Effective Permissions confused!!

spicc7spicc7 Member Posts: 47 ■■□□□□□□□□
Hi all,

First let me say this is an excellent site! I used the practice exams and technotes for my A+, Network+ exams.

I am gearing up to go for the 70-210 and I keep fumbling over security questions.

I know you guys can set the record straight.
When combining share and NTFS (Folder) permissions. Is it the least restrictive or most-restrictive. And could you please explain what's meant by "least/most".

By 'least' do you mean, the permission that gives the user the most control?

I apologize if this question was posted before. (couldn't find it)

Thanks in advance!
CCNA, CCNA Security, MCSA, MCP, A+, Network+


  • Options
    D-boyD-boy Member Posts: 595 ■■□□□□□□□□
    when combining share and NTFS permissions
    the MOST restrictive right applies ie. Read and Full Control it is Read

    when combining only NTFS permissions
    the LEAST restictive applies ie. Read and Full Control it is Full Control

    this permission overrides all other permissions

  • Options
    spicc7spicc7 Member Posts: 47 ■■□□□□□□□□
    Thanks D-boy!

    That really clears things up a lot.

    Also I was able to tract down the answer through an archive post:

    The poster suggested using a table with columns NTFS and SHARE
    and then assigning each user or group a row. Then filling in the permissions for each column. This really helped me to visualize the process.

    Thanks for your fast response - it helped me further clarify! :D
    CCNA, CCNA Security, MCSA, MCP, A+, Network+
  • Options
    aznluvsmcaznluvsmc Member Posts: 47 ■■□□□□□□□□
    Actually, when combining NTFS permissions the term "Least restrictive" is not used. Multiple NTFS permissions are referred to as cumulative meaning we combine the permissions.

    The reason we don't use Least restrictive is that both the Read permission and the Write permission are considered to be equal. It is possible to have one of these permissions without the other.
  • Options
    D-boyD-boy Member Posts: 595 ■■□□□□□□□□
    That's ok icon_wink.gif , Thanks aznluvsmc I forgot to mention that too... icon_redface.gif

  • Options
    rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□
    i think i have the same problemo... well then, we have to study a lot harder i guess
    the More I know, that is more and More I dont know.
  • Options
    tschnabel99tschnabel99 Member Posts: 51 ■■□□□□□□□□
    Remember this!
    Share Level Permissions=Folder
    NTFS=File Level Permissions
    Least Restrictive means to the user. Ex. Full Control vs. Read

    Explanation: The appropriate way to determine effective permissions to a resource is illustrated in the three steps below:

    1. Determine the effective share-level permission. The effective share-level permission will be the least restrictive permission of all of those assigned to a user or to groups that the user is a member of. The exception is the No Access permission which will override all other permissions.

    2. Determine the effective NTFS permission. The effective NTFS permission will be the cumulative of all of the NTFS permissions assigned to the user and to groups that the user is a member of. The exception is if there are any Deny permissions assigned. Deny permissions will override Allow permissions.

    3. The effective overall permission will be the most restrictive of the effective share-level permission and the effective NTFS permission. The most restrictive of Full Control and Read would be Read which would be the effective perms.
    Hain't no thang like a chicken wang!!
Sign In or Register to comment.