This is a question from my book that me my friend and I are struggling
with.



::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING.
They require full access to C:\ACCOUNTING\FORMS. This can be
accomplished by:*
::
*A)* not possible

*B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and
assigning the user Full control to C:\ACCOUNTING\FORMS

*C)* assigning the user Full control to C:\ACCOUNTING

*D)* blocking permission inheritance at C:\ACCOUNTING and assigning the
user Full control to C:\ACCOUNTING\FORMS

*E)* assigning the user Full control to C:\ACCOUNTING\FORMS



My friend believes the answer is *E*. I believe that may give you the
same end result that you are looking for, but that would be assuming
that the _Full_Control_ permission would override the _Read_ permission
(which may be true, but our book doesn't specifically state anything
like that).

I personally believe the answer is *B* because when you deny the
permission inheritance, it will (as stated in the book) prompt you to
clarify whether the permissions should be copied or just removed
entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS
folder should have.



His reasoning is (I think this is crap by the way) that the book wants
us to go the "shortest" route possible, similar to computer programming.
The analogy he used was that when you are writing a program you try to
write the program as small and use as few steps as possible in order to
make the program as efficient as possible and that is the same with this
question and that is why E is right. :sarc:

My reasoning is that the book explains permissions as though you should
remove the inheritance from the folder then assign the permission the
way you want the person to have them. Period.

Please help us figure this out. We have a mid-term Wednesday (in 2
days) and I'm beginning to get confused. TIA


--
LTCstudent

Does the book actually refer to both the singular "user" and "they" as
equivalent entities?
(okay - it's not an English studies book)

I think the answer expected is *B)* - you break the inheritance of the
parent/child directory relationship and set the desired permissions on
the child. Using *D)* you will have blocked inheritance to
C:\ACCOUNTING\all children as well as the "FORMS" child directory.

Get an XP machine and use the help system's search function to search
for "inheritance".

"LTCstudent" wrote in message
...

This is a question from my book that me my friend and I are struggling
with.



::*A user is assigned Read permission to the NTFS folder
C:\ACCOUNTING.
They require full access to C:\ACCOUNTING\FORMS. This can be
accomplished by:*
::
*A)* not possible

*B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and
assigning the user Full control to C:\ACCOUNTING\FORMS

*C)* assigning the user Full control to C:\ACCOUNTING

*D)* blocking permission inheritance at C:\ACCOUNTING and assigning
the
user Full control to C:\ACCOUNTING\FORMS

*E)* assigning the user Full control to C:\ACCOUNTING\FORMS



My friend believes the answer is *E*. I believe that may give you the
same end result that you are looking for, but that would be assuming
that the _Full_Control_ permission would override the _Read_
permission
(which may be true, but our book doesn't specifically state anything
like that).

I personally believe the answer is *B* because when you deny the
permission inheritance, it will (as stated in the book) prompt you to
clarify whether the permissions should be copied or just removed
entirely. Then you can clarify what permission the
C:\ACCOUNTING\FORMS
folder should have.



His reasoning is (I think this is crap by the way) that the book wants
us to go the "shortest" route possible, similar to computer
programming.
The analogy he used was that when you are writing a program you try to
write the program as small and use as few steps as possible in order
to
make the program as efficient as possible and that is the same with
this
question and that is why E is right. :sarc:

My reasoning is that the book explains permissions as though you
should
remove the inheritance from the folder then assign the permission the
way you want the person to have them. Period.

Please help us figure this out. We have a mid-term Wednesday (in 2
days) and I'm beginning to get confused. TIA


--
LTCstudent

"LTCstudent" wrote in message
...

This is a question from my book that me my friend and I are struggling
with.



::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING.
They require full access to C:\ACCOUNTING\FORMS. This can be
accomplished by:*
::
*A)* not possible

*B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and
assigning the user Full control to C:\ACCOUNTING\FORMS

*C)* assigning the user Full control to C:\ACCOUNTING

*D)* blocking permission inheritance at C:\ACCOUNTING and assigning the
user Full control to C:\ACCOUNTING\FORMS

*E)* assigning the user Full control to C:\ACCOUNTING\FORMS



My friend believes the answer is *E*. I believe that may give you the
same end result that you are looking for, but that would be assuming
that the _Full_Control_ permission would override the _Read_ permission
(which may be true, but our book doesn't specifically state anything
like that).

I personally believe the answer is *B* because when you deny the
permission inheritance, it will (as stated in the book) prompt you to
clarify whether the permissions should be copied or just removed
entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS
folder should have.



His reasoning is (I think this is crap by the way) that the book wants
us to go the "shortest" route possible, similar to computer programming.
The analogy he used was that when you are writing a program you try to
write the program as small and use as few steps as possible in order to
make the program as efficient as possible and that is the same with this
question and that is why E is right. :sarc:

My reasoning is that the book explains permissions as though you should
remove the inheritance from the folder then assign the permission the
way you want the person to have them. Period.

Please help us figure this out. We have a mid-term Wednesday (in 2
days) and I'm beginning to get confused. TIA


--
LTCstudent


I picked E)


User only has read access to ACCOUNTING, so blocking inherited rights is
pointless since you're giving the user full access to the sub-directory
FORMS.

Now, if you wanted the user to have full access to ACCOUNTING and limited
access to FORMS, then you would want to block inherited rights and set
permission accordingly, like read access.

B) would accomplish the same results, but it has an unnecessary step and
therefore not the best answer.

"LTCstudent" wrote in message
...

This is a question from my book that me my friend and I are struggling
with.



::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING.
They require full access to C:\ACCOUNTING\FORMS. This can be
accomplished by:*
::
*A)* not possible

*B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and
assigning the user Full control to C:\ACCOUNTING\FORMS

*C)* assigning the user Full control to C:\ACCOUNTING

*D)* blocking permission inheritance at C:\ACCOUNTING and assigning the
user Full control to C:\ACCOUNTING\FORMS

*E)* assigning the user Full control to C:\ACCOUNTING\FORMS



My friend believes the answer is *E*. I believe that may give you the
same end result that you are looking for, but that would be assuming
that the _Full_Control_ permission would override the _Read_ permission
(which may be true, but our book doesn't specifically state anything
like that).

I personally believe the answer is *B* because when you deny the
permission inheritance, it will (as stated in the book) prompt you to
clarify whether the permissions should be copied or just removed
entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS
folder should have.



His reasoning is (I think this is crap by the way) that the book wants
us to go the "shortest" route possible, similar to computer programming.
The analogy he used was that when you are writing a program you try to
write the program as small and use as few steps as possible in order to
make the program as efficient as possible and that is the same with this
question and that is why E is right. :sarc:

My reasoning is that the book explains permissions as though you should
remove the inheritance from the folder then assign the permission the
way you want the person to have them. Period.

Please help us figure this out. We have a mid-term Wednesday (in 2
days) and I'm beginning to get confused. TIA


--
LTCstudent


I picked E)


User only has read access to ACCOUNTING, so blocking inherited rights is
pointless since you're giving the user full access to the sub-directory
FORMS.

Now, if you wanted the user to have full access to ACCOUNTING and limited
access to FORMS, then you would want to block inherited rights and set
permission accordingly, like read access.

B) would accomplish the same results, but it has an unnecessary step and
therefore not the best answer.

E

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"LTCstudent" wrote in message
...

This is a question from my book that me my friend and I are struggling
with.



::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING.
They require full access to C:\ACCOUNTING\FORMS. This can be
accomplished by:*
::
*A)* not possible

*B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and
assigning the user Full control to C:\ACCOUNTING\FORMS

*C)* assigning the user Full control to C:\ACCOUNTING

*D)* blocking permission inheritance at C:\ACCOUNTING and assigning the
user Full control to C:\ACCOUNTING\FORMS

*E)* assigning the user Full control to C:\ACCOUNTING\FORMS



My friend believes the answer is *E*. I believe that may give you the
same end result that you are looking for, but that would be assuming
that the _Full_Control_ permission would override the _Read_ permission
(which may be true, but our book doesn't specifically state anything
like that).

I personally believe the answer is *B* because when you deny the
permission inheritance, it will (as stated in the book) prompt you to
clarify whether the permissions should be copied or just removed
entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS
folder should have.



His reasoning is (I think this is crap by the way) that the book wants
us to go the "shortest" route possible, similar to computer programming.
The analogy he used was that when you are writing a program you try to
write the program as small and use as few steps as possible in order to
make the program as efficient as possible and that is the same with this
question and that is why E is right. :sarc:

My reasoning is that the book explains permissions as though you should
remove the inheritance from the folder then assign the permission the
way you want the person to have them. Period.

Please help us figure this out. We have a mid-term Wednesday (in 2
days) and I'm beginning to get confused. TIA


--
LTCstudent

E

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"LTCstudent" wrote in message
...

This is a question from my book that me my friend and I are struggling
with.



::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING.
They require full access to C:\ACCOUNTING\FORMS. This can be
accomplished by:*
::
*A)* not possible

*B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and
assigning the user Full control to C:\ACCOUNTING\FORMS

*C)* assigning the user Full control to C:\ACCOUNTING

*D)* blocking permission inheritance at C:\ACCOUNTING and assigning the
user Full control to C:\ACCOUNTING\FORMS

*E)* assigning the user Full control to C:\ACCOUNTING\FORMS



My friend believes the answer is *E*. I believe that may give you the
same end result that you are looking for, but that would be assuming
that the _Full_Control_ permission would override the _Read_ permission
(which may be true, but our book doesn't specifically state anything
like that).

I personally believe the answer is *B* because when you deny the
permission inheritance, it will (as stated in the book) prompt you to
clarify whether the permissions should be copied or just removed
entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS
folder should have.



His reasoning is (I think this is crap by the way) that the book wants
us to go the "shortest" route possible, similar to computer programming.
The analogy he used was that when you are writing a program you try to
write the program as small and use as few steps as possible in order to
make the program as efficient as possible and that is the same with this
question and that is why E is right. :sarc:

My reasoning is that the book explains permissions as though you should
remove the inheritance from the folder then assign the permission the
way you want the person to have them. Period.

Please help us figure this out. We have a mid-term Wednesday (in 2
days) and I'm beginning to get confused. TIA


--
LTCstudent

Ok... When I checked the forum for responses to my question this morning
before school, I had 2 responses: One saying the answer was *E* and the
other saying the answer was *B*. That kind of sucked, but I wasn't
worried because I figured I would just ask one of the teachers at
school.

Well, I asked Teacher #1 who is really knowledgeable about Server and
permissions (he teaches Server, Exchange, etc at the school) and he said
the answer was *B*. But then I mentioned it to Teacher #2 (who actually
teaches the class where this question arose) and he said the answer was
*E*. I guess 'street smarts' would say just go with the teacher who is
teaching the class and be done with it, but i really want to understand
this stuff.

So now I've returned from school and it looks like the consensus on
this forum is that the correct answer is *E* which is fine. BUT Teacher
#1 made a convincing point to me. He stated that the _only_ permission
assigned to a folder (c:\accounting\forms) that can override the
inheritance permission is the 'Deny' permission unless you -block the
permission inheritance-.

If the answer is *E* that would mean that 'Full Control' can also
override the 'Read' permission. I'm assuming you guys say this because
assigning 'Full Control' permission is giving the user more control
therefore it will take precedence?


I don't know. I'm not trying to aggravate anyone here and I'm not
trying to insult anyone's knowledge in NTFS security, I'm just trying to
understand why the answer is *E* and not *B* and why there are so many
professionals giving different answers. Thanks again.


--
LTCstudent

Ok... When I checked the forum for responses to my question this morning
before school, I had 2 responses: One saying the answer was *E* and the
other saying the answer was *B*. That kind of sucked, but I wasn't
worried because I figured I would just ask one of the teachers at
school.

Well, I asked Teacher #1 who is really knowledgeable about Server and
permissions (he teaches Server, Exchange, etc at the school) and he said
the answer was *B*. But then I mentioned it to Teacher #2 (who actually
teaches the class where this question arose) and he said the answer was
*E*. I guess 'street smarts' would say just go with the teacher who is
teaching the class and be done with it, but i really want to understand
this stuff.

So now I've returned from school and it looks like the consensus on
this forum is that the correct answer is *E* which is fine. BUT Teacher
#1 made a convincing point to me. He stated that the _only_ permission
assigned to a folder (c:\accounting\forms) that can override the
inheritance permission is the 'Deny' permission unless you -block the
permission inheritance-.

If the answer is *E* that would mean that 'Full Control' can also
override the 'Read' permission. I'm assuming you guys say this because
assigning 'Full Control' permission is giving the user more control
therefore it will take precedence?


I don't know. I'm not trying to aggravate anyone here and I'm not
trying to insult anyone's knowledge in NTFS security, I'm just trying to
understand why the answer is *E* and not *B* and why there are so many
professionals giving different answers. Thanks again.


--
LTCstudent

"LTCstudent" wrote in message
...

Ok... When I checked the forum for responses to my question this morning
before school, I had 2 responses: One saying the answer was *E* and the
other saying the answer was *B*. That kind of sucked, but I wasn't
worried because I figured I would just ask one of the teachers at
school.

Well, I asked Teacher #1 who is really knowledgeable about Server and
permissions (he teaches Server, Exchange, etc at the school) and he said
the answer was *B*. But then I mentioned it to Teacher #2 (who actually
teaches the class where this question arose) and he said the answer was
*E*. I guess 'street smarts' would say just go with the teacher who is
teaching the class and be done with it, but i really want to understand
this stuff.

So now I've returned from school and it looks like the consensus on
this forum is that the correct answer is *E* which is fine. BUT Teacher
#1 made a convincing point to me. He stated that the _only_ permission
assigned to a folder (c:\accounting\forms) that can override the
inheritance permission is the 'Deny' permission unless you -block the
permission inheritance-.


OK, now you're just trying to come up with a scenario where answer B might
work better and misinterpreted what Teacher #1 is saying to fit your
argument.

There's three states of access control.

Expressly granted access
If your name is on the guest list you get in.
The host knows you and you been invited.

No access permission granted
Your name is not on the guest list, you are not getting in.
The host does not know you and you're not invited in.

Expressly denied access
You name appears on list of people forbidden to enter, you're not getting
in.
The host knows you and told the guards to keep you out.


It seems to me, you're confusing "No access permission granted" with
"Expressly denied access." In the original scenario, it does not mention
"deny" at all. Not being granted access is not the same as expressly denied
access, although the net result is the same.

If you are expressly denied access to the party, but want to use the
port-a-potty outback and the guard at the port-a-potty is told to let you
use it, you can. In this case, Teacher
#1 is wrong. Block permission inheritance doesn't do any good here.
Expressly granted permission overrides denied inherited permission. As long
as you bypass the party and go directly to the port-a-potty.

Using the Command Prompt, you can CD (change directory) to
/Party/Port-a-Potty, but you can't CD to /Party.


Only "Expressly granted access" will get you in. "No permissions granted"
means you aren't granted access and "Expressly denied access" means you are
denied access by name. The latter two denies you permission.

Block permission inheritance is used when you want the subfolder to have
tighter restrictions than the parent folder. You want to grant full access
to ACCOUNTING, but only READ access to FORMS. So you use block permission
inheritance so the user doesn't get full access to FORMS, because they
inherited full access from ACCOUNTING.


If the answer is *E* that would mean that 'Full Control' can also
override the 'Read' permission. I'm assuming you guys say this because
assigning 'Full Control' permission is giving the user more control
therefore it will take precedence?


I strongly disagree with the usage of "override".

It's a logical AND, you have Read access AND Full Control, net permission
access is Full Control. Now, if you had inherited Expressly denied read
access and receive Full access control THEN that would override the
inherited expressly denied read access.

Blocking permission inheritance so the user doesn't get Read access makes no
sense if the net permission access is going to be Full Control. It doesn't
hurt, but it's a pointless gesture.

You want to block permission inheritance if you want to limit the access to
subfolders. It resets the access permissions, so you start with no access
granted. Then access permissions are added from there, rather than
inherited from the parent.



I don't know. I'm not trying to aggravate anyone here and I'm not
trying to insult anyone's knowledge in NTFS security, I'm just trying to
understand why the answer is *E* and not *B* and why there are so many
professionals giving different answers. Thanks again.


--
LTCstudent


Well, I haven't seen anyone pick B and you misinterpreted Teacher #1 and he
is also wrong about usage of block permission inheritance.


I would stick with what Teacher #2 says, he seems to know what he is talking
about. He IS the one teaching the class and you can do your own tests to
verify what he says is true.

But that's just my opinion.

Thanks to your post, I had to do some investigating and I ended up learning
a thing or two about NTFS security.

"LTCstudent" wrote in message
...

Ok... When I checked the forum for responses to my question this morning
before school, I had 2 responses: One saying the answer was *E* and the
other saying the answer was *B*. That kind of sucked, but I wasn't
worried because I figured I would just ask one of the teachers at
school.

Well, I asked Teacher #1 who is really knowledgeable about Server and
permissions (he teaches Server, Exchange, etc at the school) and he said
the answer was *B*. But then I mentioned it to Teacher #2 (who actually
teaches the class where this question arose) and he said the answer was
*E*. I guess 'street smarts' would say just go with the teacher who is
teaching the class and be done with it, but i really want to understand
this stuff.

So now I've returned from school and it looks like the consensus on
this forum is that the correct answer is *E* which is fine. BUT Teacher
#1 made a convincing point to me. He stated that the _only_ permission
assigned to a folder (c:\accounting\forms) that can override the
inheritance permission is the 'Deny' permission unless you -block the
permission inheritance-.


OK, now you're just trying to come up with a scenario where answer B might
work better and misinterpreted what Teacher #1 is saying to fit your
argument.

There's three states of access control.

Expressly granted access
If your name is on the guest list you get in.
The host knows you and you been invited.

No access permission granted
Your name is not on the guest list, you are not getting in.
The host does not know you and you're not invited in.

Expressly denied access
You name appears on list of people forbidden to enter, you're not getting
in.
The host knows you and told the guards to keep you out.


It seems to me, you're confusing "No access permission granted" with
"Expressly denied access." In the original scenario, it does not mention
"deny" at all. Not being granted access is not the same as expressly denied
access, although the net result is the same.

If you are expressly denied access to the party, but want to use the
port-a-potty outback and the guard at the port-a-potty is told to let you
use it, you can. In this case, Teacher
#1 is wrong. Block permission inheritance doesn't do any good here.
Expressly granted permission overrides denied inherited permission. As long
as you bypass the party and go directly to the port-a-potty.

Using the Command Prompt, you can CD (change directory) to
/Party/Port-a-Potty, but you can't CD to /Party.


Only "Expressly granted access" will get you in. "No permissions granted"
means you aren't granted access and "Expressly denied access" means you are
denied access by name. The latter two denies you permission.

Block permission inheritance is used when you want the subfolder to have
tighter restrictions than the parent folder. You want to grant full access
to ACCOUNTING, but only READ access to FORMS. So you use block permission
inheritance so the user doesn't get full access to FORMS, because they
inherited full access from ACCOUNTING.


If the answer is *E* that would mean that 'Full Control' can also
override the 'Read' permission. I'm assuming you guys say this because
assigning 'Full Control' permission is giving the user more control
therefore it will take precedence?


I strongly disagree with the usage of "override".

It's a logical AND, you have Read access AND Full Control, net permission
access is Full Control. Now, if you had inherited Expressly denied read
access and receive Full access control THEN that would override the
inherited expressly denied read access.

Blocking permission inheritance so the user doesn't get Read access makes no
sense if the net permission access is going to be Full Control. It doesn't
hurt, but it's a pointless gesture.

You want to block permission inheritance if you want to limit the access to
subfolders. It resets the access permissions, so you start with no access
granted. Then access permissions are added from there, rather than
inherited from the parent.



I don't know. I'm not trying to aggravate anyone here and I'm not
trying to insult anyone's knowledge in NTFS security, I'm just trying to
understand why the answer is *E* and not *B* and why there are so many
professionals giving different answers. Thanks again.


--
LTCstudent


Well, I haven't seen anyone pick B and you misinterpreted Teacher #1 and he
is also wrong about usage of block permission inheritance.


I would stick with what Teacher #2 says, he seems to know what he is talking
about. He IS the one teaching the class and you can do your own tests to
verify what he says is true.

But that's just my opinion.

Thanks to your post, I had to do some investigating and I ended up learning
a thing or two about NTFS security.