NTFS Permissions and ICACLS Overview

Questions and Answers

What is the primary function of Access Control Entries (ACE) in NTFS permissions?

To encode the ownership details of files

To provide a backup of user permissions

To manage network sharing settings

To specify access rights for users or groups (correct)

In Effective Permissions Management, which of the following factors must be considered?

The number of files within the folder

Inheritance from parent folders (correct)

The physical location of the hard drive

The last modified date of the folder

What does NTFS inheritance imply for subfolders and files?

They must always deny inherited permissions

They cannot have their own permissions

They automatically inherit permissions from their parent folder (correct)

They are only accessible by the administrator

What is the key difference between Deny and Allow permissions in NTFS?

Deny permissions always take precedence over Allow permissions

When moving files within the same NTFS volume, what happens to their permissions?

Permissions are retained from the source location

How are Basic permissions defined in relation to Advanced permissions?

Basic permissions are a simplified representation of Advanced permissions

Which permission level is applied if AUTHENTICATED USERS are set to READ in an NTFS folder?

Users can read and execute files

Which NTFS permission would you assign to allow a user to fully manage files in a folder?

Full Control

What happens when a user is a member of a group that is granted a permission and another that denies that permission?

The user is denied that permission.

Which of the following statements is true regarding ownership of objects in NTFS?

A user can only assign permissions to objects they own.

What warning is received when all users are denied access to a folder?

Only the owner will be able to change permissions.

When moving files, which condition will cause a file to retain its permissions?

When moving the file within the same volume.

In the context of NTFS, which statement about the FAT file system is correct?

FAT does not support any permissions.

What is a key concept learned when creating and moving files in NTFS?

Permissions must always be reassigned after moving an object.

Which process should be followed to take ownership of a folder in NTFS?

Access Advanced Security settings and change the owner.

What is a consequence of using the MOVE operation on a file without associated DENY ACE?

The file will always retain its original permissions.

What is the command to grant the SUPERHEROES group FULL CONTROL to the HEROES_ONLY folder?

ICACLS C:\NAT\ROOMS\HEROES-ONLY\GRANT SUPERHEROES:(CI)F /T

What permission is being set to DENY for the JOKER user on the SECRET.TXT file?

DENY FULL CONTROL

What is the purpose of the command 'ICACLS C:\NAT\ROOMS\ /SAVE C:\NAT\ACL_BACKUP.TXT /T'?

To back up the ACL from the specified folder and subdirectories

What must be disabled to change permissions on the C:\NAT\ROOMS\215 folder?

Inheritance

When a user accesses a folder from a share on a remote machine, which rules apply?

Both SHARE and NTFS rules apply

Why is giving EVERYONE FULL CONTROL SHARE PERMISSIONS important?

To ensure users can modify shared resources

Which statement correctly describes the difference between DENY and ALLOW permissions?

DENY always overrides ALLOW permissions, regardless of inheritance

What action will NOT be allowed if a user's permissions are set to DENY FULL CONTROL on a file?

Deleting the file

Study Notes

NTFS Permissions Rules

• Deny Overrides Allow: If a user is a member of two groups, one allowing a permission and the other denying it, the user is denied that permission.
• Ownership: Administrators can take ownership of an object, and the owner of any object can assign permissions.
• Object Permissions on Copy/Move: When an object is copied or moved within the same NTFS volume, it retains its original permissions. However, if moved to a different volume, it inherits the new volume's permissions.
• FAT32: FAT32 file systems do not support permissions or security.

ICACLS

• ICACLS grants permissions: The command ICACLS C:\NAT\ROOMS\HEROES-ONLY\GRANT SUPERHEROES:(CI)F /T gives the SUPERHEROES group full control (F) to the HEROES_ONLY folder and all subfolders (/T).
• ICACLS denies permissions: The command ICACLS C:\NAT\ROOMS\HEROES_ONLY\SECRET.TXT /DENY JOKER:(F) denies the user JOKER full control (F) to the file SECRET.TXT .
• ICACLS backs up ACLs: The command ICACLS C:\NAT\ROOMS\ /SAVE C:\NAT\ACL_BACKUP.TXT /T backs up the Access Control List (ACL) for C:\NAT\ROOMS and all subdirectories into the file C:\NAT\ACL_BACKUP.TXT.
• ICACLS manipulates directory inheritance: The command ICACLS C:\NAT\ROOMS\215 /DISABLERINHERIT /REMOVE SYSTEM /REMOVE USERS disables inheritance of permissions for the folder C:\NAT\ROOMS\215 and removes permissions for the SYSTEM and USERS groups.
• ICACLS restores ACLs: The command ICACLS C:\NAT\ROOMS\215 /RESTORE C:\NAT\ACL_BACKUP.TXT restores the ACL for the folder C:\NAT\ROOMS\215 from the backup file C:\NAT\ACL_BACKUP.TXT.

NTFS Sharing

• Share and NTFS Permissions: Accessing a folder or file locally uses NTFS permissions. Remotely accessing a shared folder applies both share and NTFS rules.
• UNC Path: When accessing a local share using a UNC path (e.g., \ComputerName\Share), Windows treats it as a remote access and thus applies both share and NTFS rules.
• Share Permissions: Using NTFS permissions to control access is important. It can be combined with share permissions to manage file access from both local and remote users.

Description

Explore the fundamentals of NTFS permissions and the ICACLS command in managing file access. This quiz covers key concepts, rules, and command usage for effective permission handling in Windows. Test your understanding of file system security and access control.