, and a computer gradually becomes unable to meet the needs of the family. Therefore, two new computers are added to the family. Now there are three computers in total. I used these computers to build a small LAN, shared an ADSL line with the internet, and shared files on the three computers.
Sharing Files in the network is much more troublesome than sharing files with other users on the same computer. The whole process can be understood as follows:
When a network neighbor accesses a shared folder running Windows 2000/XP/2003, the other computer first asks you to provide the user name and password that can prove your identity, by default, the account you log on to is used for verification. If the account cannot be identified, you need to enter another user name and password for verification to determine whether you have the permission to access the computer, if you do not have the permission, your access to this computer will be denied. If you have the permission to access this computer, you need to check whether the user you log on to has the NTFS permission to access the shared folder. If yes, you can open the corresponding folder for your access; otherwise, the system still receives the Access Denied message.
Assume that we have three computers, xp1, xp2, and 98, in our lan. xp1 is our original computer and runs Windows XP Professional operating system, which creates accounts for each family member respectively; xp2 is a new computer, running Windows XP Professional, 98 running Windows 98. We want to enable family members to access the personal files shared by each user in xp1 over the LAN on xp2 and 98 computers.
First, create a shared folder A, B, and C for each user on XP, corresponding to dad, mom, and sister. The requirement for sharing is that everyone can access their own folders through the network, you can read, modify, or even delete files. In addition, each user can access shared folders of other users through the network, but can only read the content, and cannot be modified or deleted.
Right-click folder a, select properties, and open the share tab in the Properties dialog box. Select "share this folder", enter the name and description of the shared file you want to use (Fig 12), and then click "permission. In the permission Setting Dialog Box of folder A, you can see that the "everyone" has been set to read-only by default.
Figure 12
Pay attention to the concept of "everyone. This is a group in the system, which can include all users connected to the computer. By default, the read-only permission is set for everyone, which means that anyone can use a valid user name and password to access this computer through the network, then he can have read-only permission on this folder.
On the other hand, the permissions can be accumulated. For example, the "everyone" Read-Only permission has been given here, but if we set "modify" permission for Dad's account, then, when Dad accesses this shared folder, he will have the read and write permissions. On the contrary, if we deny the permissions that Dad has full control, so even if dad uses his account to view all the Shared Folders through the network (in this case, he is already a member of the "everyone" group and should have at least read-only permissions ), however, because he is denied full control (and all other permissions) permissions, he will not be able to access this folder.
What we need to do here is to set appropriate permissions for other family members. Because folder a is a dedicated shared folder of Dad, we need to add Dad's account and set full control permissions for this account (figure 13 ).
Figure 13
Similarly, we need to use the same method to set full control and sharing permissions for folder B for Mom's account; and set full control and sharing permissions for folder C for Sister's account. In this way, everyone has full control over their own shared folders, and can create or modify or delete existing files in them, but they can only read-only view shared files of other users.
After the sharing settings are complete, consider accessing these sharing issues. On Windows XP and Windows 2000 computers, it is very simple to access the shared folder of Windows XP. It is different only when you access the shared resources in XP under 98.
Open the run dialog box on the xp2 computer, enter "// xp1", and press Enter. A window will pop up asking you to enter the user name and password. Enter the username and password of the family member and click OK (figure 14 ). If the user name and password are successfully verified, you can access all the authorized resources. You can also test it on your own, although the shared folders of other family members can be accessed, however, this is limited to reading existing files. We cannot modify, delete, or create files.
Figure 14
There are some differences between accessing shared folders on 98 computers. Because 9x systems and NT systems have different verification mechanisms, in 98, we need to work more on identity authentication. First, open the Properties dialog box of the network neighbor, select "Microsoft network user" under "primary network login" (figure 15), and click "OK. At this time, when you start 98, you will first encounter a Login Dialog Box. Although you can press ESC to skip this process, you also lose the ability to access network shared resources (figure 16 ). Therefore, in the 98 login box, each home Member can log on to the xp1 machine using his/her user account and password. This way, although the main interface has not changed, however, when accessing network resources, the account is automatically verified as the account used for logon. If you have skipped the logon dialog box, you can click "logout" in the Start menu and enter a valid user name and password to log on to the network (figure 17 ), then you can use all the authorized resources.
Figure 15
Figure 16
Figure 17
The permission content is basically like this. Now, by setting the permission, you should be able to control other people's access to files on your computer. However, you must note that security is always relative, and permission settings are the same. For example, if you set the permission to make it impossible for me to access some files on the hard disk, but I just need to remove your hard disk and mount it to other Windows 2000/XP/2003 computers, as long as I have an administrator account, I can regain ownership of all files and all other permissions on that computer. In addition, there are many tool CDs that can be used to boot the computer into a graphical Linux or other tools. In these systems, all files on the hard disk can be easily read. Therefore, NTFS permissions have no security in these methods. Therefore, if your data is very important, do not forget to ensure physical security of your computer hardware while protecting the operating system.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
