Options

Another wrong question

BherminghausBherminghaus Member Posts: 9 ■□□□□□□□□□
in Windows XP Professional
[FONT=Verdana, Arial, Helvetica][SIZE=-1][SIZE=-1]13. You share a folder on your computer and you assigned the share permission Change to Everyone. John, a user from the Sales department, has been granted Full Control NTFS permission to the folder. John is also a member of the Sales group, which has been assigned Read NTFS permissions.
What are John's effective permissions when connecting to the shared folder?

They say the answer is change.

But don't the most restrictive permissions apply?

The group is assigned read, if you ask me, that should make his affective permissions to read instead of change.

Is the wording wrong on this one too, or am I just assuming the question wants the shared permissions and not the NTFS ?
[/SIZE][/SIZE][/FONT]
· Share on FacebookShare on Twitter

Comments

  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    When looking at share and NTFS permissions, the most restrictive applies. i.e. change share and full NTFS will give you change (when accessing the share over the network, it would be full if accessed locally since that doesn't use the share).

    When looking at permissions amongst multiple groups, the permissions are cumulative. i.e. read NTFS and full NTFS will result in full. You would need to explicitly deny something in another group to negate any allowed permissions.
    · Share on FacebookShare on Twitter
  • Options
    BherminghausBherminghaus Member Posts: 9 ■□□□□□□□□□
    dynamik wrote: »
    When looking at share and NTFS permissions, the most restrictive applies. i.e. change share and full NTFS will give you change (when accessing the share over the network, it would be full if accessed locally since that doesn't use the share).

    When looking at permissions amongst multiple groups, the permissions are cumulative. i.e. read NTFS and full NTFS will result in full. You would need to explicitly deny something in another group to negate any allowed permissions.

    Thank you for your help on the other post as I agree with you on that and now understand. However, for this question - They say that the GROUP has a read only permission. Now, I understand that he has been granted full control, and everyone has change, but for this shared folder does that not mean that he has the read permission only?

    I'm still having trouble understanding how the questions is right, when it says that the group he has is set to the read permission. Isn't the most restrictive set of permissions applied to all categories? Am I right?
    · Share on FacebookShare on Twitter
  • Options
    ClaymooreClaymoore Member Posts: 1,637
    NTFS and Shared permissions are separate and need to be resolved separately. Once you have the resulting set of permissions for both Share and NTFS, then you can compare them.

    NTFS permissions are cumulative
    Group1 has read +
    Group2 has modify +
    User has full control +
    = User has full control

    Share permissions are cumulative
    Everyone has read +
    Group 1 has change
    = User has change

    Share vs NTFS are NOT cumulative and the most restrictive is used
    Share = Change
    NTFS = Full Control
    = User has Change

    If you think that's confusing, wait until you have to troubleshoot nested groups, nested shares and Deny rights. Then you will understand why the new 'Reason for Access' auditing feature in Win7 / 2008 R2 was a feature long overdue.
    Clay Moore's Blog
    · Share on FacebookShare on Twitter
Sign In or Register to comment.