Chapter two:2

Account and security Administration and Access control (DAC, AC)

Account and Security Administration are two different concepts.

Account Administration refers to the management of user accounts,
including the creation, modification, and deletion of user accounts. It
also involves the assignment of permissions and access rights to users
based on their roles and responsibilities.
Security Administration is the process of managing and maintaining the
security of an organization’s information systems. This includes the
implementation of security policies, procedures, and controls to protect
the confidentiality, integrity, and availability of information.
Access Control is the process of granting or denying specific requests to
access resources based on the identity of the user or system making the
request.
There are different types of access control models, such as
A. Mandatory Access Control (MAC),
B. Discretionary Access Control (DAC),
C. Role-Based Access Control (RBAC),
D. Privileged Access Management (PAM).
Discretionary Access Control (DAC) is an access control model that
allows the owner of a resource to determine who may access that
resource and what level of access they are allowed 2.
1
Page
 Role-Based Access Control (RBAC) is an access control model that
assigns permissions to users based on their roles and responsibilities
within an organization
Regarding your second question, User Profiles are a collection of
settings that define the working environment of a user on a computer.
There are three types of user profiles: Local, Roaming, and Mandatory .

 Local User Profiles are stored on the computer’s hard disk and are
available only to the user who created them.
 Roaming User Profiles are stored on a server and are available to
the user from any computer on the network.
 Mandatory User Profiles are a special type of roaming user profile
that has been pre-configured by an administrator to specify settings
for users. Settings commonly defined in a mandatory profile
include (but aren’t limited to) icons that appear on the desktop,
desktop backgrounds, user preferences in Control Panel, printer
selections, and more. Configuration changes made during a user’s
session that are normally saved to a roaming user profile aren’t
saved when a mandatory user profile is assigned. Mandatory user
profiles are useful when standardization is important, such as on a
kiosk device or in educational settings. Only system administrators
can make changes to mandatory user profiles .
2
Page

2.1 ACCOUNT and SECURITY ADMINSTRATION

  Account and Security Administration are two different concepts.
 Account Administration refers to the management of user
accounts, including the creation, modification, and deletion of user
accounts.
 It also involves the assignment of permissions and access rights to
users based on their roles and responsibilities.
 Security Administration is the process of managing and
maintaining the security of an organization’s information systems.
This includes the implementation of security policies, procedures,
and controls to protect the confidentiality, integrity, and
availability of information.
2.2.1 User and group concept and User Privat group schema

In computing, a user is an account that identifies a person or

process that interacts with a computer system.

A group is a collection of users who share the same

permissions and access rights to files and directories.

While users can be either people (meaning accounts tied to

physical users) or accounts that exist for specific applications to
use, groups are logical expressions of organization, tying users
together for a common purpose. Users within a group share the
3
Page
 same permissions to read, write, or execute files owned by that
group.

Each user is associated with a unique numerical identification

number called a user ID (UID).

Likewise, each group is associated with a group ID (GID).

A user who creates a file is also the owner and group owner of
that file. The file is assigned separate read, write, and execute
permissions for the owner, the group, and everyone else.

 The file owner can be changed only by root, and access

permissions can be changed by both the root user and file
owner.

A user private group is created whenever a new user is added to

the system. It has the same name as the user for which it was
created and that user is the only member of the user private
group.

User private groups make it safe to set default permissions for a

newly created file or directory, allowing both the user and the
group of that user to make modifications to the file or directory.
4
Page
 The setting which determines what permissions are applied to a
newly created file or directory is called a umask and is
configured in the /etc/bashrc file.

Traditionally on UNIX-based systems, the umask is set to 022,

which allows only the user who created the file or directory to
make modifications.

Under this scheme, all other users, including members of the

creator’s group, are not allowed to make any modifications.
However, under the UPG scheme, this "group protection" is not

necessary since every user has their own private

group. Section “Setting Default Permissions for New Files Using
umask” for more information.

A list of all groups is stored in the /etc/group configuration file.

Shadow Passwords

In environments with multiple users, it is very important to use

shadow passwords provided by the shadow-utils package to
enhance the security of system authentication files. For this
reason, the installation program enables shadow passwords by
5

default.
Page
 The following is a list of the advantages shadow passwords have
over the traditional way of storing passwords on UNIX-based
systems

Shadow passwords improve system security by moving

encrypted password hashes from the world-readable /etc/passwd
file to /etc/shadow, which is readable only by the root user.

Shadow passwords store information about password aging.

Shadow passwords allow to enforce some of the security

policies set in the /etc/login.defs file.

Most utilities provided by the shadow-utils package work

properly whether or not shadow passwords are enabled.
However, since password aging information is stored
exclusively in the /etc/shadow file, some utilities and commands
do not work without first enabling shadow passwords:

The chage utility for setting password aging parameters. For

details, see the Password Security Section in the Red Hat
Enterprise Linux 7 Security Guide.
6
Page

The gpasswd utility for administrating the /etc/group file.

 The usermod command with the -e, --expiredate or -f, --inactive option.

The useradd command with the -e, --expiredate or -f, --inactive option.

2.1.3 password Aging and Default user file

To configure password aging and expiry policy for Linux users,

you can use the chage command. This command allows you to
set a user account to expire after a certain number of days, force
a password change on the first login, and force a password change
every X number of days.

The default values for password aging controls can be found and
configured in the file cat /etc/login.defs.

PASS_MAX_DAYS defaults to 99999, which is used to indicate

that passwords should not automatically
EXPIREPASS_MIN_DAYS defaults to 0, which means that
users can change their password as often as they like.

Grep zewdu /etc/shadow

2.2 managing files and folder permission

For many users of Linux, getting used to file permissions and
ownership can be a bit of a challenge. It is commonly assumed,
7
Page

to get into this level of usage, the command line is a must.

 Although there is always far more power and flexibility to be
had, running seemingly complicated command isn’t always a
necessity. With the help of some of the most user-friendly
desktop interfaces available, you can get away with little to no
command line usage. Even with file permission and ownership.

That’s right, much to the surprise of many a new user, managing

files and folders can be done from within the file managers. But
before we get to the GUI, it’s always best to have a solid
understanding of what it’s doing. So, we’ll start with the
command line first.

Command line: File permissions

The commands for modifying file permissions and ownership

are:

chmod – change permissions

chown – change ownership.

Neither command is difficult to use. It is important, however,

that you understand the only user that can actually modify the
permissions or ownership of a file is either the current owner or
8

the root user. So, if you are user Zewdu, you cannot make
Page
 changes to files and folders owned by Abay without the help of
root (or sudo).

For example:

A new folder was created on a data partition called /lab/first .

Both users Zewdu and Abay need read and write access to this
folder.

There are a number of ways this can be done (one of which

would be to join the users to a special group – we’ll go over
managing groups in another post). If Zewdu and Abay are the
only users on the system (and you know your network is safe –
very important), you can change the permissions of the folder to
give them access. One way to do this would be to issue the
command:

sudo chmod -R ugo+rw /lab/first

The breakdown of the above command looks like:

sudo – this is used to gain admin rights for the command on any
system that makes use of sudo (otherwise you’d have to ‘su’ to root
and run the above command without ‘sudo’)
9
Page

chmod – the command to modify permissions

 -R – this modifies the permission of the parent folder and the
child objects within ugo+rw – this gives User, Group, and
Other read and write access.

As you can probably surmise, this command opens wide the

SHARE folder such that anyone on the system can have access
to that folder. As I mentioned earlier, a more secure method
would be to use groups. But we’re just using this for the purpose
of demonstration.

The breakdown of permissions looks like this:

u – user

g – group

o – other

The ‘other’ entry is the dangerous one, as it effectively gives

everyone permission for the folder/file. The permissions you can
give to a file or folder are:

r – read

w – write
10

x – execute
Page
 Using the -R switch is important. If you have a number of sub-
folders and files within the SHARE directory, and you want the
permissions to apply from the parent object (the containing
folder) to the child objects (the sub-folders and files), you must
use the -R (recursive) switch so the same permissions are
applied all the way to the deepest folder, contained within the
parent.

Command line: File ownership

Changing the ownership of a file or folder is equally as simple.
Say Jacob moved a folder for Bethany into the SHARE directory
– but Jacob still has ownership. This can be changed with a
simple command:

sudo chown -R Zewdu /lab/first

Let’s break this down.

sudo – admin rights must be used since we are dealing with a folder that belongs to another user

chown – the command for changing ownership

-R – the recursive switch to make sure all child objects get the same ownership changes
11

Zewdu – the new owner of the folder

Page
 /lab/first – the directory to be modified could Zewdu send the
folder back to Abay, the ownership would need to again be
changed (again, this will be simplified with the use of groups).

Basics of Linux File Permissions

All file system objects on Unix-like systems have three main

types of permissions: read, write, and execute access.
Permissions are bestowed upon three possible classes: the
owner, the group, and all other system users.

To view the file permissions of a set of files, use:

ls -lha

In the first column of the output, there are 10 characters that

represent the permission bits. To understand why they are called
permission bits, see the section on octal notation below.
drwxr-xr-x 2 owner group 4.0K 2009-08-13 10:16 docs

-rw-r--r-- 1 owner group 8.1K 2009-07-09 16:23 roster.py

lrwxrwxrwx 2 owner group 4.0K 2009-08-13 10:16 team.docs

12

A way to understand the meaning of this column is to divide the

Page

bits into groups:

 File Type User Group Global

d Directory rwx r-x r-x

- Regular file rw- r-- r--

l Symbolic Link rwx rwx rwx

The first character represents the type of file.

The remaining nine bits in groups of three represent the

permissions for the user, group, and global respectively. Each
stands for:

r: Read

w: Write

x: eXecute

Note

Access to files targeted by symbolic links is controlled by the

permissions of the targeted file, not the permissions of the link
13
Page
 object. There are additional file permissions that control other
aspects of access to files.

How to Use chmod

In this guide, chmod refers to recent versions of chmod such as

those provided by the GNU project. By default, chmod is
included with all images provided by Akamai, and as part of the
base selection of packages in nearly all Linux distributions.

Changing File Permissions with chmod

To change the file permissions using chmod, run chmod

PERMISSION DIRECTORY_OR_FILENAME, swapping in
the desired file permissions and the directory or file. The owner
can change file permissions for any user, group, or others by
adding - to remove or + to add certain permissions.

These permissions are categorized into read, write, or

executable.

The next few sections dive deep into chmod syntax.

14

Using Symbolic Notation Syntax with chmod

Page
 The format of a chmod command is:

chmod WHO [+, -, =] PERMISSIONS FILENAME

Consider the following chmod command:

chmod g+w ~/example.txt

These grants write permissions to all members of the usergroup

that owns the ~/example.txt file. Other possible options to
change permissions of targeted users are:

Who (Letter) Meaning

u user o others

g group a all

The + operator grants permissions whereas the - operator takes

away permissions. Copying permissions is also possible using
the = operator, for example:

chmod g=u ~/example.txt

The parameter g=u grants the group the same permissions as the user.

Multiple permissions can be specified by separating them with a

comma, as in the following example:
15
Page

chmod g+w,o-rw,a+x ~/example-files/

 This adds write permissions to the group members, and removes
read and write permissions from the “other” users of the system.
Finally the a+x adds the execute permissions to all categories.
This value may also be specified as +x. If no category is
specified, the permission is added or subtracted to all permission
categories. In the following example, all categories are given
write permissions with +w:

chmod -R +w,g=rw,o-rw, ~/example-files/

The -R option applies the modification to the permissions

recursively to the specified directory and to all of its contents.

Using Octal Notation Syntax with chmod

Another method for setting permissions is through octal notation.

Here is example of a file permission that is equivalent to chmod

u=rwx,g=rx,o=:

chmod 750 ~/example.txt

The permissions for this file are - rwx r-x ---.

Disregarding the first bit, each bit that is occupied with a - can
16

be replaced with a 0 while r, w, or x is represented by a 1.

Page
 The resulting conversion is:

111 101 000

This is called octal notation because the binary numbers are

converted to base-8 by using the digits 0 to 7:

Binary Octal Permission

000 0 —
001 1 –x
010 2 -w-
011 3 -wx
100 4 r–
101 5 r-x
110 6 rw-
111 7 rwx
Each digit is independent of the other two. Therefore, 750 means
the current user can read, write, and execute, the group cannot
write, and others cannot read, write, or execute.

744 is a typical default permission. It allows read, write, and

17

execute permissions for the owner, read permissions for the

Page

group, and read permissions for “other” users.

 Either notation is equivalent, and you may choose to use
whichever form more clearly expresses your permissions needs.
Examples of Common Permissions with chmod chmod 600 (rw-------)

600 permissions means that only the owner of the file has full
read and write access to it. Once a file permission is set to 600,
no one else can access the file. Below are example chmod
commands in octal and symbolic notions that set permissions to
600:

chmod 600 example.txt

chmod u=rw,g=,o= example.txt

chmod a+rwx,u-x,g-rwx,o-rwx example.txt

chmod 664 (rw-rw-r--)

664 (rw-rw-r--) enables read and write for the owner, read and
write for the group, and read for others. If you trust other users
within the same group and everyone needs write access to the
files, this is a common setting to use. Below are example chmod
commands in octal and symbolic notions that set permissions to 664:
18

chmod 664 example.txt

Page

chmod u=rw,g=rw,o=r example.txt

 chmod a+rwx,u-x,g-x,o-wx example.txt

chmod 777 (rwxrwxrwx)

chmod 777 is used to grant permissions to everyone to read, write, and

execute. While using these permissions can quickly overcome a
permissions-based error, it is not best practice for securing most files and
applications.
Below are example chmod commands in octal and symbolic notions that set permissions to 777:

chmod 777 example.txt

chmod u=rwx,g=rwx,o=rwx example.txt

chmod a=rwx example.txt

Making a File Executable

The following example changes the file permissions so that any

user can execute the ~/example.py file:

chmod +x ~/example.py

Restore Default File Permissions

The default permissions for files on a Unix system are often 600
or 644. Permissions of 600 give the owner full read and write
19

access to the file, but no other user can access it. Alternatively,
Page
 644 grants the owner read and write access, while the group
members and other system users only have read access.

Issue one of the following chmod commands to reset the

permissions back to one of the likely defaults:

chmod 600 ~/example.txt

chmod 644 ~/example.txt

For executable files, the equivalent settings would be 700 and

755 which correspond to 600 and 644 except with execution
permission.

Use one of the following examples to achieve these default

executable permissions:

chmod 700 ~/example.py

chmod 755 ~/example.py

Removing File Permissions with chmod

In order to remove global read and write permissions given to a

file, use the following syntax:

chmod o-rw example.txt

20
Page
 Run the following chmod command to remove read and write
permissions for the group:

chmod g-rx example.txt

Use the following chmod command to remove read and write

permissions from the group, while adding read and write
permission for other users:

chmod g-rx, o+rx example.txt

Alternatively, if you wish to remove all permissions for group

and others, do so using go=:

chmod go= example.txt

Restrict File Access: Remove all Group and Other Permissions

There are a number of cases where administrators and users

should restrict access to files, particularly files that contain
passwords and other sensitive information. The configuration
files for msmtp and Fetchmail (~/.msmtprc and ~/.fetchmailrc)
are two common examples.

You can remove all access to these files with commands in one
21

of the following forms:

Page
 chmod 600 .msmtprc

chmod g-rwx,o-rwx .fetchmail

Understanding Linux Directory Permissions

While directory permissions within Linux are similar to file

permissions, there are a few key differences regarding how these
permissions affect user operations:

Read (r): User can list the items in a directory, such as when
using the ls command.

Write (w): User can add, delete, or rename files in a directory,

provided the user also has execute permissions.

Execute (x): User can navigate to the directory, such as when

using the cd command.

To view permissions of all files and directories within the

working directory, run the following command:

ls -la
22
Page
 The output should be similar to the snippet below:

total 12

drwxr-xr-x 3 user group 4096 Apr 16 12:34 .

drwxr-xr-x 4 user group 4096 Apr 16 12:33 ..

drwxr-xr-x 2 user group 4096 Apr 16 12:34

example-directory

-rw-r--r-- 1 user group 0 Apr 16 12:34 file1.txt

Directories are differentiated from files by the first bit within the
permissions. As covered previously,

d stands for directory and

- denotes the item is a file.

Permissions on an individual directory can also be viewed using

the following command syntax:

ls -dl EXAMPLE_DIRECTORY
23
Page

How To Change Directory Permissions using chmod

 Directory permissions can be adjusted using the same chmod
commands as previously outlined for modifying file
permissions.

The following example changes permissions on an example

directory to 755:

chmod 755 /example-directory/

In many cases, the permissions should also be changed

recursively on all files and subdirectories. This can be done
through chmod by using the -R option. Run the following
command to change all permissions for files within a directory
to 644:

sudo chmod -R 644 /var/www/html/

How to set permissions for the webserver directory

Issues with /var/www permissions

Manage File Permission with Users and Groups

GUI: File permissions

24

I’m going to demonstrate changing file permissions using the

Page

Linux file manager on an Ubuntu 13.10 system.

 Let’s say you need to allow everyone to gain read/write
permissions to the folder TEST. To do this, within the Linux file
manager, follow these steps:

1. Open Linux
2. Navigate to the target file or folder
3. Right click the file or folder
4. Select Properties
5. Click on the Permissions tab
6. Click on the Access files in the Others section
7. Select “Create and delete files”
8. Click Change Permissions for Enclosed Files
9. In the resulting window, Select Read and Write under Files
and Create and delete files under Folders (Figure A)
10. Click Change
11. Click Close.
25
Page
 The trick comes when you need to change the permissions of a
folder which does not belong to you. It can be done, but Linux
must be started with admin access. To do this, follow these
steps:

1. Open up a terminal window

2. Issue the command sudo -i
3. Issue the command Linux

The sudo -i command gives you persistent access to sudo, until

you enter the exit command to remove that access. Once Linux
is open, you can change the permissions of the folder or file as
described above – even if you are not the owner of the folder or
file.

NOTE: If you’re using a distribution that doesn’t use sudo, alter

the above instructions to:
26

1. Open up a terminal window

Page

2. Issue the command su

 3. Type your root password and hit Enter
4. Issue the command Linux.

After you’ve completed the task, close the Linux window and
then the terminal window.

GUI: Change ownership

Changing the ownership of a file or folder will most often

require the use of admin rights. So for this, you’ll need to start
Linux in the method described above.

For changing ownership of a folder or file through Linux, do the

following:

1. In the linux window (opened with admin rights), locate the

folder or file in question
2. Right click the folder (or file)
3. Click on the Permissions tab
4. Select the new owner from the Owner drop-down (below)
5. Click Close.
27
Page
 That’s all there is to it. At this point you shouldn’t have any
problems changing permissions or ownership for a file or folder
with either the command line or the GUI. The use of groups will
empower you to alter permission and ownership with more
power and security – we’ll cover that soon. Until then, enjoy
modifying your files and folders!

2.2.1 Managing file ownership

In Linux, file ownership is a way to control who can access files

and directories. Every file and directory in Linux has three kinds
of owners: user, group, and others.

To change the ownership of a file or directory, you can use the

chown command.
28

The command takes two arguments: the new owner and the file
Page

or directory to be changed.
 For example, to change the owner of a file named file.txt to a
user named newuser, you would use the following command:
sudo chown newuser file.txt.

2.2.2. Controlling Access to file

In Linux, file permissions are used to control who can access

files and directories. There are three types of permissions: read,
write, and execute. Each permission can be assigned to three
different groups: owner, group, and others .

To change the permissions of a file or directory, you can use the

chmod command. The command takes a three-digit number as
an argument, where each digit represents the permissions for the
owner, group, and others, respectively. The digits are calculated
by adding the values of the desired permissions:

4 for read,

2 for write,

1 for execute.

For example,
29

chmod 755 file.txt would give the owner read, write, and execute permissions,
Page

while the group and others would have only read and execute permissions.
 To change the ownership of a file or directory, you can use the
chown command.

The command takes two arguments: the new owner and the file
or directory to be changed.

For example, to change the owner of a file named file.txt to a

user named newuser, you would use the following command:
sudo chown newuser file.txt

2.2.3. Managing Disk quotes

In Linux, a disk quota is a mechanism that allows system administrators

to limit the amount of disk space that users or groups can utilize on a
filesystem. This feature is particularly useful in scenarios where
resources are shared among multiple users, such as in web hosting
environments or corporate networks.
Here are the key points about disk quotas in Linux:
Usage Quota (Block Quota): This type of quota restricts the amount
of disk space a user or group can consume.
It ensures that no particular user monopolizes an excessive amount of
storage, preventing interruptions to other processes and users on the
system.
Inode Quota (File Quota): Inode quotas limit the number of files a
user can create. Each file in Linux consumes a single inode, so these
30

limits effectively control the total number of files a user may own.
Page

To implement disk quotas on a Linux system, follow these steps:

 Install Disk Quota Package:
On Ubuntu, Debian, and Linux Mint:
$ sudo apt install quota
On Fedora, CentOS, Alma Linux, and Red Hat:
$ sudo dnf install disk quota
On Arch Linux and Manjaro:
$ sudo pacman -S quota-tools
Enable Disk Quotas for a Storage Partition:
Edit the /etc/fstab file using a text editor with root privileges (e.g., nano):
$ sudo nano /etc/fstab
Add the usrquota option to the line corresponding to your storage
partition. If you want to enable quotas for groups as well, include the
grpquota option. For example:
/dev/sda1 /home ext4 defaults, usrquota, grpquota.
Save the file and exit.
Apply Quotas:
Run the following command to enable quotas on the filesystem:
$ sudo quotacheck -cug /home
Set quota limits for users or groups using the edquota command:
$ sudo edquota username
View Quota Reports:
31

To check quotas, use the quota command:

Page

$ quota -u username
 Remember that disk quotas ensure fair allocation of disk space among
users and prevent unexpected storage shortages. They are a powerful
tool for maintaining system stability and resource management

What is Managing Disk quotes

Disk quotas are a useful feature in Windows that allow you to control and
manage the amount of storage space users can utilize on a shared computer.
By setting quotas, you can prevent a single person from monopolizing the hard
drive space and leaving no room for others. Here are the key points about disk
quotas:
1. Availability: Disk quotas are available on volumes formatted using NTFS.
While commonly used in corporate networks, they can be configured on any
device, including Windows 10 Home.
2. Configuration: Quotas need to be set up per volume, not per computer. You
can configure them for individual users, but not for groups of users.
3. Scanning Frequency: Quota scans the volume approximately every hour to
update storage usage for each user. Existing files won’t initially have quotas,
but new users will start with their expected limits.
4. Considerations:
o Choose the Right Volume: Implement quotas on secondary
partitions or external drives whenever possible. Using the system
drive (usually C:) can be messy, as system files count toward the
quota limit.
o System and Account Files: When using the C: drive, system files and
other files owned by the account contribute to the quota limit.
Now, let’s walk through how to set up quotas:
Set Up Quota Per Volume on Windows 10:
32

1. Open File Explorer (press Windows key + E).

Page

2. Click on This PC.

 3. Under Devices and drives, right-click the drive you want to limit and
select Properties.
4. Go to the Quota tab.
5. Click the Show Quota Settings button.
6. Check the following options:
o Enable quota management
o Deny disk space to users exceeding quota limit
7. Select the Limit disk space to option and specify the desired amount of
space (e.g., megabytes or gigabytes).
8. Set the warning threshold (amount of space before a warning is triggered)
for users.
Set Up Quota Per Account on Windows 11:
1. Scroll to the “Devices and drives” section in File Explorer.
2. Right-click the disk you want to limit and select Properties.
3. Head to the Quota tab.
4. Click Show Quota Settings.
5. Check Enable quota management.
6. Also, check Deny disk space to users exceeding quota limit12.
Remember, disk quotas help maintain fair resource allocation and prevent storage
shortages on shared systems!

what Managing Disk quotes

Disk quotas are a means of controlling the storage space available to Windows
users. They allow administrators to set limits on how much disk space each user
account can utilize. Here are the key points about disk quotas:
1. Purpose: Disk quotas ensure that no single user monopolizes the available
33

storage on a specific drive or partition. When a user exceeds their quota,

they can no longer add new data to the disk.
Page
 2. Enforcing Limits: Administrators can enforce quota limits to prevent users
from exceeding their allocated space. Additionally, warning levels can be set
to notify users when they approach their quota limit.
3. NTFS File System: Disk quotas can be set up on drives or partitions
formatted using the NTFS file system. They are not applicable to volumes
formatted with FAT32 or exFAT.
4. Administrative Privileges: Only users with administrative privileges can
set disk quotas. Standard users do not have this capability.
5. Individual Configuration: Quotas must be set individually for each drive or
partition. If your computer has multiple drives, you need to configure quotas
for each one separately.
Now, let’s explore how to use disk quotas to limit the storage space for each user
account:
Step 1: Turn On Disk Quota Management
1. Open File Explorer (Windows 10 or 8.1) or Windows Explorer (Windows
7).
2. Navigate to This PC (Windows 10 or 8.1) or Computer (Windows 7).
3. Right-click the disk for which you want to set quota limits and
choose Properties.
4. In the drive’s Properties, go to the Quota tab.
5. Click the Show Quota Settings button.
Step 2: Set Quota Limits
 In the Quota Settings window, configure the settings to enforce quota limits
for each user account on your Windows computer.
Step 3: Log Quota Events
 Optionally, you can log disk quota events when users exceed their quota
limits or warning levels.
34

Step 4: Apply the Quota Settings

Page

 Save your changes and apply the disk quota settings.

 Remember, disk quotas help maintain fair resource allocation and prevent storage
shortages!
Note: The process described here applies to Windows 10, Windows 7,
and Windows 8.1.
35
Page