Cumulitive Permission Confusion...
davetuck
Member Posts: 15 ■□□□□□□□□□
I've read MCSE Windows XP Professional Training Kit, and am now reading Sybex MCSA/MCSE Windows XP Professional Study Guide, 3rd Edition (70-270). Early on in the book there is a test exam with the following question...
12. Susan is a member of the Sales and Managers groups. The Managers group has been allowed the Full Control permission to the
\DATA folder. The Sales group has been allowed the Read & Execute permission to \DATA but has been denied the Full Control permission. What are Susan's effective rights?
1. Full Control
2. Read & Execute
3. Read
4. No permissions
Answer:
B. Susan is not allowed the Full Control permission because it was explicitly denied through her membership in the Sales group. She is allowed the Read & Execute permission. See Chapter 9 for more information.
I thought if a group was denied full control, then the user would have no access at all, I've run this past a few people who agree with me.
Can anyone clarify whether the answer above is correct?
Thanks
dave
12. Susan is a member of the Sales and Managers groups. The Managers group has been allowed the Full Control permission to the
\DATA folder. The Sales group has been allowed the Read & Execute permission to \DATA but has been denied the Full Control permission. What are Susan's effective rights?1. Full Control
2. Read & Execute
3. Read
4. No permissions
Answer:
B. Susan is not allowed the Full Control permission because it was explicitly denied through her membership in the Sales group. She is allowed the Read & Execute permission. See Chapter 9 for more information.
I thought if a group was denied full control, then the user would have no access at all, I've run this past a few people who agree with me.
Can anyone clarify whether the answer above is correct?
Thanks
dave
Comments
-
royal
Member Posts: 3,352 ■■■■□□□□□□
She'd have zero control and wouldn't even be able to look at the folder.“For success, attitude is equally as important as ability.” - Harry F. Banks -
sharptech
Member Posts: 492 ■■□□□□□□□□
Right, should be no permissions... if you set it to deny full access that will override anything else..
-
Megadeth4168
Member Posts: 2,157
LOL... I remember that question! I used the Sybex book as well...Sounds to me like you have a good understanding of the subject. -
davetuck
Member Posts: 15 ■□□□□□□□□□
Thanks everyone - wouldn't you think by the 3rd edition they'd have put that one right!
Maybe I have a chance of passing 70-270 after all!! -
Danman32
Member Posts: 1,243
Since full control is really 'All rights', I would agree. However, if it is treated as a separate permission, even though that permission gives all other permissions, it might be possible that she could get read/execute, but could never get implicit rights through full control.
That might be something to try for real. -
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
I AGREE. I am studying 70-270 as well and have seen this a few times
and i would say deny all since it cancels everything out.
amen!
