os tp final

8/4/2019 os tp final

1/14


2/14

Acknowledgement

Today, I am able to present this dissertation here with a coordination of

many heads and hands. Some have supervised, some have assessed,

some have assisted and some have been supplemented.

It gives me immense pleasure to acknowledge my intentness of sharp

and decency of gratitude to Ms. Neha bhateja for sharing a plethora of

knowledge. This would not have been possible without the guidance,

constructive criticism, benevolent help and encouraging attitude. I

would like to explain my gratefulness to god with whose grace I was

able to complete this project and my cousins for helping who helped me

a lot unleashing the knowledge gained so far.


3/14


4/14

Professional

Server

Advanced Server

Datacenter Server

Windows Xp

Windows XP is an operating system that is

produced by Microsoft for the use on

personal computers, including home and

business desktops, laptops, and media

centers. It was first released in August

2001.It is the most popular version of

Windows that is based on installed user

base. The name "XP" is short form or nick

name for "eXPerience." The Windows XP is

the successor to both the Windows 2000 and

Windows Me operating system .It is the first

consumer-oriented operating system that

produced by Microsoft to be built on the

base of Windows NT kernel. Windows XP

was first released for retail sale on October

25, 2001.

File Systems

Windows XP Professional supports the

FAT16, FAT32, and NTFS file systems.

Because NTFS has all the basic capabilities

of FAT16 and FAT32, with the added

advantage of advanced storage features such

as compression, improved security, and

larger partitions and file sizes, it is the

recommended file system for

Windows Vista.

Some features that are available when youchoose NTFS:

File encryption allows you to protect

files and folders from unauthorized

access.

Permissions can be set on individual

files, as well as on folders.

Disk quotas allow you to monitor

and control the amount of disk space

used by individual users.

Better scalability allows you to use

large volumes. The maximum

volume size for NTFS is much

greater than it is for FAT.

Additionally, NTFS performance

does not degrade as volume size

increases, as it does in FAT systems.

Recovery logging of disk activities

helps restore information quickly in

the event of power failure or other

system problems.
http://en.wikipedia.org/wiki/Laptopshttp://en.wikipedia.org/wiki/Home_theater_PChttp://en.wikipedia.org/wiki/Home_theater_PChttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_Mehttp://en.wikipedia.org/wiki/Windows_NT_kernelhttp://en.wikipedia.org/wiki/Laptopshttp://en.wikipedia.org/wiki/Home_theater_PChttp://en.wikipedia.org/wiki/Home_theater_PChttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_Mehttp://en.wikipedia.org/wiki/Windows_NT_kernel


5/14

When you perform a clean installation of

Windows Vista, it is recommended that you

use NTFS. If you upgrade computers that

use NTFS as the only file system, continue

to use NTFS with Windows Vista.

Multiple-Booting and File System

Compatibility

NTFS is the recommended file system for

Windows Vista. However, you might need a

different file system to multiple-boot

Windows XP Professional with an operating

system that cannot access NTFS volumes. If

you use NTFS to format a partition, only

Windows XP, Windows 2000, and

Windows NT 4.0 (with Service Pack 4) can

access the volume.

If you plan to install Windows Vista and

another operating system on the samecomputer, you must use a file system that all

operating systems installed on the computer

can access. For example, if the computer has

Windows 95 and Windows XP Professional,

you must use FAT on any partition that

Windows 95 must access. However, if the

computer has Windows NT 4.0 or

Windows XP Professional and

Windows Vista, you can use FAT or NTFS

because both operating systems can access

all those file systems. However, certain

features in the version of NTFS included

with Windows Vista are not available when

the computer runs Windows NT 4.0. For

more information about file system

compatibility and multiple booting, see

Both Windows Xp and Windows 2000, the

two operating system in contention use the

NTFS file system for storage. NTFS (New

Technology File System) is the standard file

system ofWindows NT, including its later

versions Windows 2000, Windows XP,

Windows Server 2003,Windows Server

2008, Windows Vista, and Windows 7.

NTFS supersedes the FAT file system as the

preferred file system for Microsofts

Windows operating systems. NTFS has

several improvements over FAT and HPFS

(High Performance File System) such as

improved support formetadataand the use

of advanced data structures to improve

performance, reliability, and disk space

utilization, plus additional extensions such

as security access control lists (ACL) and

file system journaling.
http://en.wikipedia.org/wiki/File_systemhttp://en.wikipedia.org/wiki/File_systemhttp://en.wikipedia.org/wiki/Windows_NThttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_XPhttp://en.wikipedia.org/wiki/Windows_Server_2003http://en.wikipedia.org/wiki/Windows_Server_2003http://en.wikipedia.org/wiki/Windows_Server_2008http://en.wikipedia.org/wiki/Windows_Server_2008http://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Windows_7http://en.wikipedia.org/wiki/File_Allocation_Tablehttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/High_Performance_File_Systemhttp://en.wikipedia.org/wiki/Metadata_(computing)http://en.wikipedia.org/wiki/Metadata_(computing)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Journaling_file_systemhttp://en.wikipedia.org/wiki/File_systemhttp://en.wikipedia.org/wiki/File_systemhttp://en.wikipedia.org/wiki/Windows_NThttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_XPhttp://en.wikipedia.org/wiki/Windows_Server_2003http://en.wikipedia.org/wiki/Windows_Server_2008http://en.wikipedia.org/wiki/Windows_Server_2008http://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Windows_7http://en.wikipedia.org/wiki/File_Allocation_Tablehttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/High_Performance_File_Systemhttp://en.wikipedia.org/wiki/Metadata_(computing)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Journaling_file_system


6/14

NTFS uses the following features for file

storage.->

Single Instance Storage (SIS)

Hierarchical Storage Management (HSM)

Native Structured Storage (NSS)

Microsoft Windows

While the different NTFS versions are for

the most part fully forward- andbackward-

compatible, there are technical

considerations for mounting newer NTFS

volumes in older versions of Microsoft

Windows. This affects dual-booting, and

external portable hard drives.

For example, attempting to use an NTFS

partition with "Previous Versions" (a.k.a.

Volume Shadow Copy) on an operating

system that doesn't support it, will result in

the contents of those previous versions being

lost.

bject of

mparison NTFS FAT16 FAT32

erating

tem

mpatibilit

A computer running Windows Vista, Windows

Server 2003, Windows 2000, or Windows XP

can access files on an NTFS partition. A

computer running Windows NT 4.0 with

Service Pack 4 or later can access files on the

partition, but some NTFS features, such as Disk

Quotas, are not available. Other operating

systems allow no access.

File access is available to

computers running

Microsoft MS-DOS, all

versions of Windows,

Windows NT, Windows XP,

Windows Vista, and OS/2.

File access is available

computers running Micr

Windows 95 OSR2,

Windows 98, Windows

Windows 2000, Window

and Windows Vista.

ume size Recommended minimum volume size is

approximately 10 MB.

Recommended practical maximum for volumes

is 2 terabytes. Much larger sizes are possible.

Cannot be used on floppy disks.

Volumes up to 4 GB.

Cannot be used on floppy

disks.

Volumes from 512 MB

2 terabytes.

In Windows Vista, you

format a FAT32 volume

up to 32 GB.

Cannot be used on flopp

disks.

size Maximum file size 16 terabytes minus 64 KB

(244 minus 64 KB)

Maximum file size 4 GB Maximum file size 4 GB

es perume

4,294,967,295 (232

minus 1 files) 65,536 (216

files) Approximately 4,177,92
http://en.wikipedia.org/wiki/Forward_compatibilityhttp://en.wikipedia.org/wiki/Backward_compatibilityhttp://en.wikipedia.org/wiki/Backward_compatibilityhttp://en.wikipedia.org/wiki/Volume_Shadow_Copyhttp://en.wikipedia.org/wiki/Forward_compatibilityhttp://en.wikipedia.org/wiki/Backward_compatibilityhttp://en.wikipedia.org/wiki/Backward_compatibilityhttp://en.wikipedia.org/wiki/Volume_Shadow_Copy


7/14

Compatibility with FAT

Microsoft currently provides a tool

(convert.exe) to convert HPFS (only on

Windows NT 3), FAT16 and, on Windows

2000 and higher, FAT32 to NTFS, but not

the other way around.

Comparison of NTFS and FAT File

Systems shown in the table

If you also want to use MS-DOS on your

system, you must use FAT to format another

partition, which is the MS-DOS operating

system's native file system. MS-DOS does

not recognize data on NTFS or FAT32

partitions.

Understanding Windows file system in Xp

and 2000 AND Security comparisons of

file system in Windows Xp and 2000

Even though Windows permissions have

been around for a long time, I still run into

seasoned network administrators that arent

aware of the new changes that came with

Windows 2000 so long ago. WhenMicrosoft released Windows 2000, they

released a new version of NTFS, which was

versioned 5. The new NTFS permissions

were essentially the same logical control as

the older version that was available in

Windows NT, however, there were some

radical and essential changes that occurred

to control how the permissions were

inherited and configured for each file and

folder. Since NTFS permissions are

available on every file, folder, Registry key,

printer, and Active Directory object, it is

important to understand the new methods

and features that are available once you have

Windows 2000, Windows XP, or Windows

2003 Server installed to control resources.

The two editions of Xp launched tackle the

problem of file security in the following

manner using the features like :

Xp Ahead of Windows2000 :

Windows XP provides the most

dependable version of Windows everwith

the best security and privacy features

Windows has ever provided. Overall,

security has been improved in Windows XP

to help you have asafe, secure, and

private computing experience. Windows XP

is available in two editionsWindows XPHome Edition for home use, and Windows

XP Professional for businesses of all sizes.

Security features in Windows XP Home

Edition make it even safer for you to shop
http://en.wikipedia.org/wiki/High_Performance_File_Systemhttp://en.wikipedia.org/wiki/File_Allocation_Tablehttp://en.wikipedia.org/wiki/High_Performance_File_Systemhttp://en.wikipedia.org/wiki/File_Allocation_Table


8/14

and browse on the Internet. Windows XP

Home Edition comes with built-in Internet

Connection Firewall software that provides

you with a resilient defense to security

threats when you're connected to the Internet

particularly if you use always-on

connections such as cable modems and

DSL.

Windows XP Professional includes all of the

security capabilities of Windows XP Home

Edition, plus other security management

features. These important new security

features will reduce your IT costs and

enhance the security of your file systems.

Windows XP Home Edition

Personalized Login

Fast User Switching

Personal Privacy

Internet Connection Firewall

Shared Documents Folder

Windows XP Professional

Corporate Security

Controlled Network Access

Simple Sharing

Blank Password Restrictions

Encrypting File System

Certificate Services

Credential Management

Fast User Switching

Personal Privacy

Internet Connection Sharing

Internet Connection Firewall

Software Restriction Policies

Internet Protocol Security

Smart Card Support

Kerberos

Encrypting File System

So far, this paper has described techniques

for protecting resources stored on acentralized network. But beyond simple

password protection, what about protecting

the data stored on a desktop or laptop

computer?

Windows 2000 Encrypting File System

(EFS) addresses this concern. For added

protection of data stored locally, EFS letsyou encrypt designated files or folders on a

local computer, so unauthorized people can't

read those files. EFS is particularly useful

for protecting data on a computer that might

be physically stolen, such as a laptop. You


9/14

can configure EFS on laptops to ensure that

all business information is encrypted in the

user's document folders.

When you enable EFS for a file or folder onan NTFS file system (NTFS) volume, the

operating system encrypts the files using the

public key and symmetric encryption

algorithms available through the CryptoAPI.

Though the underlying mechanism is

complicated, administrators and users can

take advantage of the extra security by

merely selecting a check box in

the Advanced Attributes dialog box

accessed from the File Properties dialog

box.

EFS automatically encrypts the file when it

is saved, and decrypts it when the user opens

it again. No one can read these files except

the user who encrypted the file and an

administrator with an EFS file recovery

certificate (see below). Since the encryption

mechanism is built into the file system, its

operation is transparent to the user and

extremely difficult to attack.

EFS encrypts a file using a symmetric

encryption key unique to each file. Then it

encrypts the encryption key as well, using

the public key from the file owner's EFS

certificate. Since the file owner is the only

person with access to the private key, that

person is the only one who can decrypt the

key, and therefore the file.

Encryption protects files even if someone

bypasses EFS and uses low-level diskutilities to try to read information. Even if

the file can be stolen, over the network or

physically, it cannot be decrypted without

first logging on to the network as the

appropriate user. Since it cannot be read, the

file also cannot be surreptitiously modified.

In the event of an emergency, or should anemployee leave your organization, EFS

includes a recovery mechanism that lets you

recover your company's information. When

EFS is used, a separate recovery key is

created. This is done automatically by the

system, which encrypts the original

encryption key using the public key of an

administrator's EFS file recovery certificate.

An administrator can use the private key

from that certificate to recover the file

should the need arise.

Maintaining File Confidentiality

Security features such as logon

authentication or file permissions protect

network resources from unauthorized

access. However, anyone with physical

access to a computer can install a new


10/14

operating system on that computer and

bypass the existing operating system's

security. In this way, sensitive data can be

exposed. Encrypting sensitive files through

EFS adds another layer of security. When

files are encrypted, their data is protected

even if an attacker has full access to the

computer's data storage.

Only authorized users and designated data

recovery agents can decrypt encrypted files.

Other system accounts that have permissions

for a fileeven the Take Ownership

permissioncannot open the file without

authorization. Even the administrator

account cannot open the file if that account

is not designated as a data recovery agent. If

an unauthorized user tries to open an

encrypted file, access will be denied.

Figure 6 shows where you would create

settings for EFS.

Understanding Permissions For File

Systems Security in XP and 2000

Standard Permissions :

Standard permissions are those permissions

that control a broad range of detailed

permissions. The most popular and infamous

standard permission is Full Control. This is

what everyone wants, but in reality very few

should get. Full Control allows the user that

is granted this suite of permissions to do

virtually anything to the object the

permissions are associated with. The other

standard permissions include the following:

Files:

Modify

Read & Execute
http://technet.microsoft.com/en-us/library/Bb457059.xpsec06_big(en-us,TechNet.10).gif


11/14

Read

Write

Folders have the same standard permissions

as files, except there is one additional

standard permission List Folder Contents.

When you look at Registry keys, printers,

and Active Directory objects, there is a

totally different set of standard permissions

for these objects. The security tab of each

object will list the standard permissions, as

shown in Figure 1 for a typical

organizational unit (OU) within Active

Directory.

Inherited vs. Explicit Permissions

There are two variations of permissions that

you will see for any one entry (user,

computer, or group) listed on the access

control list (ACL). If we look at the root

drive, C:, you can add or modify the

permissions for any entry on the ACL. If

you create a new folder under C:, say a new

folder named Data (C:\Data), you wont be

able to modify the permissions for any

existing entries. This is because the

permissions from C: inherit down to all

subfolders and files automatically. If you

dont want the permissions from C: to

inherit down the C:\Data, but still want them

to inherit down to other subfolders below C:,

you would configure the C:\Data folder to

stop inheriting by removing the check from

the Inherit from parent the permission

entries that apply to child objects. Include

these with entries explicitly defined here,

as shown in Figure 3.


12/14


13/14

user or group SID is not on the ACL will

have the same result of No Access to the

resource, without needing to configure any

special entries on the ACL. It is only in the

rare instance that a user or group should be

explicitly denied access that you configure

Deny permissions. Denial of access to

resources by omission from the ACL is

easier to troubleshoot, manage, and

configure.

Permission PrecedenceI

hear all of the time from students and other

network administrators (even the dialog box

in Figure 4) that Deny permissions take

precedence over Allow permissions.

Unfortunately, this is not always the case.

To prove my point, lets look at a scenario

that you too can create to prove that Denypermissions dont always take precedence

over Allow permissions.

In our scenario, we are going to look at a

folder, C:\Data\HR, which contains both

public and private files. We have allowed

the C:\Data\HR folder to inherit the

permissions from C:\Data, which includes

just basic permissions from the root folder.

We have also included the HR group on the

ACL, giving the Group Allow-Read &

Execute permissions. The final explicit entry

on the ACL is for the non-HR group, which

is given Deny-Full Control.

Below the HR folder are two files:

Public.doc and Private.doc. The Public

folder just allows for normal permission

inheritance, so there are no special

permissions added to the ACL. However,

the private file has some explicit

permissions added to the ACL. Since the

Executive group needs to be able to read the

contents of the private folder, this group is

added explicitly with the Allow-Read


14/14

Bibliography

http://en.wikipedia.org/wiki/Comparison_of_file_systems

http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212120,00.html

http://technet.microsoft.com/en-us/library/bb457059.aspx

http://technet.microsoft.com/en-us/library/bb742513.aspx
http://en.wikipedia.org/wiki/Comparison_of_file_systemshttp://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212120,00.htmlhttp://technet.microsoft.com/en-us/library/bb457059.aspxhttp://technet.microsoft.com/en-us/library/bb742513.aspxhttp://en.wikipedia.org/wiki/Comparison_of_file_systemshttp://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212120,00.htmlhttp://technet.microsoft.com/en-us/library/bb457059.aspxhttp://technet.microsoft.com/en-us/library/bb742513.aspx