NTFS File System Security Quiz

Questions and Answers

What do NTFS permissions primarily determine for users and groups?

The total amount of files that can be created

The speed at which files can be accessed

What users, groups, and computers can access and level of access they have (correct)

The file storage capacity on a disk

Which set of permissions is commonly used 99% of the time?

Advanced permissions

Basic permissions (correct)

Inherited permissions

Custom permissions

Which permission allows a user to modify the contents of a folder?

Modify (correct)

Write

Read

Full control

What is the primary function of NTFS permissions?

To efficiently apply different permissions for different users

What is a key feature of inherited permissions?

They allow permissions to propagate from a parent to a child object

Which permission is NOT a basic permission in NTFS?

Delete subfolders and files

What does an Access Token contain when a user logs onto an NTFS formatted computer?

User SID, Group SID, and Permissions

What is the role of groups in NTFS permissions?

To simplify the management of permission settings

In the context of NTFS, what does ACL stand for?

Access Control List

Which action can NOT be performed with special permissions?

Modify file content

What outcome occurs if the system does not find a match between an Access Token and an ACE in the ACL?

Access is denied

Which of the following operating systems first introduced NTFS on a client Operating System?

Windows 2000

What happens when a user creates a new file in a folder with inherited permissions?

The new file inherits the parent folder's permissions by default

What happens to permissions when an object is copied to the same NTFS volume?

Permissions are inherited because a new object is created.

What is the effect of moving a file from an NTFS volume to a FAT partition?

All permissions are lost.

How can you check a specific user's cumulative permissions to an object?

By accessing 'SECURITY → ADVANCED → EFFECTIVE ACCESS'.

What does the command 'ICACLS testfolder /reset /t /c' do?

Resets folder permissions to default settings.

What happens when an object is copied from a FAT partition to an NTFS volume?

The object inherits permissions from the NTFS volume.

What happens to the permissions when a user has READ permission and belongs to a group with WRITE permission on the same object?

The user has both READ and WRITE permission.

What is the effect of disabling inheritance on a folder's permissions?

Inherited permissions change to explicit permissions that can be edited.

What is the primary function of the DENY permission in a permissions structure?

It overrides all other permissions granted to the user.

What happens when a user copies an object to a new location in terms of its permissions?

The copied object inherits permissions from its new parent.

What is the behavior of the REMOVE option when disabling inheritance?

It removes all existing permissions, including system permissions.

What can an object owner do regarding permissions on their owned object?

They can change permissions regardless of their own permissions.

How does moving an object within the same NTFS volume affect its permissions?

The object retains its existing permissions.

Which of the following statements about permission inheritance is false?

A parent folder can inherit permissions from its children.

What is the purpose of setting EVERYONE = FULL CONTROL in NTFS share permissions?

To ensure remote access permissions match local permissions

What character is used to denote a hidden share in NTFS?

$

Which of the following represents the MOST RESTRICTIVE result when combining share and NTFS permissions?

Read for share and Full Control for NTFS

How can you access a network share using the Universal Naming Convention (UNC)?

Using the format \ComputerNameorename

What must be done to enable access to the default hidden shares on a home network?

Use Registry Editor to set a specific value

Study Notes

NTFS (New Technology File System)

• Windows 2000 was the first operating system to introduce NTFS on a client operating system.
• NTFS provides security at the file system level.
• When logging into an NTFS formatted computer, an Access Token is created for the user which contains their User SID, Group SID and permissions
• All processes have access to this token, enabling NTFS permissions to be checked against a resource's Access Control List (ACL)
• An ACL contains Access Control Entries (ACE) which define permissions for each user/object on the system.
• Access is granted if the user's Access Token matches an ACE in the ACL, otherwise access is denied.

NTFS Permissions

• NTFS Permissions dictate what users, groups and computers can access files, folders and objects (printers)
• Permissions determine what level of access (read, write, modify, etc.) a user can have on a file or folder
• Files and folders use the same permissions settings/template
• Basic permissions are comprised of advanced permissions
• 'Full Control' is the most inclusive permission and provides all access
• 'Modify' allows to read and write to a file or folder
• 'Read & Execute' only allows to read the content of a file and execute a file
• 'List folder contents' is folder specific and allows to view the files and folders in a directory
• 'Read' allows to access and read a file
• 'Write' allows to overwrite a file or create new content
• Groups can be used to simplify permissions management by assigning permissions to a group and simply adding or removing members

NTFS Permission Rules & Tools

• Permissions can be explicitly set for a specific object or inherited from the parent folder
• Explicit permissions are set directly at the object level
• Inherited permissions are automatically applied from parent folder to child folder
• All permissions are cumulative and are added together to determine a user's effective permissions to an object
• Inheritance can be disabled via the object properties by selecting 'Disable Inheritance'
• Selecting 'Convert' when disabling inheritance will make all inherited permissions explicit and editable, while keeping existing permissions intact
• Selecting 'Remove' when disabling inheritance will remove all permissions, including those held by the system, and replace them with new explicit permissions.
• 'Deny' overrides 'Allow' and can cancel existing permissions, it is generally discouraged and should be used sparingly.
• Every object has an owner that can change permissions, even if they don't have any permissions to the object
• Administrator accounts can change ownership of an orphaned object
• When copying a file, the copied object inherits permissions from its new parent folder
• When moving a file, the file maintains its existing permissions because a new object is not created
• When moving or copying a file between NTFS volumes the new object will inherit permissions from the parent folder
• Moving or copying from NTFS to FAT will result in losing all permissions
• Moving or copying from FAT to NTFS will cause the file to inherit permissions from the parent folder
• Effective permissions can be checked for a specific user for any object
• 'ICACLS' is a command line tool used for checking and setting permissions on objects
• It allows saving permissions settings before making changes to enable easy restoration
• 'ICACLS' can be used in scripts to automate permission modification

NTFS Sharing

• There are two options for sharing objects, in the real world, only one is recommended
• Three types of share permissions exist: 'Read', 'Change', and 'Full Control'
• NTFS share permissions and NTFS object permissions work together and the most restrictive permission is applied
• To avoid inconsistent access levels, set share permissions using 'Everyone = Full Control'
• Accessing shared objects is done through the Universal Naming Convention (UNC) path
• Format: \ComputerName\ShareName
• C:\ is a hidden share by default, accessible through \ComputerName\C$
• Hidden shares do not show up in File Explorer and must explicitly be entered using the UNC path
• Create hidden shares by adding a '$' to the end of the share name
• Default share accessible on Domain Network, but not home network, a registry change can be made to enable on a home network

Description

Test your knowledge on NTFS (New Technology File System) fundamentals and its permission settings. This quiz covers the introduction of NTFS in Windows 2000, Access Tokens, ACLs, and permission management for files and folders.