You are currently viewing Networks and NTFS

Networks and NTFS

An operating system needs to determine the users that can access different resources that are available to them like folders and printers and how those resources can be used. Microsoft has three types of network architecture available for this: workgroups, domains, and homegroups.

Homegroups are slowly becoming obsolete. With the introduction of Windows 10, Microsoft decided to get rid of this option. Too bad because it worked well in a small environment like a home network. Because of this, the only option you have is to build a small basic network at home with a bit of protection with the support of workgroups.       In this post, I will show you how a workgroup works and how you can set this up. In addition to this, I will also share how to set up a basic authorization for a workgroup. The easiest way to manage this is by allowing NTFS to do its work. What NTFS is and how this works will also be discussed in this post.

Workgroups

A workgroup is only suitable for a home network in my opinion. It is too difficult to maintain in an organization which adds more complexity to a network infrastructure very quickly. This is also the reason I would advise sticking to a private network at home by using workgroups if you want to share files between computers and accounts at home over a network. If you want to set up a network for an organization, use a domain instead.

A workgroup is the most basic where groups are the most basic and simplistic of the three network organizations. All Windows computers are assigned by default to a workgroup that is called WORKGROUP.

Workgroup as standard in System overview (Control Panel Windows 11)

Every computer on the network needs to have the same workgroup name to be able to share resources with other computers in the network. By changing all workgroups for every computer in a different name you create a small and unique network. You are the only one that has this name, and you can share it with the computers you want to connect to your network. You can change the name of a workgroup on your computer in “System Properties”:

Changing a Workgroup name in Windows 11

If you change the workgroup name for one system, you need to change it for all devices as well if you want them connected to your workgroup.

The simple setup of a workgroup does not only apply to Windows computers. You can also add an Apple device to your network. In macOS, you can change a workgroup name in “System Preferences” and then “Network.” After that you can click on the button and WINS. Then you can assign the proper workgroup name to the Apple device:

Adding an Apple device to your workgroup

The big advantage of workgroups is that they are easy to set up and easy to connect to a network. The downside is the fact that it lacks centralized control over the network. All systems that you connect in the network are equals.

To log onto the network, a user first must log in to their system. This is done by entering their username and password. A username identifies the user that logs into the system (and in this case your network) and the password provides the authentication to log into the Operating System (OS) that they are using.

Usernames and passwords are stored in an encrypted format on your computer, but usernames and passwords are also used to access the shared resources on other computers in the network. Security-wise this is not optimal.

Sharing Folders

All devices in a workgroup can share folders and printers. You can right-click on a folder that you want to share with a specific person or with everyone who signs into the network. After that, you click on the “share” button, and then you can select the accounts you want to share the file with:

Sharing a folder with everyone in the workgroup

You can give an account Read or Read/Write permission. The person who created the folder is assigned as “Owner.” If you have “Read” permission, you can see what is in the folder. If you have “Read/write” permission, you can also save files into the folder. If you have “Owner” permission, you can set permissions for other users on the folder: admin rights.

In addition to basic sharing, you can also opt for “Advanced Sharing.” Advanced Sharing enables you to set up network shares with more detailed control over access to the contents.

Advanced Sharing

After you have clicked on “Advanced Sharing” you can select “Share this folder” to make it active. Then you can set a share name (default is the same name as the folder name). Click on “Permissions” to get to the last step. The “Everyone” group is set to Read permissions by default. However, you can add or remove groups or usernames. There are three permission levels: Read, Change, and Full Control. You can set these permissions to Allow or Deny. Deny always prevails over Allow.

Advanced Sharing gives you control over what specific user accounts and user groups can do with a network share. You can grant Full Control to everyone but in addition to this, you can add a specific user to the group and Deny Full Control to that user account. This would mean that everyone except for the account you have denied full control has access to a specific file.

NTFS

Setting up access manually requires a lot of work so in practice, I would advise setting everything to Full Control and just letting NTFS handle authorization at the local level.

NTFS stands for New Technology File System. This is the file system that the Windows NT operating system (OS) is using to store and retrieve files on hard disk drives (HDDs), and Solid-State Drives (SSDs). NTFS is the Windows NT equivalent of the Windows 95 File Allocation Table (FAT), and the OS/2 High-Performance File System (HPFS). NTFS offers several improvements over FAT and HPFS in terms of performance, extensibility, and security.

A computer’s OS creates and maintains the file system on a storage drive or device. The file system organizes the data into files. It controls how data files are named, stored, retrieved, and updated and what other information can be associated with the files.

NTFS is a type of file system. File systems are differentiated by the Operating System and the type of drive that they use. The level of access to these files is defined by a set of restrictions that are called NTFS permissions. NTFS permissions are rulesets, connected to every folder and file in your system that define exactly what any account or group can or cannot do to the file or folder. This means that you can set up NTFS permissions for a user account to edit a file but not delete it. This means that you can set up an authorization structure exactly the way you want it but be warned: NTFS file and folder permissions are powerful and complicated.

There are a few basic concepts of NTFS permissions: Ownership permission, Change permission, folder permissions, and file permissions.

  • Ownership. When you create a new file or folder on an NTFS partition, you become the owner of that file or folder. An owner can do anything they want to the files or folders they own. This includes changing the permissions to prevent anybody, even an administrator, from accessing them.
  • Take Ownership permission. This gives anyone permission to seize control of a file or a folder. Administrator accounts have “Take Ownership” permission for everything. If you own a file, you can prevent anyone from accessing that file. An administrator whom you have blocked, can take that ownership away from you and then access that file. This is important to know. It shows how powerful an administrator is and why hackers always go for admin rights.
  • Change permission. An account with this permission can give or take away permissions for other accounts.
  • Folder permissions. These permissions define what a user may do to a folder. An example is “List folder contents,” which gives the permission to see what is in the folder.
  • File permissions. File permissions define what a user may do to an individual file. One example might be “Read and Execute,” which gives a user account the permission to run an executable file.

You can set up NTFS permission through the Security tab under the “Properties” of a folder or a file. The Security tab has two primary areas. The top area shows a list of accounts that have permissions for a specific resource and the lower area shows exactly what permissions have been assigned to a selected account.

The Security Tab

You can add or remove NTFS permissions by first selecting the user or group you want to change and then clicking Edit to open a Permissions dialog box. If you want to add NTFS permissions, you can select the “Allow” checkbox next to the NTFS permission that you want to add. You can remove an NTFS permission by deselecting the “Allow” checkbox next to the NTFS permission you want to remove. The standard NTFS permissions you can switch on and off:

  • Full control. This enables you to do anything you want: “Godmode.”
  • Modify. This gives you rights to read, write, and delete both files and subfolders.
  • Read & execute. This enables you to see the contents of the folder and any subfolders as well as run any executable (.exe) programs or associations in that folder.
  • List folder contents. This enables you to see the contents of the folder and any subfolders.
  • Read. This gives you the rights to view a folder’s contents and to open any file in the folder.
  • Write. This enables you to write files and to create new files and folders.

As stated before, NTFS is far more complicated, but these basics should give you a good impression of the NTFS basics. It also shows the importance of a good authorization structure and the power of administrator rights.

Final Thoughts

If you want to get a grasp of networks, Workgroups is the best way to start. It is easy to set it up and it shows the basics of a home network with a standard authorization structure.

Personally, I think that workgroups will become obsolete soon as well because of the Cloud. Most files can already be shared between family members by OneDrive, Google Drive, Dropbox, etc., and it is also possible to give individuals access to specific locations. However, by understanding the basics of networking and network infrastructure (of which workgroups are part of) will also make it easier to understand how Cloud networks operate.

Feel free to contact me if you have any questions or if you have any additional advice/tips about this subject. If you want to keep in the loop if I upload a new post, do not forget to subscribe to receive a notification by e-mail.

Leave a Reply