question about share permissions..Passed!

suren327suren327 Member Posts: 44 ■■□□□□□□□□
in Server 70-290
hey everyone..i'm sitting this exam in a week n i have a question i'm not sure how to figure out..the question is if you wanted the Sales group to have full control permission to a shared folder but u wanted a user in the Sales group to only have read permissions how do you accomplish this?? n e help is appreciated..thanks
· Share on FacebookShare on Twitter

Comments

  • CorySCoryS Member Posts: 208
    In this case if its a specific user you would need to setup a deny permission for their username explicitly, remember most restrictive wins.
    MCSE tests left: 294, 297 |
    · Share on FacebookShare on Twitter
  • suren327suren327 Member Posts: 44 ■■□□□□□□□□
    i don't really understand it..if u set full control on the group n then u add the user name n then try to set permissions to his name..u can't deny full control or modify because then that would automatically deny his read permission..and you can't only select the allow read cuz then he would inherit the full control from the group permissions?? am i right or wrong??
    · Share on FacebookShare on Twitter
  • CorySCoryS Member Posts: 208
    If you were to take this user and add him to a group with full control, you would either need to take him out of the group and specify whatever permissions you want and add them to the folder security permissions....

    Or what I would do is add this user specifically to that folder and setup a deny - (whatever), even if they are inheriting permissions, the end result is an explicit deny which takes the cake.

    I hope I understand your question correctly.
    MCSE tests left: 294, 297 |
    · Share on FacebookShare on Twitter
  • suren327suren327 Member Posts: 44 ■■□□□□□□□□
    i'll try it again when i go on my lab..thanks..does n e one else have other ideas for a solution to this problem?
    · Share on FacebookShare on Twitter
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    If you select "deny" write permission, but leave "read" as allowed for the user, you will effectively narrow that user's permissions to read only, regardless of his/her group membership. By denying "write" access, that user no longer has the full control because he/she cannot modify, delete, change ownership, etc. Only read access is allowed. Note - this is done on the NTFS Security settings, not the share level permissions.

    BTW - If you deny "Full Control", the user will not even have read access.
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • suren327suren327 Member Posts: 44 ■■□□□□□□□□
    thanks i tried it and it worked..
    · Share on FacebookShare on Twitter
  • suren327suren327 Member Posts: 44 ■■□□□□□□□□
    Passed with a 700! just made it...291 next.
    · Share on FacebookShare on Twitter
  • janmikejanmike Member Posts: 3,076
    Congratulations!
    "It doesn't matter, it's in the past!"--Rafiki
    · Share on FacebookShare on Twitter
  • 7255carl7255carl Member Posts: 1,544 ■■■□□□□□□□
    congrats :D
    W.I.P CCNA Cyber Ops
    · Share on FacebookShare on Twitter
Sign In or Register to comment.