Windows Permissions Architecture Quiz

Questions and Answers

What is the correct role of Access Control List (ACL) in Windows Permissions Architecture?

• It maintains records of permissions granted to security principals. (correct)
• It replaces all permission settings with default values.
• It grants permissions to all users without restrictions.
• It determines the folder path for the share.

Which statement accurately describes Advanced Permissions?

• They are used to grant permissions to entire groups only.
• They provide a more granular level of control compared to Basic Permissions. (correct)
• They are the primary form of permission used for all users.
• They cannot be modified once assigned.

What happens to Deny permissions when applied in a system environment?

• They enhance Allow permissions.
• They always override Allow permissions. (correct)
• They have no impact if Allow permissions are present.
• They do not affect inherited permissions.

What is the preferred method of assigning permissions according to the guidelines?

Starting with Allow permissions to grant access first. (C)

What is meant by Effective Access in the context of Windows permissions?

It is the resultant permissions a security principal receives after evaluating both Allow and Deny permissions. (B)

Which permission allows a user to delete a folder and perform all actions associated with it?

Modify (C)

What can a user do with Read permission on a file?

View ownership and attributes (A)

Which permission is necessary to create new files and subfolders inside an NTFS folder?

Write (D)

What is a key characteristic of resource ownership on an NTFS drive?

The owner can modify permissions regardless of current settings. (A)

In the context of NTFS permissions, which action is NOT associated with the List Folder Contents permission?

Performing all actions of the folder (A)

Which step is NOT essential when creating a folder share?

Configuring NTFS quotas for the shares (D)

What protocol primarily serves as the file-sharing standard for Windows?

Server Message Blocks (SMB) (D)

Which interface can be used for greater control when sharing folders?

The Sharing tab of the folder’s Properties sheet (A)

What must be done before using the Network File System (NFS) protocol for file sharing?

Install the NFS role service on the server (A)

When creating a folder share, what is a critical aspect to consider for the designated users?

The permissions granted to those users (A)

Which permission allows a user to modify the folder permissions and take ownership of the folder?

Full Control (B)

What is required for a user to access a file or folder according to the NTFS system?

Matching security identifiers (SIDs) (B)

Which of the following actions is specifically allowed by the Share permission 'Read'?

Execute program files (C)

In NTFS permissions, who are considered security principals?

Users and groups (C)

Which of the following is NOT a capability of the 'Change' permission in Share Permissions?

Take ownership of files (C)

Flashcards

Folder Shares

A mechanism that allows network users to access files stored on a server, enabling collaborative document sharing and efficient data management.

Server Message Blocks (SMB)

The standard file-sharing protocol used by all versions of Windows, allowing network users to access files and resources.

Network File System (NFS)

The standard file sharing protocol used by most UNIX and Linux distributions, enabling file access across different operating systems.

Creating a Folder Share

The process of configuring a server to make specific folders accessible to network users, allowing them to share and manage files.

Share Access Permissions

The controls that determine what actions network users can perform on a shared folder, such as reading, writing, or deleting files.

Access Control List (ACL)

A list that defines permissions for different users or groups on a folder or file.

Share Permissions

Control who can access a shared folder and what they can do with it.

Full Control

Allows complete access to a file or folder, including creating, deleting, and modifying.

Access Control Entries (ACEs)

Individual entries within an ACL that specify the permissions for a specific user or group.

Security Principal

An entity that can be granted permissions, such as a user, group, or computer.

Read

Allows viewing the contents of a file or folder but not modifying it.

Permission

A specific right or privilege that allows a security principal to perform an action on a resource, such as reading, writing, or executing.

NTFS Authorization

The process of checking permissions for files and folders based on user identities and access control lists.

Basic Permissions

Preconfigured permission sets that provide a common level of access for different users.

ACEs (Access Control Entries)

Individual entries in an ACL that specify permissions for a specific user or group.

NTFS Permissions

A set of rules that control who can access files and folders on an NTFS drive and what they can do with them.

Modify Permission

Allows a user to change the contents of a file or folder, including its attributes.

Read & Execute Permission

Allows a user to open and view the contents of a file. It also allows them to run executable files within a folder.

List Folder Contents Permission

Allows a user to see the names of files and folders within a particular folder, but not their contents.

Read Permission

Allows a user to view the contents of a file or folder, but not to modify it.

Study Notes

Chapter 7: Configuring File and Share Access

• Chapter objectives include configuring file and share access, designing a file sharing strategy, creating folder shares, assigning permissions, and configuring NTFS quotas.

• Shares are required for network users to access server disks.

• To create folder shares, determine which folders to share, their names, permissions for users, and offline files settings.

• Folder shares can be created by right-clicking and selecting "Share with Specific People" for a simplified interface or using the "Sharing" tab of the folder's Properties sheet for more control.

• The File Sharing dialog box allows you to select users and assign permission levels (Owner, Read/Write, Read).

• The Advanced Sharing dialog box allows adjustments like limiting simultaneous users.

• Server Message Block (SMB) is the standard file-sharing protocol used by all Windows versions, requiring the File Server role service.

• Network File System (NFS) is the standard file-sharing protocol for most UNIX and Linux distributions requiring the server to have the NFS role service installed.

• The Shares homepage in Server Manager displays all shares, allowing for creating new shares using the New Share Wizard.

• The New Share Wizard page "Select the profile for this share" demonstrates different share profiles (SMB-Quick, SMB-Advanced, etc.) with details about their usage.

• Next, "Select the server and path for this share" allows you to specify the server, volume of the file share.

• The "Specify share name" page is for customizing share name and description and selecting the local or remote path to the share.

• The "Configure share settings" page offers settings like enabling access-based enumeration, caching, BranchCache, and encryption for data access.

• The "Specify permissions" page enables controlling access via a combination of folder, share, and optional central access policy permissions.

• The "Confirm selections" page verifies chosen settings before creation, showing the server, cluster role, local path, and other share properties.

• A created share appears on the Shares homepage in Server Manager, displaying volume information and quota.

• ACL (Access Control List) and ACES (Access Control Entries) together configure folder permission architecture.

• Security principal examples: Sales (Read permissions), Managers (Full Control permissions), JSmith (Deny permissions).

• The Security tab in a Properties sheet lets changing permissions for users and groups on the file share using edit, deny and allow options.

• Basic and Advanced Permissions grant specific degrees of access.

• Basic permissions are preconfigured combinations, whereas advanced permissions offer granular, individually applied access.

• Additive method: start with no permissions and allow them.

• Subtractive method: grant Allow, then Deny permissions.

• Permissions run "downward" through a hierarchy - an inherited permission structure.

• Explicit permissions have precedence over inherited permissions.

• Effective Access tab displays the actual permissions granted to a user/group on a specific file or folder, considering cumulative and overriding permissions.

• The Share Permissions tab (for a folder) lets managing individual permissions (Allow/Deny) for groups.

• Permissions (Full Control, Change, Read) grant different access levels (changing permissions, taking ownership, reading data).

• NTFS Authorization: NTFS and ReFS use ACLs with ACEs (having security principals and permissions) to manage permissions.

• Security identifiers (SIDs) determine appropriate user's access during authorization.

• NTFS basic permissions (Full Control, Modify, Read & Execute, List Folder Contents, Read, Write) dictate different actions.

• Sharing permissions are distinguished from NTFS permissions, as they operate independently to offer network access to folder resources.

• When a shared folder has both share and NTFS permissions, local (NTFS) permissions have precedence.

• The two basic rules involve the local permission being the NTFS permission and the remote permission as the more restrictive set of permissions.

• Volume Shadow Copies allow maintaining previous versions of files. This feature is for complete volumes only, not individual folders/shares.

• NTFS quotas enable storage limit control on volumes for users to prevent exceeding a defined limit via disk space or warnings.

• Access-based enumeration applies filters based on individual user's permissions to view contents.

• Users unable to access particular resources on a network won't see them.

• Offline Files maintain copies of files locally, accessing files from server shares.

Description

Test your knowledge on Windows Permissions Architecture with this quiz. Explore topics such as Access Control Lists, Advanced Permissions, and Effective Access. This quiz is essential for understanding how to manage and assign permissions in a Windows environment.