Permission help

knownhero

Hi guys,

Been reading this forum alot since my exam is on the 6th Feb. I've been reading the Self-Paced Training Kit for this exam. Failed the first time as I didnt really study alot and I didnt push it back to a later date, but Im mubbling now. Right to the question I have. PERMISSIONS! God these are annoying. I was just wondering if someone could explain this question in the book:

In the second example, the users folder contains user home folders. Each user home folder contains data accessible only to the user for whom the folder is names. The users folder has been shared, and the Users group has the shared folder FULL CONTROL permission for the users folder. User1 and User2 have the NTFS FULL CONTROL permission for their home folder only and no NTFS permissons for othe folders. These users are all members of the users group. What permissions does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder? What asre Users1's Permissions for the User2 subfolders?


I know thw first question "What permissions does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder?" is Full Control

But for the second one I dont understand. If there is no NTFS permissions set he or she should be able to access it right?

Maybe I'm being stupid and missing something.

While writing this I looked at the Question again and maybe this is the answer to mine:

"User1 and User2 have the NTFS FULL CONTROL permission for their home folder only and no NTFS permissons for othe folders."

undomiel

The question is a bit of a study in reading comprehension. If you just skimmed the initial answer you'd get is probably going to be that they have FULL CONTROL to the folders. But reading into it a bit you see that it says that the users only have full control of their own folders and no permissions to other folders. Since you apply the principle of most restrictive of the two permission sets, here is the break down for User1 to access User2's folder as a share: ShareFullControl compare NTFSNone = effective permissions None. So it is as you said at the end, User1 has no permissions to User2's folder.

knownhero

Its just really annoying how they word the questions. I don't see how the FULL CONTROL for their own folders and then the NO NTFS Permissions for the other folders works. Surely with the NO NTFS PERMISSIONS should mean that user1 can access user2 folder if there is no permissions set.

Sorry to be a pain about this. It's just not sinking into the brain! ARGH!

dynamik

knownhero wrote: »

But for the second one I dont understand. If there is no NTFS permissions set he or she should be able to access it right?

No. Honestly, I don't know why this point wasn't made clearer in most study materials. It seems like most just assume that it's an obvious point. You need to be assigned permissions in order to be able to access a resource.

knownhero

dynamik wrote: »

No. Honestly, I don't know why this point wasn't made clearer in most study materials. It seems like most just assume that it's an obvious point. You need to be assigned permissions in order to be able to access a resource.

Okay so when it says "no ntfs permissions for other folders" in other questions that I see this in. It simply means deny?

dynamik

No, because if its set to inherit permissions, it will inherit permissions from the parent. For example, if the parent allows read, and the child that you're trying to access has neither allow or deny permissions set, you'll be given read access since its inheriting that from the parent (unless you deliberately block inheritance). On the other hand, if you denied read access on the child, you would not be able to read since it was explicitly denied. As you can see, that is a significant difference in functionality, so do not treat no permissions and deny as the same thing.

Think of it this way, you must be granted allow permissions at some point. Access is commonly restricted by simply not assigning permissions. This makes sense if you think about it. If no permissions allowed access, every time you added a new user or group, you would have to back to every object and explicitly deny permissions for that user or group. That would be an absolute nightmare to try to maintain. Deny permissions are fairly rare. They usually exist to correct some flaw that occurred in the design and planning stage.

knownhero

So just in my VERY SIMPLE terms of this is like this:

You have a:

Everyone
Users
Creator Owner
Administrators

Groups which you can enter the file and for which group you fall into you have to have these rules. If you are not in ANY of these you have NO ACCESS. Sort of like a bouncer rejecting you entry to a pub for not having ID?

If that makes any sense


So for example if "Tom" wasnt a member of any of the groups mentioned above. He has NO NTFS PERMISSIONS which means he has no access to the file?

undomiel

Correct. No ntfs permissions means no access. Tom is just going to have a rough day.

dynamik wrote: »

Deny permissions are fairly rare. They usually exist to correct some flaw that occurred in the design and planning stage.

Or introduce flaws into the design.

knownhero

undomiel wrote: »

Correct. No ntfs permissions means no access. Tom is just going to have a rough day.

Awesome. Got that in the memory bank now. Hopefully I will start to catch on with all this permissions jargon. Next stop Basic and Dynamic disks.

dynamik

undomiel wrote: »

Or introduce flaws into the design.

Excellent point.

We just went through a lot of permission material with another user. Check out his questions and try to answer them yourself, and then check our answers.

http://www.techexams.net/forums/70-270-windows-xp-professional/36935-effective-permissions.html

http://www.techexams.net/forums/70-270-windows-xp-professional/37302-share-ntfs-question.html

http://www.techexams.net/forums/70-270-windows-xp-professional/37682-permission-question.html

http://www.techexams.net/forums/mcsa-mcse-windows-2003-general/37687-permissions.html

http://www.techexams.net/forums/70-270-windows-xp-professional/38328-permission-questions.html

http://www.techexams.net/forums/70-270-windows-xp-professional/38552-difficult-permission-share-question.html

http://www.techexams.net/forums/70-270-windows-xp-professional/38755-permissions.html

knownhero

thanks guys!