Permissions

ttolhurstttolhurst Member Posts: 8 ■□□□□□□□□□
I thought that the answer would be Read, Because isnt the most restrictive take effect? Anyway the answer is Change.

Im getting ready for my test next week and am totaly scared of these permissions.

Any sugestions?


8. You share a folder on your computer and you assigned the share permission Change to Everyone. John, a user from the Sales department, has been granted Full Control NTFS permission to the folder. John is also a member of the Sales group, which has been assigned Read NTFS permissions.
What are John's effective permissions when connecting to the shared folder?
a. Read
b. Read & Execute
c. Change
d. Full Control

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    It's change. Permissions are cumulative, so if he has read in one group and change in another, he will have read and change.

    Assigning individuals the most restrictive permissions for a resource is considered a best practice.

    You may also be thinking of the interaction between deny and allow permissions. If a user is assigned the deny read permission in one group and the allow read permission in another, the deny will take precedence. Also, I believe that explicit permissions take precedence over inherited permissions. For example, if the user inherits the deny read permissions from somewhere, but is explicitly assigned the allow read permission for that resource, the allow will take precedence.
  • 12mcken12mcken Member Posts: 65 ■■□□□□□□□□
    Have a look at the following url. It might help explain the differences.

    http://www.measureup.com/testobjects/MS_NT4W/5a6d9ab.htm
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    When combining shared folder permissions and NTFS permissions, the most restrictive permission is always the effective permission.

    That might be what you were thinking off as well. The share permissions add another layer of complexity when accessing resources over the network.
  • ttolhurstttolhurst Member Posts: 8 ■□□□□□□□□□
    Thank you. That link helped allot. Going to go for my test next Mon. 12/17
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    Which one takes president 1st?
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    jbaello wrote:
    Which one takes president 1st?

    1. Based on your userid/group memberships you find the least restrictive security level (NTFS) permissions.

    2. If you are also accessing it across the network (rather than locally) you find the least restrictive Share level permission based on userid/group membership.

    3. Now between the Share Level access and NTFS permissions, you apply the MOST restrictive of the two as your calculated level of access.

    There are exceptions based on explicit deny/allows and implicit denies, but the above will apply to most situations. A deny will over ride everything in 99% of the cases. The 1% exception that we almost never see is an explicit allow vs. an implicit (inherited) deny, but I wouldn't worry about that for any of the MS exams.
    All things are possible, only believe.
  • 147147 Member Posts: 117
    Thanks for the link and explanations. These will be useful to me on the exam.
    Fear is the absence of Faith.
Sign In or Register to comment.