Another Persmissions Question

proteus71proteus71 Member Posts: 31 ■■□□□□□□□□
I'm confused on this portion of permissions.

Sample 1 - Jon is in Group A and group B.
Group A has allow = modify (NTFS)
Group B has allow = read (NTFS)
Is the answer Jon's effective permissions are read only? I think for NTFS permissions you add up and use the most restrictive.

Sample B. Jon is in group A and group B.
Jon has allow = Full Control (NTFS)
Group A has allow = change (Share permission)
Group B has allow = read (share permission)
What would Jon's effective permissions be? I believe ntfs and share permissions are added together but then what? Which takes precedence, or overrules the other?

My guess: John has full control if accessing the folder directly (same computer), and change permission if accessing the folder remotely. I believe share permission accumulate and take the least restrictive.

Comments

  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    You are correct in all your assumptions.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    In sample 1 Jon has modify. They were both NTFS permissions.

    If 1 was NTFS and 1 was share then Jon would only have read.
    All things are possible, only believe.
  • emmajoyceemmajoyce Member Posts: 86 ■■□□□□□□□□
    When share and NTFS permissions are combined, the following rules apply:

    When a user is accessing a share across a network, both NTFS and share permissions apply
    The most restrictive permission of the two becomes the effective combined permission.

    When a user accesses a file locally, only the NTFS permissions apply.

    NTFS permissions locally are Cumulative. The final permision is the sum of all permisions. Meaning the least restrictive. Unless there is a deny permission set, which takes precedence over a allow permission.
    lungsucker.jpg
  • proteus71proteus71 Member Posts: 31 ■■□□□□□□□□
    emmajoyce wrote:
    When share and NTFS permissions are combined, the following rules apply:

    When a user is accessing a share across a network, both NTFS and share permissions apply
    The most restrictive permission of the two becomes the effective combined permission.

    So is the answer for Q #2 modify? cumulate the shares (least restrictive)=modify. cumulate ntfs (least restrictive)=full control. share & ntfs combine to get the most restrictive=modify.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    That's correct.

    Share = Read + Change = Change
    NTFS = Full Control

    Local File System Access = Full Control
    Logging in through the Share = Modify

    Share will allow the deleting/modification of files through Change
    NTFS will also allow modification of files through Full Control
    Since Share does not have full control as well, the Change permission from the Share level wins. Hence the user will be allowed to modify/change/create/etc. files but not have full control over them.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • proteus71proteus71 Member Posts: 31 ■■□□□□□□□□
    Thanks for the help all. Took the exam today and only had one question pertaining to permissions. icon_mad.gif . I thought there would be more.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    proteus71 wrote:
    Thanks for the help all. Took the exam today and only had one question pertaining to permissions. icon_mad.gif . I thought there would be more.

    So did you pass?

    Don't worry, if you have the permissions/security concept nailed down now, you'll have some easy "gimme" questions on future MS exams. They pop up everywhere, especially on the server-level exams.
    All things are possible, only believe.
  • proteus71proteus71 Member Posts: 31 ■■□□□□□□□□
    sprkymrk wrote:
    proteus71 wrote:
    Thanks for the help all. Took the exam today and only had one question pertaining to permissions. icon_mad.gif . I thought there would be more.

    So did you pass?

    Don't worry, if you have the permissions/security concept nailed down now, you'll have some easy "gimme" questions on future MS exams. They pop up everywhere, especially on the server-level exams.

    Passed with an 810. :D
    But I have to admit by the time I got half way thru the test I thought I would fail for sure. Only 1/3 of the questions I had a good feeling about. The rest were educated guesses after removing obvious wrong answers.
    Good to know about future tests since 70-290 is next. Plus my work is sending me to a 5 day course for 2003 server, so that should help.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Well then, congrats to you! icon_thumright.gif
    All things are possible, only believe.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Congrats and good luck with 70-290!
    “For success, attitude is equally as important as ability.” - Harry F. Banks
Sign In or Register to comment.