CHAPTER 20

     MONITORING ACCESS TO NETWORK RESOURCES

 

 

Lesson 1:  Monitoring Network Resources

 

Windows 2000 includes the Computer Management and Shared Folders snap-ins so that you

can easily monitor access to network resources and send administrative messages to users. 

 

 

Understanding the Purposes for Monitoring Network Resources

 

There are three primary reasons why it is important to assess and manage network resources

and they are:

 

Maintenance.  When you must perform maintenance tasks on network resources, you will

need to periodically make certain resources unavailable to users.  To do this you must determine

which users are currently using a resource so that you can notify them before making the resource

temporarily or permanently unavailable.

 

Security.  To maintain a network’s security you need to monitor user access to resources that

are confidential or need to be secure to verify that only authorized users are accessing them.

 

Planning.  Meeting the expanding needs of the network’s users requires that you determine

which resources are being used and how much they are being used so that you can plan for

future system growth.

 

When you add the Computer Management and Shared Folders snap-ins to a custom console

with MMC, you specify whether you want to monitor the resources on the local computer or

a remote computer.

 

 

Understanding the Requirement to Monitor Network Resources:

 

Groups that Can Access Network Resources

 

======================================================================

A member of these groups                Can monitor

======================================================================

 

Administrators or Server                   All computers in the domain.

Operators for the Domain

 

Administrators or Power                    Local or remote computers in the workgroup.

Users for a member server

 

 

=======================================================================

 

winpro20.html                                                 PAGE 2                                                         2001/12/14

 

 

 

Lesson Summary:

 

•   Monitor resources also helps you plan for future growth.
•   Windows 2000 includes Computer Management and Shared Folders snap-ins so that you can

easily monitor access to network resources.

•   To monitor resources on a remote computer, you specify the computer on which you want to

monitor resources when you add either the Computer Management or Shared Folders snap-in

to a custom console.

•   In a Workgroup, only members of the Administrators group or the Power Users group can

monitor resources for the local computer or for a remote computer in the workgroup.

•   In a domain, only members of the Administrators groups or the Server Operators group for

the domain can monitor resources on all the computers in the domain.

 

 

Lesson 2:  Monitoring Access to Shared Folders

 

You use the Shared folder in either the Computer Management snap-in or the Shared Folders

snap-in to view a list of all shared folders on the computer and to determine how many users

have a connection to each folder.

 

NOTE:  Microsoft Windows 2000 doesn’t update the list of shared folders, open files, and

user sessions automatically.  To update these lists, on the Action menu, click Refesh.

 

 

Determining how many users can access a Shared Folder concurrently

 

On the Action menu, click Properties/General Tab, shows you the user limit.  In Windows

2000 Professional, the maximum is 10.  However, you can set this to a lower value.  This is a

great tool, you can access all the shared folders on the Computer in one area, versus looking at

Windows Explorer, and sifting through the folders.

 

Start/Administrative Tools/Computer Management/Shared Folders/Shares

 

Notice that you will display how many can share this folder.  The limit of 10 concurrent and

simultaneous connections is related to the Workgroup Theory, for a peer-to-peer network.

 

 

 

=======================================================================

 

winpro20.html                                                 PAGE 3                                                         2001/12/14

 

 

 

Modifying Shared Folder Properties

 

You can modify existing shared folders, including shared folder permissions, from the Share folder. 

To change a shared folder’s properties, click the shared folder, and then on the Action menu, click

Properties, click the share name, the path to the shared folder and any comment that has been

entered. 

 

 

Monitoring Open Files

 

Use the Open Files folder in either the Computer Management snap-in or Shared Folders snap-in

to view a list of open files that are located in shared folders and the users who have a current

onnection to each file. 

 

 

Disconnecting Users from Open Files

 

You can disconnect users from one open file or from all open files.  If you make changes to the

Microsoft Windows 20000 File System (NTFS) permissions for a file that is currently opened

by a user, the new permission won’t affect the user until he or she closes and then attempts to

reopen the file.

 

You can force these changes to take place immediately by doing either of the following:

 

Disconnecting all users from all open files.  To disconnect all users from all open files, in

the Shared Folder snap-in console tree, click Open Files, and then on the Action menu, click

Disconnect All Open Files.

 

Disconnecting all users from one open file.  To disconnect users from one open file, in

the Shared Folder snap-in console tree, click Open Files.  In the details pane, select the open file,

and then on the Action menu, click Close Open File.

 

CAUTION  Disconnecting users from open files can result in data loss.

 

 

 

Lesson Summary:

 

•   You can use the Shares folder in either the Computer Management snap-in or the

Shared Folders snap-in to view a list of all shared folders on the computer and to

determine how many users have a connection to each folder. 

•   The General tab of the Properties dialog box for a shared folder shows you the user

limit, or maximum number of users that can concurrently connect to that share.

•   The Security tab allows you to view and change the shared folders permissions.

 

 

=======================================================================

 

winpro20.html                                                 PAGE 4                                                         2001/12/14

 

 

 

Lesson 3:  Sharing a Folder Using the Shared Folders Snap-in

 

You can use either the Computer Management snap-in or the Shared Folders snap-in to share

an existing folder or to create a new folder and share it on the local computer or on a remote

computer.

 

From either the Computer Management snap-in or the Shared Folders snap-in, you can run the

Create Shared Folder wizard to create a new folder and share it.

 

When you use the Shared folder snap-in to share an existing folder or to create a new shared

folder, Windows 2000 assigns the Full Control shared folder permission to the Everyone group

by default.  You can also assign NTFS permissions when you share the folder.

 

NOTE:  Using either the Computer Management snap-in or the Shared Folder snap-in is the

only way to create a shared folder on a remote computer.  Otherwise, you need to be physically

located at the computer where the folder resides to share it.

 

 

Sharing a Folder on a Remote Computer

 

If you want to share a folder on a remote computer, you run the MMC and add the Shared

Folders snap-in to it.  When you add the Shared Folder snap-in, point it to the remote computer

on which you want to create and manage shared folder.

 

1. Start/run, type MMC, enter key.
2. On the Console menu, click Add/Remove Snap-in.
3. In the Add/Remove snap-in click ADD.
4. In the Add Standalone Snap-in, click Shared Folders and then click ADD.
5. In the Shared Folders, select another Computer than then type in the name of the remote

computer. 

     6.   Click Finish

7. Close the Add/Remove Snap-in and Add Standalone Snap-in boxes.

 

NOTE:  If you want to create and manage shared folders on remote computers and you aren’t

in a domain, you must create the same user account with the same password on each computer. 

In workgroups, you don’t have a central database that contains all user account; instead, each

computer in the workgroup has its own local security database.

 

 

 

=======================================================================

 

winpro20.html                                                 PAGE 5                                                         2001/12/14

 

 

 

Lesson Summary:

 

 

• You can set the shared folder and NTFS permissions when you share a folder.
• Using the MMC and add the Computer Management snap-in or the Shared Folders snap-in.

 

 

Lesson 4:  Monitoring Network Users

 

 

You can also use Computer Management snap-in or the Shared folders snap-in to monitor

which users are currently gaining access to shared folder resources on a server from a remote

computer, and you can view the resources to which the users have connections.

 

 

Monitoring User Sessions

 

This information enables you to determine which users you should contact when you need to stop

sharing a folder or shut down the server on which the shared folder resides.

 

You can disconnect one or more users to free idle connections to the shared folder, to prepare for

a backup or restore operation, to shut down a server, and to change group membership and

permissions for the shared folder.

 

 

Disconnecting Users

 

You can disconnect one or all users with a network connection to a computer.  You disconnect

users so that you can do any of the following:

 

Have changes to shared folder and NTFS permissions take effect immediately.  A user retains all

permissions for a shared resource that Windows 2000 assigned when the user connected to it. 

Windows 2000 evaluates the permissions again the next time that a connection is made.  Users

can have the file open, and changes will take effect while they are in the file.

 

Free idle connections on a computer so that other user can make a connection when you reach

the maximum number of connections.  User connections to resources might remain active for

several minutes after a user finished gaining access to a resource.

 

 

Shut down a server

 

 

 

=======================================================================

 

winpro20.html                                                 PAGE 6                                                         2001/12/14

 

 

NOTE:  After you disconnect a user, he or she can immediately make a new connection.  If the

user gains access to a shared folder from a Windows-based client computer, the client computer

will automatically reestablish the connection with the shared folder.  This connection will be

established without user intervention unless you change the permissions to prevent the user from

gaining access to the shared folder or you stop sharing the folder to prevent all users from gaining

access to the shared folder.

 

 

You can disconnect a specific user, as follows:

 

In the console tree, under Shared Folder, click Sessions.

In the list of users in the details pane, select the user that you want to disconnect, and then click

Close Session on the Action menu.

 

NOTE:  If you want to disconnect all users, click Sessions in the Console tree, and then click

Disconnect All Sessions on the Action menu.

 

 

Sending Administrative Messages to Users

 

You can send administrative messages to one or more users or computers.  Send administrative

messages to users who have current connection to a computer on which network resources are

shared when there will be a disruption to the computer or restore availability.  Some common

reasons for sending administrative messages are to notify users when you intend to do any of

the following:

 

• Perform a backup or restore operation
• Disconnect users from a resource
• Upgrade software or hardware
• Shut down the computer

 

By default, all currently connected computers to which you can send a message appear in the list of

recipients.  You can add other users or computers to this list even if they don’t have a current

connection to resources on the computer.

 

Start/Programs/Administrative Tools/Computer Management/Shared Folder/Shares/Action/All

Tasks/Send Console Messages.

 

 

 

=======================================================================

 

winpro20.html                                                 PAGE 7                                                         2001/12/14

 

 

Lesson Summary:

 

•   The session folder allows you to view connections to open files on a server, and it allows you to

disconnect a specific user or all users with a network connection to a computer.

•   Computer Management snap-in or the Shared folders snap-in allows you to send administrative

messages to one or more users or computer, and that by default, all currently connected computers

appear in the list of recipients to which you can send a message.