Windows Permissions and Sharing Quiz

Questions and Answers

What is the purpose of the Configure share settings page in the New Share Wizard?

To confirm the selections made during the sharing process

To define permissions for the shared folder (correct)

To manage the users who can access the share

To set the name of the new share

Which statement about Windows Permissions Architecture is true?

ACLs are specific to folders only

Every security principal can have multiple ACEs (correct)

Deny permissions take precedence over Basic Permissions

Advanced Permissions are always preferred over Basic Permissions

What happens when Allow permissions and Deny permissions are both assigned to a security principal?

Both permissions are applied equally

Deny permissions are cumulative

Allow permissions are ignored

Deny permissions will override Allow permissions (correct)

What is described as preconfigured permission combinations in Windows Permissions?

Basic Permissions

In the context of permissions, what does 'inheriting permissions' refer to?

Permissions granted to a parent folder are passed down to subfolders

What is one of the actions that can be performed with the Modify permission on a file?

Delete the file

Which NTFS permission allows a user to view the names of files and subfolders without accessing their contents?

List Folder Contents

What capability does the owner of a file or folder retain, regardless of current permission settings?

Assign permissions to other users

When a user has Read permission on a folder, what can they do?

See the files and subfolders contained in the folder

What can a user do with Write permission on a folder?

Create new files and subfolders inside the folder

What must be determined before creating folder shares?

What folders to share and the permissions to grant

Which file-sharing protocol is standard for all versions of Windows?

Server Message Blocks (SMB)

What is a necessary requirement for using the Network File System (NFS)?

Installation of the NFS role service

Which action allows a user to share their own folders with specific people?

Right-click the folder and choose Share with > Specific People

Which of the following is NOT a consideration when creating a folder share?

Setting up an email notification system

What permissions are included in the Full Control option for a folder?

All actions allowed by Change permission and take ownership of the folder

Which of the following is NOT a capability granted by Share Permissions?

Change access control lists directly

What do security principals represent in the context of NTFS permissions?

Users and groups identified by Windows

During the authorization process in NTFS, what is compared to determine a user's access to a file or folder?

The user's SIDs and those stored in the element's ACEs

What is one function of the Share Permissions tab for a shared folder?

To allow or deny security principals the ability to perform specific actions

Advanced Permissions are more commonly used than Basic Permissions.

False

Deny permissions always override Allow permissions in Windows permissions architecture.

True

Permissions run upward through a hierarchy in Windows systems.

False

Explicit permissions are less important than inherited permissions.

False

An Access Control List (ACL) specifies the capabilities of a security principal.

True

Only System Administrators can create folder shares on a server.

False

The Server Message Blocks (SMB) protocol is used exclusively by UNIX and Linux systems.

False

NTFS quotas can be configured to limit the disk space available to users on a server.

True

Creating folder shares requires you to assign specific names, permissions, and determine folder settings.

True

NFS role service must be installed to use the SMB protocol.

False

NTFS and ReFS drives do not support permissions.

False

A user with Full Control permission can take ownership of files and folders.

True

The permissions for a file are determined by comparing the user's security identifiers (SIDs) to the access control entries (ACEs).

True

The Share Permissions tab grants users the ability to change file attributes.

False

In NTFS authorization, every file and folder has an ACL with numerous ACEs.

True

An owner of a file or folder cannot modify the permissions if current settings deny them access.

False

With Write permission on a folder, a user can create new files and subfolders inside that folder.

True

The Read & Execute permission allows users to run applications and perform all actions associated with the Read permission.

True

List Folder Contents permission allows a user to view the contents of files without needing any additional permissions.

False

The Take Ownership permission allows a user to assume ownership of a file or folder that they did not create.

True

Study Notes

Chapter Objectives

• Configure File and Share Access
• Designing a File Sharing Strategy
• Creating Folder Shares
• Assigning Permissions
• Configuring NTFS Quotas

Creating Folder Shares

• Shares are required for network users to access server disks.
• To create a share, determine:
  • Folders to share
  • Names for shares
  • Permissions for users
  • Offline Files settings

Creator/Owner

• Users can share their folders.
• Right-click and select "Share with Specific People" for a simplified interface.
• Use the Sharing tab in the folder's Properties sheet for more control.

Creating Folder Shares (Dialog Box)

• The File Sharing dialog box lets you choose network users to share with.
• You can enter a user's name and click "Add" or use the arrow to find them.
• Permission levels include "Read/Write," "Owner," and "Read."

Advanced Sharing

• The Advanced Sharing dialog box provides additional settings.
• Allows specifying a share name, limit on simultaneous users, comments, permissions, and caching.

Types of Folder Shares

• Server Message Blocks (SMB): Standard file-sharing protocol used by all Windows versions. Requires the File Server role service.
• Network File System (NFS): Standard file-sharing protocol used by most UNIX and Linux distributions. Requires the Server to have the NFS role service installed.

Create a Folder Share (Homepage)

• The Shares homepage allows viewing and managing shares in Server Manager, presenting a list of all shares, associated tasks, and volumes.
• This page displays a list of shares, and enables creation of a new share using the New Share Wizard.

Select the Profile for This Share

• The New Share Wizard presents different sharing profiles:
  • SMB Share - Quick
  • SMB Share - Advanced
  • SMB Share - Applications
  • NFS Share - Quick
  • NFS Share - Advanced

Select the Server and Path for This Share

• The New Share Wizard allows choosing the server and path for the share.
• Selects which volume (e.g., C:) the new folder will be created under.
• Allows entering a custom path.

Specify Share Name

• The New Share Wizard prompts for the name and description of the share.
• It indicates whether the folder to share on the local computer exists (or will be created).
• A remote path or share can also be specified.

Configure Share Settings

• Users can decide whether to Enable access-based enumeration.
• This feature allows only files and folders with read permissions to display to users
• Allows caching of shares to make them available offline, if the BranchCache for Network Files role service is installed.
• Users can decide whether to Enable BranchCache on the share.
• Users can decide whether to Encrypt data access.

Specify Permissions to Control Access

• Permissions for files accessed via a share are decided by a combination of folder permissions, share permissions, and an optional central access policy.
• Pre-defined permissions and groups are provided (e.g., CREATOR OWNER, BUILTIN\Users).

Confirm Selections

• Before creating the share, this page confirms the settings defined in the Wizard.
• Includes information like the server, share name, protocol, disk space, and whether access-based enumeration, caching, BranchCache, and encryption are disabled.

The New Share on the Shares Homepage

• The new share appears after successful creation on the Shares homepage.

Assigning Permissions

• This section covers how to configure file and share access permissions.
• Discusses Access Control List (ACLs), Access Control Entries (ACEs), and security principals.

Windows Permissions Architecture

• ACLs (Access Control Lists) regulate access to folders.
• ACEs (Access Control Entries) determine which user has what permission by connecting to the user or group.
• Security principals are users or groups identified by Windows using security identifiers (SIDs).

The Security Tab of a Properties sheet

• Enables checking and changing permissions for different user groups, such as Everyone and Creator/Owner.

Basic and Advanced Permissions

• Basic permissions are preconfigured combinations.
• Advanced permissions offer granular controls, though rarely used.

Allowing and Denying Permissions

• Additive: Starts with no permissions, then grants Allow permissions.
• Subtractive: Grants Allow permissions, then adds Deny permissions for restricted access.

Inheriting Permissions

• Permissions apply downward to subfolders and files.

Effective Access

• The combined Allow and Deny permissions determine access to an element.
• Allow permissions are cumulative; Deny overrides Allow.
• Explicit permissions take precedence over inherited permissions.

The Effective Access Tab of the Advanced Security Settings Dialog Box

• This tab provides a detailed view of the permissions for a user, group, or device account.
• It allows evaluation of the potential impact of adding a group or user.

Setting Shared Folder Permissions

• This tab in the share's properties window allows specific share permissions.

Share Permissions

• Share permissions control access to shared folders.
• Different permissions dictate actions, such as full control, change, and read.

NTFS Authorization

• NTFS and ReFS support permissions.
• Each element has an ACL that includes ACEs (Access Control Entries) that link a security principal (person or group) with permissions.
• Security principals are identified by security identifiers (SIDs).

NTFS Basic Permissions

• Full Control: Modifying folder permissions, taking ownership, and performing related actions.
• Modify: Deleting/modifying folder(s).
• Read & Execute: Navigating and running applications within folders.
• Read: Viewing file contents, their ownership, permissions details
• Write: Creating, modifying (overwriting), attributes.

Configuring NTFS Quotas

• Enables administrators to set space restrictions for users on a volume.
• Users exceeding the limit can be either denied access or warned.

How NTFS Security and Shared Permissions Work Together

• When configuring a shared folder, both NTFS permissions (file/folder level) and shared permissions (network access) must be set up.
• When these two permissions conflict, local permissions (NTFS) take precedence.

Volume Shadow Copies

• Allows maintaining previous versions of files and folders.
• Enables reverting to earlier versions if accidentally deleted or overwritten.
• Applicable to volumes only, not individual files/folders.

NTFS Security and Shared Permissions Example

• The presentation provides an example to calculate the effective permissions for a user based on the combination of NTFS permissions and share permissions, and the hierarchy of permissions.

Volume Shadow Copies

• Allows maintaining previous versions of files on a server.
• A copy of a file is accessible even if it is deleted or overwritten.
• Can be applied to entire volumes only.

NTFS Quotas

• Enable administrators to set storage limits for users on a volume.
• Users exceeding the limit may be denied access or warned.

NTFS Basic Permissions—Additional Examples

• List Folder Contents: Viewing the names of subfolders and files within a folder.
• Read: Viewing files and subfolder contents, ownership, permissions, and attributes of a folder.
• Write: Creating new files and subfolders within a target folder, modifying folder attributes, and viewing ownership and permissions.
• Modify: Modifying file/folder attributes and deleting.
• Read & Execute: Navigating folders to access other files/folders, running applications.

Description

Test your knowledge on Windows permissions architecture and file-sharing settings with this comprehensive quiz. Explore topics such as inheritance of permissions, NTFS permissions, and the capabilities of security principals in Windows environments.