Questions Requarding Practice Exam

I have a couple of questions reguarding the TechExams practice exam.

The practice exam mentions default permissions for everyone as "read" (don't know if its for share or NTFS). However, another book I read list default for everyone as; share="full control" and NTFS="read&execute". I'm thinking one of the sources is pre-SP2. Can anyone verify this info for me?

The practice exam mentions that "full control"=deny means that no access will be allowed. I thought that "full access"=deny only denys the full control but not necassarily read or write etc.... Any confirmation would be greatly appreciated.

The hardest part of prepping for this exam is a multitude of different answers by different sources. I'm guessing some info is older than others, but figuring whos right and whos wrong is a pain.

PS. My sources are Sybex book, Exam Cram 2 book, this site and one other free site.

Find more posts tagged with

Comments

gcorky

full control with a deny =no access

i have my exam next Friday so im hard at it

royal

XP with no Service Packs as well as with Service Packs, the share permission has always been set to Everyone Read. In W2k, it was everyone full control. Microsoft stated they wanted to try to lock down things in XP so they would leave it up to the Administrator to make the security permissions less restrictive.

Deny overrules Allow with only one exception. An explicit Allow will overrule an inherited Deny.

sprkymrk

The default for a new folder NTFS security is to inherit the parent folder NTFS security. In many cases this will be Administrators, System, and Creator/Owner Full Control, and Users get read/execute.

It does depend on where the folder is created though, as anything under the Documents and Settings area will only have Admins, System and (username of owner) as Full Control.

The practice exam mentions that "full control"=deny means that no access will be allowed. I thought that "full access"=deny only denys the full control but not necassarily read or write etc.... Any confirmation would be greatly appreciated.

The book is correct, if you set full control=deny, that means no access at all.

Gav0

[The hardest part of prepping for this exam is a multitude of different answers by different sources. I'm guessing some info is older than others, but figuring whos right and whos wrong is a pain. ]

I agree, Im trying to get my head round NTFS and Share permissions at the moment. I found that the best way to rule out discrepencies is to test things for yourself (if you have a lab) - if in doubt try it out.

I've also found that it helps you remember things more as you start to see a certain logic to how the permissions are applied.

i also noticed something interesting last night - i had a share and assigned user1 full share permissions & NTFS read & exe, Read & Write access to the whole directory. when i tried to rename a file in the directory i got access denied. Turns out you need Modify access (which includes Delete) in order to rename the file.
That may well be written in a text book somewhere but im sure i'll remember that one because i kind of discovered it for myself. [/quote]

proteus71

Thanks to all for the replies. I fully understand the deny aspect of permissions. One more confirmation question. Share permissions for everyone is allow=read, and NTFS permissions for everyone on the same folder is allow=modify. Everyone will have only read permissions (not modify permissions), cause they are added together and the most restrictive applied, correct?

XP with no Service Packs as well as with Service Packs, the share permission has always been set to Everyone Read. In W2k, it was everyone full control.

Just to confirm between Wisconsinites, in XP SP2, the default permission for everyone is Read?

The default for a new folder NTFS security is to inherit the parent folder NTFS security. In many cases this will be Administrators, System, and Creator/Owner Full Control, and Users get read/execute.

And "everyone" does not inherit from the parent folder, correct?

I agree, Im trying to get my head round NTFS and Share permissions at the moment. I found that the best way to rule out discrepencies is to test things for yourself (if you have a lab) - if in doubt try it out.

I did this with confusing results. I created a folder under the C: drive, and the everyone group was not automatically put into the permissions, but I thought it would be.