![[Contents]](a5f4558b.gif)
![[Back]](8016546c.gif)
![[<< Prev]](8f6f5240.gif)
![[Next >>]](e7ced9d2.gif)
User-Level Security on Windows 95
User-level security can be used to overcome the shortcomings of share-level security, and where it is available, this type of security is generally the preferred security structure. With user-level security, you can grant specific user accounts or group accounts to a shared directory or printer. Instead of relying on a password that could be used by anyone, the user account accessing a shared resource must be authenticated to ensure that that account has been granted access. User-level security, therefore, provides a level of personal flexibility and accountability that is not available with share-level security.
Windows 95 cannot manage user accounts by itself. Instead, the application must use another authentication database so that Windows NT or a NetWare server can authenticate the user trying to access the resource. In user-level security, Windows 95 must defer to a machine with a user database and present all requests for access to that machine for authentication.
To initiate user-level security, the Windows 95 computer must obtain a copy of the accounts list from one of the following sources:
- Windows NT Server 3.5 (or later) computer
- Windows NT Workstation 3.5 (or later) computer
- NetWare 3.x server
- NetWare 4.x server with bindery emulation enabled
When a directory is shared with user-level security, the users or groups to be granted access to the share are assigned privileges. You can grant each user or group one of the following privileges:
- Read-only. Users can access files and subdirectories in a directory but cannot delete or save files to that share.
- Full access. Users can read, write, and delete files in the directory.
- Custom. Any number of the following privileges can be granted:
- Read Files
- Write to Files
- Create Files
- List Files
- Delete Files
- Change File Attributes
- Change Permissions
When sharing a printer, users or groups can be added to a list of users with access to that printer. More specific information on sharing printers is discussed in Exercise 8.8.
Exercise 8.6 demonstrates how to grant a network user access to a directory share. For this exercise, you must be part of a domain that contains a server with a user accounts database. If the user accounts exist on a NetWare server, you will need to install the Client for NetWare Networks, the IPX/SPX-compatible protocol, and File and Printer Sharing for NetWare Networks, and make your selections accordingly throughout the exercise.
You now have learned what a user and a group are, and how they can be used to provide network access and file security. You have seen the way that both Windows 95 and Windows NT handle security issues, and should be able to see some of their major differences. Remember that the same principles that guide file sharing also work for the other major network resource we will look at—printers.