Cumulitive Permission Confusion...

davetuck

I've read MCSE Windows XP Professional Training Kit, and am now reading Sybex MCSA/MCSE Windows XP Professional Study Guide, 3rd Edition (70-270). Early on in the book there is a test exam with the following question...


12. Susan is a member of the Sales and Managers groups. The Managers group has been allowed the Full Control permission to the \DATA folder. The Sales group has been allowed the Read & Execute permission to \DATA but has been denied the Full Control permission. What are Susan's effective rights?

1. Full Control
2. Read & Execute
3. Read
4. No permissions




Answer:

B. Susan is not allowed the Full Control permission because it was explicitly denied through her membership in the Sales group. She is allowed the Read & Execute permission. See Chapter 9 for more information.

I thought if a group was denied full control, then the user would have no access at all, I've run this past a few people who agree with me.

Can anyone clarify whether the answer above is correct?

Thanks

dave

royal

She'd have zero control and wouldn't even be able to look at the folder.

sharptech

Right, should be no permissions... if you set it to deny full access that will override anything else..

Megadeth4168

LOL... I remember that question! I used the Sybex book as well...Sounds to me like you have a good understanding of the subject.

davetuck

Thanks everyone - wouldn't you think by the 3rd edition they'd have put that one right!

Maybe I have a chance of passing 70-270 after all!!

Danman32

Since full control is really 'All rights', I would agree. However, if it is treated as a separate permission, even though that permission gives all other permissions, it might be possible that she could get read/execute, but could never get implicit rights through full control.

That might be something to try for real.

itdaddy

I AGREE. I am studying 70-270 as well and have seen this a few times
and i would say deny all since it cancels everything out.

amen!