WEBVTT

00:00.330 --> 00:06.820
Probably one of the most powerful aspects of Microsoft Windows is the way you can share resources.

00:06.840 --> 00:12.480
Now I'm going to have a lot of episodes that cover this but to get started I want to create a scenario

00:12.500 --> 00:14.620
what we have here is one computer.

00:14.700 --> 00:18.810
In fact this is the only computer that I have at my company.

00:18.810 --> 00:24.470
And on this one computer when we shoot a video we save that onto my E drive.

00:24.480 --> 00:30.600
I've got one little folder called video and we put all these videos in here and there are two groups

00:30.600 --> 00:32.520
of people who work at my company.

00:32.550 --> 00:35.530
There are reviewers and there are editors.

00:35.580 --> 00:41.460
And what I want to do is set this up so that when a reviewer sits down at this computer he can review

00:41.490 --> 00:45.450
the videos but he can't accidentally delete them or do something like that.

00:45.540 --> 00:52.110
And then if he logs out and an editor comes in and fires up his editing software he can go ahead and

00:52.170 --> 00:53.580
edit those videos.

00:53.580 --> 00:59.100
So what we're talking about is setting up sharing on a single system there is no networking involved

00:59.100 --> 00:59.940
here at all.

00:59.970 --> 01:02.500
This is really the best way to begin your understanding.

01:02.610 --> 01:07.830
Because really what we're going to be talking about here are NTFS permissions so now you've got the

01:07.830 --> 01:09.020
basic setup.

01:09.030 --> 01:11.880
Let me show you how I've got my system up and running right now.

01:12.120 --> 01:18.600
So first of all what I want to show you are the four users that I've made I've made Harry Jerry rich

01:18.840 --> 01:20.160
and Tom.

01:20.190 --> 01:24.990
Now if you took a look over in groups I'd made two groups editor and reviewer.

01:25.050 --> 01:31.760
If we opened up the editor you'll see that Harry and Gerry are members of the editor group and if we

01:31.760 --> 01:37.180
take a look at reviewer How about if I click that just once there we go we can see that rich and Tom

01:37.190 --> 01:40.000
are members of the reviewer group.

01:40.100 --> 01:46.340
Now if you take a look over on my I've got a new drive in your drive and you'll see that right now I

01:46.340 --> 01:52.670
have one folder in there called videos and inside there are four movies so these are movies that I need

01:52.670 --> 01:54.300
these four guys to look at.

01:54.380 --> 01:57.520
Two of them are reviewers to make sure I'm saying the right stuff.

01:57.650 --> 01:59.900
And two of them are editors to make me look good.

01:59.900 --> 02:05.600
So what we're going to do right now is go through the process of setting this up so that the reviewers

02:05.600 --> 02:12.890
can see but they can't accidentally delete or edit and that the editors can see it and edit it and they

02:12.890 --> 02:17.260
can even delete them if they need to because well they're editors and that's what editors do.

02:17.270 --> 02:19.700
So let's start by well doing it wrong.

02:19.700 --> 02:21.310
So take a look right now.

02:21.320 --> 02:23.820
Here's one movie so I'm going to Right-Click on here.

02:24.020 --> 02:27.470
I'm going to select Properties and I'm going to go to security.

02:27.740 --> 02:32.810
So what I want to do right now is I'm going to add one of those users.

02:33.020 --> 02:34.150
So I'm going to add.

02:34.240 --> 02:36.110
And in this case I'm going to pick Harry

02:40.000 --> 02:45.330
and you can see when I click check names Harry gets underlined which means that is a real username.

02:45.850 --> 02:48.570
And now what I want you to look at are these options right here.

02:48.570 --> 02:52.000
These are the actual NTFS permissions.

02:52.000 --> 02:57.490
So these NTFS permissions you can see we have full control modify read and execute read.

02:57.520 --> 02:58.150
Right.

02:58.150 --> 02:59.590
Hold on that's not all of them.

02:59.710 --> 03:01.330
And then special permissions.

03:01.570 --> 03:08.020
So at this moment I don't want to talk about exactly what these mean but I want to make sure you understand

03:08.320 --> 03:11.620
how we get to them and how we can change them if we want.

03:11.620 --> 03:15.530
So right now we've got Harry selected and he has read and execute and read.

03:15.550 --> 03:22.540
Ok so I will explain those to read and execute is an NTFS permission that really applies mainly to executable

03:22.540 --> 03:23.280
files.

03:23.320 --> 03:29.200
If I had an executable program in there then if I checked that Harry would be able to not only read

03:29.200 --> 03:33.770
that file but you'd actually run it as well read as more for data files.

03:33.790 --> 03:38.080
So if I check read in here Harry can actually look at it.

03:38.080 --> 03:42.660
He could open it up in an editor but if he had files save it wouldn't let him do it.

03:43.480 --> 03:44.110
All right.

03:44.110 --> 03:48.970
So we've got the set up I'm going to hit OK and then I want to talk about this for a minute because

03:49.120 --> 03:50.380
we've got a couple of problems here.

03:50.380 --> 03:54.040
First of all what if harry quits if he quits.

03:54.130 --> 03:57.950
I'm going to have to go in here and take out all these NTFS permissions.

03:58.000 --> 03:59.760
So that's a bit of an issue.

03:59.770 --> 04:04.810
The second issue I have is what if I add more videos to this folder then I'm going to start running

04:04.810 --> 04:10.710
into a situation where I'm going to have to be setting these NTFS Permissions up for every little file

04:10.720 --> 04:12.400
I bring in.

04:12.400 --> 04:16.280
So what that does is brings up what Microsoft calls a best practice.

04:16.330 --> 04:19.910
Yes you can do it this way but there are more efficient ways to do it.

04:19.990 --> 04:23.940
In general what we do is we create users.

04:24.040 --> 04:31.570
We put the users into groups and then we give NTFS permissions to those groups in general when we're

04:31.570 --> 04:38.710
setting up those A.F. as permissions we set them up on a per folder basis for individual groups.

04:38.710 --> 04:40.230
Let me show you how this all works.

04:41.950 --> 04:46.960
So first of all what I'm going to do is I'm going to apply NTFS Permissions not to an individual file

04:46.990 --> 04:51.350
but to a folder so I'm going to right click on this folder and I'm going to go to properties.

04:51.370 --> 04:52.490
Do you see sharing.

04:52.540 --> 04:53.450
You ignore that.

04:53.470 --> 04:56.540
That is a networking thing we cover that in other episodes.

04:56.530 --> 04:59.340
There's no network here remember there's only one computer.

04:59.440 --> 05:00.960
So we go to security.

05:01.000 --> 05:06.150
Now what I want to do is I'm going to add in this case reviewer

05:10.350 --> 05:17.740
and check names make sure the underline appears and you'll see that reviewer is on here by default it

05:17.740 --> 05:23.950
gets read an execute list folder contents and read list folder contents is actually a very interesting

05:23.950 --> 05:25.030
NTFS permission.

05:25.030 --> 05:31.960
Without it you could get to those files but you can't actually open the folder and see what's in there.

05:31.960 --> 05:35.980
So kind of interesting NTFS permission but an important one.

05:35.980 --> 05:40.240
So what we've done here is we set up reviewer to have those particular permissions I'm going to hit

05:40.240 --> 05:41.170
OK.

05:41.740 --> 05:43.630
Let's go through this process one more time.

05:43.660 --> 05:46.300
Except this time we're going to let the editors in their

05:52.970 --> 05:58.310
so by default you'll see ret editors just get read in X Kulas folder contents and read permission.

05:58.310 --> 06:01.970
Well we're going to do is give them the modified permission as well.

06:01.970 --> 06:07.250
They have to have that so that they could edit these videos and then save them in the same folder with

06:07.250 --> 06:08.210
the same name.

06:11.050 --> 06:13.480
So we hit apply and we hit OK.

06:15.380 --> 06:20.700
And now we've got a basic set up and this is a very common type of set up that you'll see on a more

06:20.880 --> 06:24.290
serious system that has a lot of users working on it.

06:24.320 --> 06:27.390
Now the next thing I want to talk about is something called an Herron's.

06:27.390 --> 06:29.190
Let me show you how this works.

06:29.190 --> 06:38.230
First of all when we look at the properties of video you're going to see you see this guy right here

06:38.230 --> 06:39.130
that's me.

06:39.280 --> 06:41.950
I'm actually the person who created this folder.

06:41.950 --> 06:48.730
I am the owner of this folder so by default whoever actually creates a folder can set up what other

06:48.730 --> 06:49.840
people can do to it.

06:49.840 --> 06:52.440
So as the owner I've got a lot of power.

06:52.540 --> 06:55.060
Now what I want you to do is take a look.

06:56.310 --> 07:01.260
When we see editor here you're going to see that there are two columns here allow and deny.

07:01.260 --> 07:02.880
Let me show you how this works.

07:03.170 --> 07:07.290
When I'm going to do is go into videos and I'm going to pick any one of these and remember I have not

07:07.290 --> 07:14.100
set any NTFS permissions for this guy but when I go into properties and I go into security you'll see

07:14.100 --> 07:19.380
that editor right here has the same permissions that we had said earlier but there's a big difference.

07:19.410 --> 07:26.100
Look at the color of the checkboxes they're grayed out what's happening here is when you set NTFS permissions

07:26.100 --> 07:32.690
for any one object anything else you create in there automatically gets those same permissions.

07:32.690 --> 07:39.000
We call this inheritance here I make it even cooler that watch this song and right click right now new

07:39.660 --> 07:45.040
folder you want to call it Timmy.

07:45.390 --> 07:48.440
Now I just made this folder poof I just made him.

07:48.660 --> 07:52.450
So we go into properties and go into security.

07:52.620 --> 07:56.950
You're going to see that these are all the same permissions that we had before here.

07:57.000 --> 07:58.560
Here's here's me.

07:58.650 --> 08:00.790
I've got full control because I'm the owner.

08:01.050 --> 08:06.120
Here's editors with their modify permission and there's reviewers with the same permissions we said

08:06.150 --> 08:08.930
before and that's the power of inheritance.

08:08.940 --> 08:16.230
Anything that you put into one folder will automatically take on the NTFS permissions of that particular

08:16.230 --> 08:17.010
folder.

08:17.250 --> 08:23.580
So let's go ahead and take a minute right now and let's make sure you understand the basic NTFS permissions.

08:23.580 --> 08:28.500
NTFS Permissions vary whether you have a folder or a file.

08:28.500 --> 08:30.740
Let's go through those for a folder.

08:30.870 --> 08:33.740
First of all full control means you can do anything you want.

08:33.930 --> 08:40.350
Modify enables you to read write and delete both files and some folders within that folder read and

08:40.350 --> 08:46.020
execute enables you to see the contents of the folder and any sub folders as well as run executable

08:46.020 --> 08:47.220
programs.

08:47.780 --> 08:52.740
List folder contents enables you to see the contents of the folder and any sub folders.

08:53.000 --> 08:57.520
Read enables you to view a Folders contents and open any file in the folder.

08:57.890 --> 09:05.330
And last write enables you to write to files and create new files and folders NTFS permissions for a

09:05.330 --> 09:07.980
file start with full control.

09:08.030 --> 09:11.190
And as you might imagine it enables you to do anything you want.

09:11.600 --> 09:18.140
Modify enables you to read write and delete that file read and execute allows you to open and run the

09:18.140 --> 09:21.860
file read allows you to open the file.

09:21.980 --> 09:25.470
And last write enables you to open and write to the file.

09:25.490 --> 09:31.010
Now inheritance there are some rare situations where you might want to say look I might be putting more

09:31.010 --> 09:33.890
stuff in here but I don't want this inheritance thing.

09:33.890 --> 09:36.110
So let me show you what that's all about.

09:36.110 --> 09:40.110
So what I have here is I've got Let's go and cancel this.

09:40.130 --> 09:47.350
So here in this Fred folder let me go right back I'm going to Slik properties go into security and for

09:47.350 --> 09:53.360
some reason anything underneath this Fred folder I don't want that inheritance to go anymore.

09:53.530 --> 09:59.400
So what I can do in that case is I can click on edit and that's what these little denie buttons are

09:59.400 --> 10:04.300
for the denied checkbox say look anything from here on down.

10:04.440 --> 10:08.040
Stop the inheritance for those particular permissions.

10:08.130 --> 10:13.590
Generally using the deny button is pretty much proof that you haven't organized your folders well and

10:13.590 --> 10:14.880
you're not doing your NTFS.

10:14.970 --> 10:15.610
Right.

10:15.840 --> 10:18.440
But there are situations where it might be needed.

10:18.480 --> 10:23.690
So be aware that the deny button turns off inheritance right.

10:23.710 --> 10:29.500
Now the last thing I want to talk about with NTFS is the idea of well I've got this folder and it's

10:29.500 --> 10:34.450
got a number of files and folders within it that have these different NTFS permissions.

10:34.600 --> 10:36.900
What happens if I move it or copy it.

10:36.910 --> 10:43.000
So this action varies depending on how you're moving and copying and whether you're moving or copying

10:43.000 --> 10:43.550
even.

10:43.660 --> 10:49.960
Now before we get too deep in this I will make it easy for you if you have something with NTFS permissions

10:49.960 --> 10:53.710
and you copy it to a thumb drive with X fat or fat 32.

10:53.710 --> 11:00.250
That's easy when you copy it over there all the permissions go away because fat doesn't support NTFS

11:00.250 --> 11:05.360
Permissions where things get a little bit more challenging is when you're moving and copying within

11:05.370 --> 11:08.120
different NTFS formatted partitions.

11:12.050 --> 11:17.240
To help you understand the issues with moving and copying and NTFS Permissions what I have here are

11:17.240 --> 11:18.450
two physical drives.

11:18.440 --> 11:21.670
Now for demonstration I'll say this has dried see and this is Dr..

11:21.680 --> 11:26.720
What's important is that they are different drive letters now to get ourselves started.

11:26.720 --> 11:30.650
I've got this little orange cube here.

11:30.750 --> 11:34.860
And his job is to act as an object he could be a file he could be a folder.

11:34.860 --> 11:36.200
I don't really care what he is.

11:36.270 --> 11:40.230
He is an NTFS object that has NTFS permissions.

11:40.230 --> 11:46.740
This little purple cylinder is going to be the actual NTFS permissions that are on the original of this

11:46.830 --> 11:48.370
object whatever it might be.

11:48.540 --> 11:50.910
So let's start doing some moving and copying.

11:51.030 --> 11:58.640
First of all if we copy from one drive letter to another the copy will end up over here.

11:58.650 --> 12:01.740
But it does not keep its NTFS permissions.

12:01.740 --> 12:07.770
It will take on whatever NTFS Permissions are in the folder that it gets copied into.

12:07.770 --> 12:15.390
Now if we move it when you move it he loses all of his NTFS permissions and again he takes on whatever

12:15.390 --> 12:18.230
permissions are in the folder he gets copied to.

12:18.270 --> 12:23.460
Now things change a little bit when you're moving and copying within the same drive letter.

12:23.460 --> 12:29.670
If we're going to make a copy when you copy it like this he'll go ahead and you'll get the copy but

12:29.670 --> 12:35.500
again he'll lose his NTFS permissions if you move it.

12:35.550 --> 12:42.870
This is the only time out of all four of these little things we've just done where the NTFS Permissions

12:42.870 --> 12:46.470
actually go along with the object itself.

12:46.800 --> 12:49.120
The reason I'm harping on this is pretty simple.

12:49.140 --> 12:53.640
We know that comp he'll wants you to know it from the objectives and we know that it's an issue that

12:53.640 --> 12:55.890
comes up with people time and time again.

12:55.890 --> 13:03.750
So NTFS Permissions are powerful and amazing tools and to be honest with you we really just barely touched

13:03.750 --> 13:06.390
on it mainly because he only asked for a small amount.

13:06.420 --> 13:09.660
You'd have to be going into your NCSA to really tear it apart.

13:09.870 --> 13:14.070
Make sure you're comfortable with your different NTFS permissions and make sure you're comfortable with

13:14.070 --> 13:17.850
what happens with NTFS permissions when you move them and copy them.