|1| Chapter 10, Administering Shared Folders

|2| Chapter 10, Lesson 1

|3| Understanding Shared Folders

|4| 1. Shared Folders

A. Provide network users centralized access to network files

B. Contain applications, data, or a user’s personal data in a home directory

C. All users by default can connect to the shared folder and gain access to the folder’s content.

D. Each type of data requires different shared folder permissions.

|5| 2. Shared Folder Permissions

A. Overview

1. Shared folder permissions can be assigned to user and group accounts to control what users can do with the content of a shared folder.

2. Shared folder permissions are assigned to control how users gain access to a shared folder.

3. Shared folder permissions can be allowed or denied.

4. It is best to allow permissions and to assign permissions to a group rather than to individual users.

5. Permissions should be denied only when necessary to override permissions that are otherwise applied.

|6| B. Characteristics of shared folder permissions

1. Apply to folders, not to individual files; provide less-detailed security than NTFS permissions

2. Do not restrict access to users who gain access to the folder at the computer where the folder is stored; only apply to users who connect to the folder over the network

3. Are the only way to secure network resources on a FAT volume; NTFS permissions are not available on FAT volumes.

4. The default is Full Control, which is assigned to the Everyone group when the folder is shared.

Note A shared folder appears in Windows Explorer as an icon of a hand holding the shared folder.

|7| C. Shared folder permissions

1. Read: View file names and subfolder names, view data in files, traverse to subfolders, and run programs

2. Change: Add files and subfolders to the shared folder, change data in files, delete subfolders and files, and perform actions permitted by the Read permission

3. Full Control: Change file permissions (NTFS only), take ownership of files (NTFS only), and perform all tasks permitted by the Change permission

|8| 3. How Shared Folder Permissions Are Applied

|9| A. Overview

1. Applying shared permissions to user accounts and groups affects access to a shared folder.

2. Denying permission takes precedence over the permissions that are allowed.

|10| B. Multiple permissions combine for effective permissions.

1. A user can be a member of multiple groups, each with different permissions that provide different levels of access to a shared folder.

2. Effective permissions are the combination of the user and group permissions.

|11| C. Deny overrides other permissions.

1. Denied permissions take precedence over any permissions that are otherwise allowed for user accounts and groups.

2. If shared folder permissions are denied, the user will not have that permission, even if the permission is allowed for a group of which the user is a member.

|12| D. NTFS permissions are required on NTFS volumes.

1. Shared folder permissions are sufficient to gain access to files and folders on a FAT volume, but not on an NTFS volume.

2. Users can gain access to a shared folder for which they have permissions, as well as all of the folder’s contents.

3. When users gain access to a shared folder on an NTFS volume, they need the shared folder permission and the appropriate NTFS permissions for each file and folder to which they gain access.

|13| E. Copied, moved, or renamed shared folders are no longer shared.

1. When a shared folder is copied, the original shared folder is still shared, but the copy is not shared.

2. When a shared folder is moved or renamed, it is no longer shared.

|14| 4. Guidelines for Shared Folder Permissions

A. Overview

1. Determine which groups need access to each resource and the level of access that they require.

2. Document the groups and their permissions for each resource.

3. Assign permissions to groups instead of user accounts to simplify access administration.

4. Assign to a resource the most restrictive permissions that still allow users to perform required tasks.

5. Organize resources so that folders with the same security requirements are located within a folder.

6. Use intuitive share names so that users can easily recognize and locate resources.

7. Use share names that all client operating systems can use.

Note Microsoft Windows 2000 provides 8.3-character equivalent names, but the resulting names might not be intuitive to users.

|15| B. Shared folder naming conventions

1. Windows 2000, Windows NT, Windows 98, and Windows 95

a. Share name length: 80 characters

b. Folder name length: 255 characters

2. MS-DOS, Windows 3.1, and Windows for Workgroups

a. Share name length: 8.3 characters

b. Folder name length: 8.3 characters

|16| Chapter 10, Lesson 2

Planning Shared Folders

|17| 1. Overview

A. Planning shared folders helps to reduce administrative overhead and ease user access.

B. Planning shared folders involves

1. Determining which resources are to be shared

2. Organizing resources according to function, use, and administration needs

C. Shared folders contain applications and data.

D. Using shared application folders centralizes administration.

E. Using shared data folders provides a central location for users to store and gain access to common files.

|18| 2. Application Folders

A. Overview

1. Application folders are used for applications that are installed on a network server and can be used from client computers.

2. The primary advantage of shared applications is that most components of the applications do not need to be installed and maintained on each computer.

3. Program files for applications can be stored on a server; configuration information for most network applications is often stored on each workstation.

4. The exact way in which application folders are shared depends upon the application, network environment, and organization.

|19| B. Considerations when sharing application folders

1. Create one shared folder for applications and organize all the applications under this folder; allows one location to be designated for installing and upgrading software

2. Assign the Administrators group the Full Control permission for the applications folder; allows management of application software and control of user permissions

3. Remove the Full Control permission from the Everyone group and assign Read permissions to the Users group; provides more security

4. Assign the Change Permissions permission to groups that are responsible for upgrading and troubleshooting application.

5. Create a separate shared folder outside the application folder hierarchy for any application needing different permissions, and then assign the appropriate permissions to that folder.

|20| 3. Data Folders

A. Overview

1. Data folders are used by users on a network to exchange public and working data.

2. Two types: working data folders and public data folders

3. When data folders are used, common data folders should be created and shared on a volume that is separate from the operating system and applications.

4. Data files should be backed up frequently, and with data folders on a separate volume, they can be backed up conveniently.

5. If the operating system requires reinstallation, the volume containing the data folder remains intact.

|21| B. Public data

|22| 1. Public data folders are used by larger groups of users who all need access to common data.

2. Centralized data folders are used so that data can be easily backed up.

3. The Change permission should be assigned to the Users group for the common data folder, thereby providing users with a central, publicly accessible location for storing data files they want to share with other users.

|23| C. Working data

1. Working data folders are used by members of a team who need access to shared files.

2. Full Control permission should be assigned to the Administrators group for a central data folder, which allows administrators to perform maintenance more easily.

3. Lower-level data folders below the central folder should be shared with the Change permission for the appropriate groups when restricted access to those folders is needed.

Note Because an administrator will always be able to take ownership of a file, the organization my find it necessary to encrypt files and folders to meet security requirements.

|24| Chapter 10, Lesson 3

Sharing Folders

|25| 1. Overview

A. Resources can be shared with others by sharing folders containing those resources.

B. The creator of the shared folder must be a member of one of several groups, depending on the role of the computer on which the shared folder resides.

C. Access to a shared folder is controlled by limiting the number of users who can simultaneously gain access to it or by assigning permissions to selected users and groups.

D. Folder sharing properties may be modified after the folder is created.

E. Users must first have appropriate permissions before making a connection to a shared folder.

|26| 2. Requirements for Sharing Folders

A. In a Windows 2000 domain

1. The Administrators and Server Operators groups can share folders residing on any machines in the domain

2. The Power Users group is a local group and can only share folders residing on the stand-alone server or computer running Windows 2000 Professional where the group is located

B. In a Windows 2000 workgroup

3. The Administrators and Power Users groups can share folders on the stand-alone server or the computer running Windows 2000 Professional on which the group exists

Note If the folder to be shared resides on an NTFS volume, users must also have at least the Read permission for that folder to be able to share it.

|27| 3. Administrative Shared Folders

A. Overview

1. Automatically shared folders are appended with a dollar sign ($).

2. The $ hides the shared folder from users who browse the computer.

3. The root of each volume, the system root folder, and the location of the printer drivers are all hidden shared folders that can be accessed from across the network.

4. Hidden shared folders are not limited to those that the system automatically creates.

5. Additional folders can be shared and a $ can be appended to the end of the share name.

6. Only users who know the folder name and possess proper permissions can gain access to the hidden folder.

|28| B. Windows 2000 administrative shared folders

1. C$, D$, E$, and so on

a. The root of each volume on a hard disk is automatically shared.

b. Connection to this administrative share allows access to the entire volume.

c. Administrative shares are used to remotely connect to the computer to perform administrative tasks.

d. Windows 2000 assigns the Full Control permission to the Administrators group.

e. Windows 2000 automatically shares CD-ROM drives and creates the share name by appending the $ to the CD-ROM drive letter.

2. Admin$

a. The system root folder, C:\Winnt by default, is shared as Admin$.

b. Administrators can gain access to this shared folder to administer Windows 2000 without knowing the folder in which it is installed.

c. Only members of the Administrators group have access to this share.

d. The Administrators group is assigned the Full Control permission.

3. Print$

a. When the first shared printer is installed, the systemroot\System32\Spool\Drivers folder is shared as Print$.

b. Print$ provides access to printer driver files for clients.

c. Only members of Administrators, Server Operators, and Print Operators groups have Full Control permission.

d. The Everyone group has Read permission.

|29| 4. Sharing a Folder

A. Overview

1. Assign a share name to the folder.

2. Provide comments to describe the folder and its content.

3. Limit the number of users who have access to the folder.

4. Assign permissions.

5. Share the same folder multiple times.

B. To share a folder

1. Right-click the folder that is to be shared, and then click Sharing

|30| 2. In the Sharing tab of the Properties dialog box, click Share This Folder

3. In the Share Name box, type the name that remote users use to make a connection to the shared folder

4. Optionally, type a description for the share name in the Comment box

Note The comment appears in addition to the share name when users at client computers browse the server for shared folders, and can be used to identify the contents of the shared folder.

5. In the User Limit area, enter the number of users who can concurrently connect to the shared folder

Note If Maximum Allowed is clicked as the user limit, Windows 2000 Professional supports up to a total of 10 connections for all shares, services, etc. Windows 2000 Server can support an unlimited number of connections, but the number of client access licenses purchased limits the connections.

6. Click OK

5. Assigning Shared Folder Permissions

A. Overview

1. Specify which users have access to the shared folder by assigning shared folder permissions to selected user accounts and groups.

B. To assign permissions to user accounts and groups for a shared folder

1. In the Sharing tab of the Properties dialog box for the shared folder, click Permissions

|31| 2. In the Permissions For dialog box for the shared folder, ensure that the Everyone group is selected and then click Remove

3. In the Permissions dialog box, click Add

|32| 4. In the Select Users, Computers, Or Groups dialog box, click the user accounts and groups to which permissions are to be assigned

5. Click Add to add the user account or group to the shared folder, or double-click on an object. Repeat this step for all user accounts and groups to which permissions are to be assigned

6. Click OK

7. In the Permissions dialog box for the shared folder, click the user account or group, and then, under Permissions, select the Allow or the Deny check box of the appropriate permissions for the user account or group

Note In the Select Users, Computers, Or Groups dialog box, use the Look In list to see other domains or the local computer from which the user account and group names can be selected for assigning permissions. Also, Active Directory can be searched for user accounts and groups by selecting Entire Directory from the Look In list.

|33| 6. Modifying Shared Folders

A. Overview

1. Sharing of a file can be stopped.

2. The share name can be added or removed.

3. Shared folder permissions can be modified.

B. To modify a shared folder

1. Click the Sharing tab in the Properties dialog box of the shared folder

2. Complete the appropriate task:

a. To stop sharing a folder: Click Do Not Share This Folder; a warning message appears if another user is connected to the share folder

b. To add a share name: Click New Share; this option only appears after the folder has been shared once

c. To remove a share name: Click Remove Share; this option only appears after the folder has been shared more than once

d. To modify shared folder permissions: Click Permissions. In the Permissions For dialog box, click Add or Remove; in the Select Users, Computers, Or Groups dialog box, click the user account or group whose permissions are to be modified

Note If sharing is stopped while a user has a file open, the user might loose data. If Do Not Share This Folder is clicked and a user has a connection to the shared folder, Windows 2000 displays a dialog box notifying that a user has a connection to the share.

7. Connecting to a Shared Folder

|34| A. Four methods

1. Map Network Drive Wizard

2. Add Network Place Wizard

3. Run command

4. My Network Places

B. To use the Map Network Drive Wizard

1. Right-click the My Network Places icon on the desktop, and then click Map Network Drive

|35| 2. In the Map Network Drive Wizard, click Folder, and then type a Universal Naming Convention (UNC) path to the folder (\\server_name\share_name)

3. Enter a drive letter for the shared folder in the Drive list

4. Select the Reconnect At Logon check box if you want to reconnect to the shared folder each time you log on

5. Click the link labeled Connect Using A Different User Name to connect to a shared folder with a different user account, and then enter the user name and password in the Connect As dialog box

C. To use the Add Network Place Wizard

1. Double-click the My Network Places icon

2. Double-click the Add Network Place icon

3. On the Welcome To The Add Network Place Wizard page, type the location of the shared folder in the Type The Location Of The Network Place box, and then click Next

4. On the Completing The Add Network Place Wizard page, type a name to use for the shared folder in the Enter A Name For This Network Place box, and then click Finish

5. Connect to the shared folder by double-clicking the folder in My Network Places

D. To use the Run command

1. Click start, click Run, type \\computer_name in the Open box, and then click OK

2. On the windows containing the shared folder for the computer, double-click the shared folder to which to connect

E. To use My Network Places

1. Double-click the My Network Places icon

2. Locate the computer on which the shared folder is located

3. Double-click the shared folder to connect to

|36| Chapter 10, Lesson 4

|37| Combining Shared Folder Permissions and NTFS Permissions

|38| 1. Overview

A. Sharing folders provides network users with access to resources.

B. If a FAT volume is being used, the shared folder permissions are all that is available to provide security for the folders shared and the subfolders and files they contain.

C. If an NTFS volume is being used, NTFS permissions can be assigned to individual users and groups to better control access to the files and subfolders in the shared folders.

D. When shared folder permissions are combined with NTFS permissions, the more restrictive permission is always the overriding permission.

|39| 2. Strategies for Combining Shared Folder Permissions and NTFS Permissions

A. Overview

1. Access to resources on an NTFS volume can be provided by sharing folders with the default shared folder permissions and then controlling access by assigning NTFS permissions.

2. When a folder is shared on an NTFS volume, both shared folder permissions and NTFS permissions combine to secure file resources.

3. Shared folder permissions provide limited security for resources.

4. Using NTFS permissions provides the greatest flexibility to control access to shared folders.

5. NTFS permissions apply whether the resource is accessed locally or over the network.

|40| B. Rules

|41| 1. NTFS permissions can be applied to files and subfolders in the shared folder.

2. Different NTFS permissions can be applied to each file and subfolder that a shared folder contains.

3. Users must have access to both shared folder permissions and NTFS permissions to gain access to those files and subfolders.

3. When shared folder permissions are combined with NTFS permissions, the more restrictive permission is always the overriding permission.

Note Using shared folder permissions on an NTFS volume is in direct contrast to using shared folder permissions on a FAT volume, where permissions for a shared folder are the only permissions protecting files and subfolders in the shared folder.

|30|30|

|42| Chapter 10, Lesson 5

Configuring Dfs to Gain Access to Network Resources

1. Overview

A. Dfs provides users with convenient access to shared folders that are distributed throughout a network.

B. A single Dfs shared folder serves as an access point to other shared folders in the network.

|43| 2. Understanding Dfs

|44| A. Overview

1. Enables system administrators to make it easy for users to access and manage files that are physically distributed across a network

2. Makes files distributed across multiple servers appear to users as if they reside in one place on the network

3. Organizes shared folders that can reside on different computers

4. Provides users with easy navigation to shared folders on different computers

5. Enables users to gain access to a network resource without knowing its location on the network

6. Facilitates administering multiple shared folders

|45| B. Dfs functions

1. Organizes resources in a hierarchy

a. Dfs uses a hierarchy of server shares called a Dfs share.

b. To create a Dfs share, a container for files and Dfs links, called a Dfs root, first must be created.

c. Each Dfs root can have multiple links beneath it, each of which points to a shared folder.

d. The links of the Dfs root represent shared folders that can be physically located on different file servers.

2. Facilitates network navigation

a. A user who navigates a Dfs-managed shared folder does not need to know the name of the server on which the folder is shared.

b. Network access is simplified, because users no longer need to locate the network server on which a specific resource is located.

c. Users can browse and gain access to all resources below the root, regardless of the location of the server on which the resource is located.

3. Facilitates network administration

a. If a server fails, a link from one server can be moved to another without users being aware of the change.

b. To move a link, the Dfs folder simply has to be modified to refer to the new server location of the shared folders.

c. Users continue to use the same Dfs path for the link.

4. Preserves network permissions

a. User can gain access to a shared folder through Dfs as long as the user has the required permission to gain access to the shared folder.

c. If further restrictions are necessary, NTFS permissions can be set.

Note Only client computers with Dfs client software can gain access to Dfs resources. Computers running Windows NT 4.0 and later or Windows 98 include a Dfs client. A Dfs client for Windows 95 must be downloaded and installed.

|46| C. Types of Dfs Roots

1. Domain

a. Stores the Dfs topology in Active Directory

b. Allows links to point to multiple identical shared folders for fault tolerance

d. Supports DNS, multiple-level Dfs links, and file replication

Note Domain-based Dfs requires that Active Directory be running.

2. Stand-alone

a. Stores the Dfs topology on a single computer, not in Active Directory

b. Provides no-fault tolerance if the computer that stores the Dfs topology or any of the shared folders that Dfs uses fails

c. Supports only one level of Dfs links

|47| 3. Reasons for Using Dfs

A. Users who access shared folders are distributed across a site or sites.

B. Most users require access to multiple shared folders.

C. Server load balancing may be improved by redistributing shared folders.

D. Users require uninterrupted access to shared folders.

E. The organization has Web sites for either internal or external use.

|48| 4. Dfs Topology

A. Overview

1. To users, a Dfs topology provides a unified and transparent access to the network resources they need.

2. To system administrators, a Dfs topology is a single DNS namespace.

3. The Dfs topology is automatically published to Active Directory by default.

|49| B. Components

1. Dfs root

2. One or more Dfs links

3. One or more Dfs shared folders, also known as replicas, to which each Dfs link points

|50| C. Domain-based Dfs

1. The domain server on which a Dfs root resides is known as a host server.

2. A Dfs root can be replicated by creating roots on other servers in the domain.

3. Dfs root replication provides file availability if the host server becomes unavailable.

4. DNS names for the Dfs roots resolve to the host servers for the Dfs root.

5. The host server is a member server within a domain.

|51| D. Benefits

1. Provides synchronization of Dfs topologies across host servers

2. Provides fault tolerance for the Dfs root

3. Supports optional replication of Dfs shared folders

|52| 5. Creating a Dfs

A. Create a Dfs root

B. Create a Dfs link

C. Add Dfs shared folders (optional)

D. Set replication policy

6. Creating a Dfs Root

A. Overview

1. A Dfs root can be created on Windows 2000 FAT or NTFS partitions.

2. The FAT file system does not offer the security advantages of NTFS.

3. When setting up a Dfs root, establish either a domain or a stand-alone Dfs root.

B. To create a Dfs root

1. Click Start, point to Programs, point to Administrative Tools, and then click Distributed File System

2. In the Action menu, click New Dfs Root to start the New Dfs Root Wizard

3. Options on the New Dfs Root Wizard:

a. Select The Dfs Root Type: Specifies either a domain or stand-alone Dfs root

b. Specify The Host Domain For The Dfs Root (domain DFS root type only): Specifies the host domain for the domain Dfs root

c. Specify The Host Server For The Dfs Root: Specifies the initial connection point for all resources in the Dfs tree or the host server; can be created on any computer running Windows 2000 Server

d. Specify The Dfs Root Share: Specifies a shared folder to host the Dfs root; this can be an existing shared folder or a newly created share

e. Name The Dfs Root: Specifies a descriptive name for the Dfs root

|53| 7. Creating a Dfs Link

A. Overview

1. In a network environment, keeping track of the physical locations of shared resources might be difficult for users.

2. The network and file system structures become transparent to users when Dfs is used.

3. Transparency enables the administrator to centralize and optimize access to resources based on a single tree structure.

4. Users can browse the links under a Dfs root without knowing where the referenced resources are physically located.

5. The maximum number of Dfs links that can be assigned to a Dfs root is 1,000.

B. To create a Dfs link

1. Click Start, point to Programs, point to Administrative Tools, and then click Distributed File System

2. Click the Dfs root to which a Dfs link will be attached. In the Action menu, click New Dfs Link

|54| 3. In the Create A New Dfs Link dialog box, in the Link Name box, type a name that users will see when they connect to Dfs

4. In the Send The User To This Shared Folder box, type or browse for the UNC name for the actual location of the shared folder to which the link refers

5. In the Comment box, type optional additional information to help keep track of the shared folder

6. In the Clients Cache This Referral For X Seconds box, enter the length of time for which clients cache a referral to a Dfs link

Note After the referral time expires, a client queries the Dfs server about the location of the link, even if the client has previously established a connection with the link.

|45|45|

7. Click OK; the link appears below the Dfs root volume in the Distributed File System console

|55| 8. Adding a Dfs Shared Folder

A. Overview

1. For each Dfs link, a set of Dfs shared folders is created to which the Dfs link points.

2. Within a set of Dfs shared folders, the first folder is added to the set when the Dfs link is created, using the Distributed File System console.

3. Subsequent folders are added using the console’s Add A New Replica dialog box.

4. The maximum number of Dfs shared folders allowed in a set of shared folders is 32.

5. When Dfs shared folders are added, folders can be chosen to participate in replication.

6. If folders are set to participate in replication, the replication policy for the shared folders must be set.

B. To add a Dfs shared folder

1. Click Start, point to Programs, point to Administrative Tools, and then click Distributed File System

2. In the Dfs console tree, right-click the Dfs link to which a shared folder is to be assigned, and then click New Replica

|56| 3. In the Add A New Replica dialog box, enter or browse for the name of the new shared folder in the Send The User To This Shared Folder box

4. In the Replication Policy box

a. Click Manual Replication to prevent the files located in the folder from participating in replication

c. Click Automatic Replication to cause the files located in the folder to participate in replication

Note Automatic replication is not available for stand-alone distributed file systems and can be used only for files stored on NTFS volumes on Windows 2000 servers.

c. Click OK

|57| 9. Setting Replication Policy

A. Overview

1. Replicating the contents of folders to other roots or Dfs shared folders in the domain ensures that the folders’ contents are always available to users.

2. Both Dfs roots and Dfs shared folders can be replicated.

3. Replication copies the content of one Dfs root to another, or from one Dfs shared folder to another Dfs shared folder.

B. Replicating a Dfs root

1. Replicating a Dfs root ensures that if the host server becomes unavailable for any reason, the Dfs associated with that Dfs root is still available to domain users.

2. To replicate a Dfs root

a. Click Start, point to Programs, point to Administrative Tools, and then click Distributed File System

b. In the Dfs console tree, right-click the existing Dfs root that is to be replicated, and select New Root Replica

c. Follow the New Dfs Root Wizard, which guides the process of replicating the Dfs root

C. Setting replication policy for Dfs shared folders

1. Overview

a. When replicating a Dfs shared folder, Dfs stores a duplicate copy of the contents of the original shared folder in another shared folder.

b. Replicating a Dfs shared folder is a two-step process:

(1) Add the Dfs shared folder to a Dfs link, specifying that the folder will participate in replication

(2) Set the replication policy for the set of Dfs shared folders associated with that link

c. Replication of Dfs shared folders can be done either manually or automatically.

d. Automatic and manual replication should not be mixed within a set of Dfs shared folders.

e. Using one method of replication exclusively ensures that the contents of the Dfs shared folders remain synchronized.

2. Automatic Replication

a. For domain Dfs roots only, Dfs can be enabled to automatically replicate the contents of a Dfs shared folder to other folders in the Dfs shared folders set.

b. Automatic replication keeps the content of the Dfs shared folders synchronized as changes to one or more of the Dfs shared folders occurs.

c. Automatic replication is not available for stand-alone Dfs and can be used only for files stored on NTFS volumes on Windows 2000 servers.

d. Other types of files, such as FAT files, must be replicated manually.

e. Although invisible to users and administrators, Dfs uses the File Replication Service (FRS) to perform this function.

Note By default, FRS is not enabled for Dfs replica sets.

f. Within a set of Dfs folders, FRS manages updates across any folders that are targeted for replication.

g. FRS synchronizes the contents of the Dfs shared folders at 15-minute intervals.

h. When setting the replication policy, one of the Dfs shared folders should be selected as the initial master, which then replicates its contents to the other Dfs shared folders in the Dfs shared folders set.

Note For domain Dfs, if you do not enable FRS management of DFS shared folders, you must maintain the same content in all of the Dfs shared folders manually.

D. To set replication policy for shared folders

1. Click Start, point to Programs, point to Administrative Tools, and then click Distributed File System

2. In the Dfs console tree, right-click the Dfs link containing the shared folders for which to set a replication policy, and select Replication Policy

|58| 3. In the Replication Policy dialog box, click a Dfs shared folder to be used as the master folder for replication, and then click Set Master

4. Click each shared folder in the list and click enable, and then click OK