Windows Permissions and Sharing Quiz

Questions and Answers

What is the purpose of the Configure share settings page in the New Share Wizard?

• To confirm the selections made during the sharing process
• To define permissions for the shared folder (correct)
• To manage the users who can access the share
• To set the name of the new share

Which statement about Windows Permissions Architecture is true?

• ACLs are specific to folders only
• Every security principal can have multiple ACEs (correct)
• Deny permissions take precedence over Basic Permissions
• Advanced Permissions are always preferred over Basic Permissions

What happens when Allow permissions and Deny permissions are both assigned to a security principal?

• Both permissions are applied equally
• Deny permissions are cumulative
• Allow permissions are ignored
• Deny permissions will override Allow permissions (correct)

What is described as preconfigured permission combinations in Windows Permissions?

Basic Permissions (B)

In the context of permissions, what does 'inheriting permissions' refer to?

Permissions granted to a parent folder are passed down to subfolders (D)

What is one of the actions that can be performed with the Modify permission on a file?

Delete the file (A)

Which NTFS permission allows a user to view the names of files and subfolders without accessing their contents?

List Folder Contents (C)

What capability does the owner of a file or folder retain, regardless of current permission settings?

Assign permissions to other users (D)

When a user has Read permission on a folder, what can they do?

See the files and subfolders contained in the folder (D)

What can a user do with Write permission on a folder?

Create new files and subfolders inside the folder (A)

What must be determined before creating folder shares?

What folders to share and the permissions to grant (D)

Which file-sharing protocol is standard for all versions of Windows?

Server Message Blocks (SMB) (C)

What is a necessary requirement for using the Network File System (NFS)?

Installation of the NFS role service (C)

Which action allows a user to share their own folders with specific people?

Right-click the folder and choose Share with > Specific People (D)

Which of the following is NOT a consideration when creating a folder share?

Setting up an email notification system (B)

What permissions are included in the Full Control option for a folder?

All actions allowed by Change permission and take ownership of the folder (D)

Which of the following is NOT a capability granted by Share Permissions?

Change access control lists directly (D)

What do security principals represent in the context of NTFS permissions?

Users and groups identified by Windows (C)

During the authorization process in NTFS, what is compared to determine a user's access to a file or folder?

The user's SIDs and those stored in the element's ACEs (B)

What is one function of the Share Permissions tab for a shared folder?

To allow or deny security principals the ability to perform specific actions (A)

Advanced Permissions are more commonly used than Basic Permissions.

False (B)

Deny permissions always override Allow permissions in Windows permissions architecture.

True (A)

Permissions run upward through a hierarchy in Windows systems.

False (B)

Explicit permissions are less important than inherited permissions.

False (B)

An Access Control List (ACL) specifies the capabilities of a security principal.

True (A)

Only System Administrators can create folder shares on a server.

False (B)

The Server Message Blocks (SMB) protocol is used exclusively by UNIX and Linux systems.

False (B)

NTFS quotas can be configured to limit the disk space available to users on a server.

True (A)

Creating folder shares requires you to assign specific names, permissions, and determine folder settings.

True (A)

NFS role service must be installed to use the SMB protocol.

False (B)

NTFS and ReFS drives do not support permissions.

False (B)

A user with Full Control permission can take ownership of files and folders.

True (A)

The permissions for a file are determined by comparing the user's security identifiers (SIDs) to the access control entries (ACEs).

True (A)

The Share Permissions tab grants users the ability to change file attributes.

False (B)

In NTFS authorization, every file and folder has an ACL with numerous ACEs.

True (A)

An owner of a file or folder cannot modify the permissions if current settings deny them access.

False (B)

With Write permission on a folder, a user can create new files and subfolders inside that folder.

True (A)

The Read & Execute permission allows users to run applications and perform all actions associated with the Read permission.

True (A)

List Folder Contents permission allows a user to view the contents of files without needing any additional permissions.

False (B)

The Take Ownership permission allows a user to assume ownership of a file or folder that they did not create.

True (A)

Flashcards

Folder Shares

A mechanism that allows network users to access files and folders located on a server. Creating shares involves defining which folders are shared, assigning names to them, setting permissions for users, and configuring offline file options.

SMB (Server Message Blocks)

The standard file sharing protocol used by all versions of Windows. It enables file sharing between Windows computers and requires the File Server role service to be installed on the server.

NFS (Network File System)

The standard file sharing protocol used by most UNIX and Linux systems. It enables file sharing between Unix/Linux systems and requires the NFS role service to be installed on the server.

Sharing Tab - Folder Properties

Provides a more advanced interface compared to the 'Share with Specific People' option. It offers greater control over permissions and allows for fine-grained access management.

New Share Wizard

A step-by-step tool used to create and configure a new folder share. It helps you select the server and path, assign a share name, and configure permissions.

Access Control List (ACL)

A list that controls access to a resource, like a folder, by specifying permissions for users and groups.

Access Control Entry (ACE)

A single rule within an ACL that defines the permissions granted or denied to a specific user or group.

Permissions

Rules that define what actions users or groups can perform on a resource, like read, write, or delete.

Additive Permissions

Permissions are granted gradually, starting with no access and adding permissions as needed.

Subtractive Permissions

Permissions are granted initially and then restricted by denying specific actions.

Share Permissions

A set of rules that determine who can access a shared folder and what they can do with its contents.

Full Control Share Permission

Gives users the highest level of access, allowing them to change file permissions, take ownership, delete files, and more.

Read Share Permission

Allows users to view files and folders, but not modify them. Similar to viewing something on a website but not being able to edit it.

NTFS Permissions

A security system that governs access to files and folders on a drive. It uses Access Control Lists (ACLs) to define individual user or group permissions.

What does an ACE contain?

Each Access Control Entry (ACE) within an Access Control List (ACL) contains a security principal (user or group) and their specific permissions for accessing a file or folder.

NTFS Permission: Modify

Allows users to modify the contents of a file, including editing or deleting it, and can also be used to change the file's attributes.

NTFS Permission: Read & Execute

Grants users the ability to view the contents of a file or folder, run applications within the folder, and navigate through subfolders, but they cannot make any changes.

NTFS Permission: List Folder Contents

Allows users to see the names of files and subfolders within a folder, but not their contents or attributes.

NTFS Permission: Read

Grants users access to view the content of a file or folder, as well as its basic attributes, such as ownership and permissions.

NTFS Permission: Write

Allows users to create new files and folders, modify existing file attributes, and overwrite existing files within a folder.

What are the types of folder shares?

The two main types of folder shares are Server Message Blocks (SMB) used by Windows and Network File System (NFS) used by most UNIX and Linux systems.

What is the purpose of the New Share Wizard?

The New Share Wizard is a step-by-step tool that guides you through the process of creating and configuring a new folder share.

What is the File Sharing dialog box?

The File Sharing dialog box allows you to set up basic share permissions, such as who can access the shared folder.

What's the purpose of the 'Advanced Sharing' dialog box?

The 'Advanced Sharing' dialog box provides granular control over sharing permissions for a folder, allowing you to customize who has access and what they can do.

What does the 'Shares' homepage show?

The 'Shares' homepage gives you an overview of all existing shares on the server, allowing you to manage and configure them.

ACL

An Access Control List (ACL) is a list that controls access to a resource, such as a folder, by defining permissions for users and groups.

ACE

An Access Control Entry (ACE) is a single rule within an ACL that specifies the permissions granted or denied to a specific user or group.

Security Principal

A security principal is a user or group that can be granted or denied access to a resource.

What are security principals?

Security principals are users and groups identified by Windows using security identifiers (SIDs). These SIDs are used to determine access to files and folders.

What is a share permission?

A share permission defines the abilities a user or group has on a shared folder. These permissions determine what actions they can perform, such as adding, deleting, or modifying files.

Study Notes

Chapter Objectives

• Configure File and Share Access
• Designing a File Sharing Strategy
• Creating Folder Shares
• Assigning Permissions
• Configuring NTFS Quotas

Creating Folder Shares

• Shares are required for network users to access server disks.
• To create a share, determine:
  • Folders to share
  • Names for shares
  • Permissions for users
  • Offline Files settings

Creator/Owner

• Users can share their folders.
• Right-click and select "Share with Specific People" for a simplified interface.
• Use the Sharing tab in the folder's Properties sheet for more control.

Creating Folder Shares (Dialog Box)

• The File Sharing dialog box lets you choose network users to share with.
• You can enter a user's name and click "Add" or use the arrow to find them.
• Permission levels include "Read/Write," "Owner," and "Read."

Advanced Sharing

• The Advanced Sharing dialog box provides additional settings.
• Allows specifying a share name, limit on simultaneous users, comments, permissions, and caching.

Types of Folder Shares

• Server Message Blocks (SMB): Standard file-sharing protocol used by all Windows versions. Requires the File Server role service.
• Network File System (NFS): Standard file-sharing protocol used by most UNIX and Linux distributions. Requires the Server to have the NFS role service installed.

Create a Folder Share (Homepage)

• The Shares homepage allows viewing and managing shares in Server Manager, presenting a list of all shares, associated tasks, and volumes.
• This page displays a list of shares, and enables creation of a new share using the New Share Wizard.

Select the Profile for This Share

• The New Share Wizard presents different sharing profiles:
  • SMB Share - Quick
  • SMB Share - Advanced
  • SMB Share - Applications
  • NFS Share - Quick
  • NFS Share - Advanced

Select the Server and Path for This Share

• The New Share Wizard allows choosing the server and path for the share.
• Selects which volume (e.g., C:) the new folder will be created under.
• Allows entering a custom path.

Specify Share Name

• The New Share Wizard prompts for the name and description of the share.
• It indicates whether the folder to share on the local computer exists (or will be created).
• A remote path or share can also be specified.

Configure Share Settings

• Users can decide whether to Enable access-based enumeration.
• This feature allows only files and folders with read permissions to display to users
• Allows caching of shares to make them available offline, if the BranchCache for Network Files role service is installed.
• Users can decide whether to Enable BranchCache on the share.
• Users can decide whether to Encrypt data access.

Specify Permissions to Control Access

• Permissions for files accessed via a share are decided by a combination of folder permissions, share permissions, and an optional central access policy.
• Pre-defined permissions and groups are provided (e.g., CREATOR OWNER, BUILTIN\Users).

Confirm Selections

• Before creating the share, this page confirms the settings defined in the Wizard.
• Includes information like the server, share name, protocol, disk space, and whether access-based enumeration, caching, BranchCache, and encryption are disabled.

The New Share on the Shares Homepage

• The new share appears after successful creation on the Shares homepage.

Assigning Permissions

• This section covers how to configure file and share access permissions.
• Discusses Access Control List (ACLs), Access Control Entries (ACEs), and security principals.

Windows Permissions Architecture

• ACLs (Access Control Lists) regulate access to folders.
• ACEs (Access Control Entries) determine which user has what permission by connecting to the user or group.
• Security principals are users or groups identified by Windows using security identifiers (SIDs).

The Security Tab of a Properties sheet

• Enables checking and changing permissions for different user groups, such as Everyone and Creator/Owner.

Basic and Advanced Permissions

• Basic permissions are preconfigured combinations.
• Advanced permissions offer granular controls, though rarely used.

Allowing and Denying Permissions

• Additive: Starts with no permissions, then grants Allow permissions.
• Subtractive: Grants Allow permissions, then adds Deny permissions for restricted access.

Inheriting Permissions

• Permissions apply downward to subfolders and files.

Effective Access

• The combined Allow and Deny permissions determine access to an element.
• Allow permissions are cumulative; Deny overrides Allow.
• Explicit permissions take precedence over inherited permissions.

The Effective Access Tab of the Advanced Security Settings Dialog Box

• This tab provides a detailed view of the permissions for a user, group, or device account.
• It allows evaluation of the potential impact of adding a group or user.

Setting Shared Folder Permissions

• This tab in the share's properties window allows specific share permissions.

Share Permissions

• Share permissions control access to shared folders.
• Different permissions dictate actions, such as full control, change, and read.

NTFS Authorization

• NTFS and ReFS support permissions.
• Each element has an ACL that includes ACEs (Access Control Entries) that link a security principal (person or group) with permissions.
• Security principals are identified by security identifiers (SIDs).

NTFS Basic Permissions

• Full Control: Modifying folder permissions, taking ownership, and performing related actions.
• Modify: Deleting/modifying folder(s).
• Read & Execute: Navigating and running applications within folders.
• Read: Viewing file contents, their ownership, permissions details
• Write: Creating, modifying (overwriting), attributes.

Configuring NTFS Quotas

• Enables administrators to set space restrictions for users on a volume.
• Users exceeding the limit can be either denied access or warned.

How NTFS Security and Shared Permissions Work Together

• When configuring a shared folder, both NTFS permissions (file/folder level) and shared permissions (network access) must be set up.
• When these two permissions conflict, local permissions (NTFS) take precedence.

Volume Shadow Copies

• Allows maintaining previous versions of files and folders.
• Enables reverting to earlier versions if accidentally deleted or overwritten.
• Applicable to volumes only, not individual files/folders.

NTFS Security and Shared Permissions Example

• The presentation provides an example to calculate the effective permissions for a user based on the combination of NTFS permissions and share permissions, and the hierarchy of permissions.

Volume Shadow Copies

• Allows maintaining previous versions of files on a server.
• A copy of a file is accessible even if it is deleted or overwritten.
• Can be applied to entire volumes only.

NTFS Quotas

• Enable administrators to set storage limits for users on a volume.
• Users exceeding the limit may be denied access or warned.

NTFS Basic Permissions—Additional Examples

• List Folder Contents: Viewing the names of subfolders and files within a folder.
• Read: Viewing files and subfolder contents, ownership, permissions, and attributes of a folder.
• Write: Creating new files and subfolders within a target folder, modifying folder attributes, and viewing ownership and permissions.
• Modify: Modifying file/folder attributes and deleting.
• Read & Execute: Navigating folders to access other files/folders, running applications.

Description

Test your knowledge on Windows permissions architecture and file-sharing settings with this comprehensive quiz. Explore topics such as inheritance of permissions, NTFS permissions, and the capabilities of security principals in Windows environments.