Windows Permissions Architecture Quiz

Questions and Answers

What is the correct role of Access Control List (ACL) in Windows Permissions Architecture?

It maintains records of permissions granted to security principals. (correct)

It replaces all permission settings with default values.

It grants permissions to all users without restrictions.

It determines the folder path for the share.

Which statement accurately describes Advanced Permissions?

They are used to grant permissions to entire groups only.

They provide a more granular level of control compared to Basic Permissions. (correct)

They are the primary form of permission used for all users.

They cannot be modified once assigned.

What happens to Deny permissions when applied in a system environment?

They enhance Allow permissions.

They always override Allow permissions. (correct)

They have no impact if Allow permissions are present.

They do not affect inherited permissions.

What is the preferred method of assigning permissions according to the guidelines?

Starting with Allow permissions to grant access first.

What is meant by Effective Access in the context of Windows permissions?

It is the resultant permissions a security principal receives after evaluating both Allow and Deny permissions.

Which permission allows a user to delete a folder and perform all actions associated with it?

Modify

What can a user do with Read permission on a file?

View ownership and attributes

Which permission is necessary to create new files and subfolders inside an NTFS folder?

Write

What is a key characteristic of resource ownership on an NTFS drive?

The owner can modify permissions regardless of current settings.

In the context of NTFS permissions, which action is NOT associated with the List Folder Contents permission?

Performing all actions of the folder

Which step is NOT essential when creating a folder share?

Configuring NTFS quotas for the shares

What protocol primarily serves as the file-sharing standard for Windows?

Server Message Blocks (SMB)

Which interface can be used for greater control when sharing folders?

The Sharing tab of the folder’s Properties sheet

What must be done before using the Network File System (NFS) protocol for file sharing?

Install the NFS role service on the server

When creating a folder share, what is a critical aspect to consider for the designated users?

The permissions granted to those users

Which permission allows a user to modify the folder permissions and take ownership of the folder?

Full Control

What is required for a user to access a file or folder according to the NTFS system?

Matching security identifiers (SIDs)

Which of the following actions is specifically allowed by the Share permission 'Read'?

Execute program files

In NTFS permissions, who are considered security principals?

Users and groups

Which of the following is NOT a capability of the 'Change' permission in Share Permissions?

Take ownership of files

Study Notes

Chapter 7: Configuring File and Share Access

• Chapter objectives include configuring file and share access, designing a file sharing strategy, creating folder shares, assigning permissions, and configuring NTFS quotas.

• Shares are required for network users to access server disks.

• To create folder shares, determine which folders to share, their names, permissions for users, and offline files settings.

• Folder shares can be created by right-clicking and selecting "Share with Specific People" for a simplified interface or using the "Sharing" tab of the folder's Properties sheet for more control.

• The File Sharing dialog box allows you to select users and assign permission levels (Owner, Read/Write, Read).

• The Advanced Sharing dialog box allows adjustments like limiting simultaneous users.

• Server Message Block (SMB) is the standard file-sharing protocol used by all Windows versions, requiring the File Server role service.

• Network File System (NFS) is the standard file-sharing protocol for most UNIX and Linux distributions requiring the server to have the NFS role service installed.

• The Shares homepage in Server Manager displays all shares, allowing for creating new shares using the New Share Wizard.

• The New Share Wizard page "Select the profile for this share" demonstrates different share profiles (SMB-Quick, SMB-Advanced, etc.) with details about their usage.

• Next, "Select the server and path for this share" allows you to specify the server, volume of the file share.

• The "Specify share name" page is for customizing share name and description and selecting the local or remote path to the share.

• The "Configure share settings" page offers settings like enabling access-based enumeration, caching, BranchCache, and encryption for data access.

• The "Specify permissions" page enables controlling access via a combination of folder, share, and optional central access policy permissions.

• The "Confirm selections" page verifies chosen settings before creation, showing the server, cluster role, local path, and other share properties.

• A created share appears on the Shares homepage in Server Manager, displaying volume information and quota.

• ACL (Access Control List) and ACES (Access Control Entries) together configure folder permission architecture.

• Security principal examples: Sales (Read permissions), Managers (Full Control permissions), JSmith (Deny permissions).

• The Security tab in a Properties sheet lets changing permissions for users and groups on the file share using edit, deny and allow options.

• Basic and Advanced Permissions grant specific degrees of access.

• Basic permissions are preconfigured combinations, whereas advanced permissions offer granular, individually applied access.

• Additive method: start with no permissions and allow them.

• Subtractive method: grant Allow, then Deny permissions.

• Permissions run "downward" through a hierarchy - an inherited permission structure.

• Explicit permissions have precedence over inherited permissions.

• Effective Access tab displays the actual permissions granted to a user/group on a specific file or folder, considering cumulative and overriding permissions.

• The Share Permissions tab (for a folder) lets managing individual permissions (Allow/Deny) for groups.

• Permissions (Full Control, Change, Read) grant different access levels (changing permissions, taking ownership, reading data).

• NTFS Authorization: NTFS and ReFS use ACLs with ACEs (having security principals and permissions) to manage permissions.

• Security identifiers (SIDs) determine appropriate user's access during authorization.

• NTFS basic permissions (Full Control, Modify, Read & Execute, List Folder Contents, Read, Write) dictate different actions.

• Sharing permissions are distinguished from NTFS permissions, as they operate independently to offer network access to folder resources.

• When a shared folder has both share and NTFS permissions, local (NTFS) permissions have precedence.

• The two basic rules involve the local permission being the NTFS permission and the remote permission as the more restrictive set of permissions.

• Volume Shadow Copies allow maintaining previous versions of files. This feature is for complete volumes only, not individual folders/shares.

• NTFS quotas enable storage limit control on volumes for users to prevent exceeding a defined limit via disk space or warnings.

• Access-based enumeration applies filters based on individual user's permissions to view contents.

• Users unable to access particular resources on a network won't see them.

• Offline Files maintain copies of files locally, accessing files from server shares.

Description

Test your knowledge on Windows Permissions Architecture with this quiz. Explore topics such as Access Control Lists, Advanced Permissions, and Effective Access. This quiz is essential for understanding how to manage and assign permissions in a Windows environment.