Permissions

I thought that the answer would be Read, Because isnt the most restrictive take effect? Anyway the answer is Change.

Im getting ready for my test next week and am totaly scared of these permissions.

Any sugestions?

8. You share a folder on your computer and you assigned the share permission Change to Everyone. John, a user from the Sales department, has been granted Full Control NTFS permission to the folder. John is also a member of the Sales group, which has been assigned Read NTFS permissions.
What are John's effective permissions when connecting to the shared folder?
a. Read
b. Read & Execute
c. Change
d. Full Control

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

dynamik

It's change. Permissions are cumulative, so if he has read in one group and change in another, he will have read and change.

Assigning individuals the most restrictive permissions for a resource is considered a best practice.

You may also be thinking of the interaction between deny and allow permissions. If a user is assigned the deny read permission in one group and the allow read permission in another, the deny will take precedence. Also, I believe that explicit permissions take precedence over inherited permissions. For example, if the user inherits the deny read permissions from somewhere, but is explicitly assigned the allow read permission for that resource, the allow will take precedence.

12mcken

Have a look at the following url. It might help explain the differences.

http://www.measureup.com/testobjects/MS_NT4W/5a6d9ab.htm

dynamik

The Link Above wrote:

When combining shared folder permissions and NTFS permissions, the most restrictive permission is always the effective permission.

That might be what you were thinking off as well. The share permissions add another layer of complexity when accessing resources over the network.

ttolhurst

Thank you. That link helped allot. Going to go for my test next Mon. 12/17

jbaello

Which one takes president 1st?

sprkymrk

jbaello wrote:

Which one takes president 1st?

1. Based on your userid/group memberships you find the least restrictive security level (NTFS) permissions.

2. If you are also accessing it across the network (rather than locally) you find the least restrictive Share level permission based on userid/group membership.

3. Now between the Share Level access and NTFS permissions, you apply the MOST restrictive of the two as your calculated level of access.

There are exceptions based on explicit deny/allows and implicit denies, but the above will apply to most situations. A deny will over ride everything in 99% of the cases. The 1% exception that we almost never see is an explicit allow vs. an implicit (inherited) deny, but I wouldn't worry about that for any of the MS exams.

147

Thanks for the link and explanations. These will be useful to me on the exam.