Share Management; Share Considerations; Defining Access Control Lists; Integrating Local File System Security Into Windows Domain Environments - HP StoreEasy 1000 Administrator's Manual

2. If it is also necessary to take ownership of subfolders and files, enable the Replace owner on
subcontainers and objects box.
3. Click OK.

Share management

There are several ways to set up and manage shares. Methods include using Windows Explorer,
a command line interface, or Server Manger.
NOTE: Select servers can be deployed in a clustered as well as a non-clustered configuration.
This chapter discusses share setup for a non-clustered deployment.
As previously mentioned, the file-sharing security model of the storage system is based on the NTFS
file-level security model. Share security seamlessly integrates with file security. In addition to
discussing share management, this section discusses share security.

Share considerations

Planning the content, size, and distribution of shares on the storage system can improve
performance, manageability, and ease of use.
The content of shares should be carefully chosen to avoid two common pitfalls: either having too
many shares of a very specific nature, or of having very few shares of a generic nature. For
example, shares for general use are easier to set up in the beginning, but can cause problems
later. Frequently, a better approach is to create separate shares with a specific purpose or group
of users in mind. However, creating too many shares also has its drawbacks. For example, if it is
sufficient to create a single share for user home directories, create a "homes" share rather than
creating separate shares for each user.
By keeping the number of shares and other resources low, the performance of the storage system
is optimized. For example, instead of sharing out each individual user's home directory as its own
share, share out the top-level directory and let the users map personal drives to their own
subdirectory.

Defining Access Control Lists

The Access Control List (ACL) contains the information that dictates which users and groups have
access to a share, as well as the type of access that is permitted. Each share on an NTFS file system
has one ACL with multiple associated user permissions. For example, an ACL can define that User1
has read and write access to a share, User2 has read only access, and User3 has no access to
the share. The ACL also includes group access information that applies to every user in a configured
group. ACLs are also referred to as permissions.

Integrating local file system security into Windows domain environments

ACLs include properties specific to users and groups from a particular workgroup server or domain
environment. In a multidomain environment, user and group permissions from several domains can
apply to files stored on the same device. Users and groups local to the storage system can be
given access permissions to shares managed by the device. The domain name of the storage
system supplies the context in which the user or group is understood. Permission configuration
depends on the network and domain infrastructure where the server resides.
File-sharing protocols (except NFS) supply a user and group context for all connections over the
network. (NFS supplies a machine-based context.) When new files are created by those users or
machines, the appropriate ACLs are applied.
Configuration tools provide the ability to share permissions out to clients. These shared permissions
are propagated into a file system ACL, and when new files are created over the network, the user
creating the file becomes the file owner. In cases where a specific subdirectory of a share has
different permissions from the share itself, the NTFS permissions on the subdirectory apply instead.
Folder and share management 73