Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
Please help with this NTFS question...
This is a question from my book that me my friend and I are struggling with. ::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING. They require full access to C:\ACCOUNTING\FORMS. This can be accomplished by:* :: *A)* not possible *B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and assigning the user Full control to C:\ACCOUNTING\FORMS *C)* assigning the user Full control to C:\ACCOUNTING *D)* blocking permission inheritance at C:\ACCOUNTING and assigning the user Full control to C:\ACCOUNTING\FORMS *E)* assigning the user Full control to C:\ACCOUNTING\FORMS My friend believes the answer is *E*. I believe that may give you the same end result that you are looking for, but that would be assuming that the _Full_Control_ permission would override the _Read_ permission (which may be true, but our book doesn't specifically state anything like that). I personally believe the answer is *B* because when you deny the permission inheritance, it will (as stated in the book) prompt you to clarify whether the permissions should be copied or just removed entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS folder should have. His reasoning is (I think this is crap by the way) that the book wants us to go the "shortest" route possible, similar to computer programming. The analogy he used was that when you are writing a program you try to write the program as small and use as few steps as possible in order to make the program as efficient as possible and that is the same with this question and that is why E is right. :sarc: My reasoning is that the book explains permissions as though you should remove the inheritance from the folder then assign the permission the way you want the person to have them. Period. Please help us figure this out. We have a mid-term Wednesday (in 2 days) and I'm beginning to get confused. TIA -- LTCstudent |
|
|||
Please help with this NTFS question...
Does the book actually refer to both the singular "user" and "they" as
equivalent entities? (okay - it's not an English studies book) I think the answer expected is *B)* - you break the inheritance of the parent/child directory relationship and set the desired permissions on the child. Using *D)* you will have blocked inheritance to C:\ACCOUNTING\all children as well as the "FORMS" child directory. Get an XP machine and use the help system's search function to search for "inheritance". "LTCstudent" wrote in message ... This is a question from my book that me my friend and I are struggling with. ::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING. They require full access to C:\ACCOUNTING\FORMS. This can be accomplished by:* :: *A)* not possible *B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and assigning the user Full control to C:\ACCOUNTING\FORMS *C)* assigning the user Full control to C:\ACCOUNTING *D)* blocking permission inheritance at C:\ACCOUNTING and assigning the user Full control to C:\ACCOUNTING\FORMS *E)* assigning the user Full control to C:\ACCOUNTING\FORMS My friend believes the answer is *E*. I believe that may give you the same end result that you are looking for, but that would be assuming that the _Full_Control_ permission would override the _Read_ permission (which may be true, but our book doesn't specifically state anything like that). I personally believe the answer is *B* because when you deny the permission inheritance, it will (as stated in the book) prompt you to clarify whether the permissions should be copied or just removed entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS folder should have. His reasoning is (I think this is crap by the way) that the book wants us to go the "shortest" route possible, similar to computer programming. The analogy he used was that when you are writing a program you try to write the program as small and use as few steps as possible in order to make the program as efficient as possible and that is the same with this question and that is why E is right. :sarc: My reasoning is that the book explains permissions as though you should remove the inheritance from the folder then assign the permission the way you want the person to have them. Period. Please help us figure this out. We have a mid-term Wednesday (in 2 days) and I'm beginning to get confused. TIA -- LTCstudent |
|
|||
Please help with this NTFS question...
"LTCstudent" wrote in message ... This is a question from my book that me my friend and I are struggling with. ::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING. They require full access to C:\ACCOUNTING\FORMS. This can be accomplished by:* :: *A)* not possible *B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and assigning the user Full control to C:\ACCOUNTING\FORMS *C)* assigning the user Full control to C:\ACCOUNTING *D)* blocking permission inheritance at C:\ACCOUNTING and assigning the user Full control to C:\ACCOUNTING\FORMS *E)* assigning the user Full control to C:\ACCOUNTING\FORMS My friend believes the answer is *E*. I believe that may give you the same end result that you are looking for, but that would be assuming that the _Full_Control_ permission would override the _Read_ permission (which may be true, but our book doesn't specifically state anything like that). I personally believe the answer is *B* because when you deny the permission inheritance, it will (as stated in the book) prompt you to clarify whether the permissions should be copied or just removed entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS folder should have. His reasoning is (I think this is crap by the way) that the book wants us to go the "shortest" route possible, similar to computer programming. The analogy he used was that when you are writing a program you try to write the program as small and use as few steps as possible in order to make the program as efficient as possible and that is the same with this question and that is why E is right. :sarc: My reasoning is that the book explains permissions as though you should remove the inheritance from the folder then assign the permission the way you want the person to have them. Period. Please help us figure this out. We have a mid-term Wednesday (in 2 days) and I'm beginning to get confused. TIA -- LTCstudent I picked E) User only has read access to ACCOUNTING, so blocking inherited rights is pointless since you're giving the user full access to the sub-directory FORMS. Now, if you wanted the user to have full access to ACCOUNTING and limited access to FORMS, then you would want to block inherited rights and set permission accordingly, like read access. B) would accomplish the same results, but it has an unnecessary step and therefore not the best answer. |
|
|||
Please help with this NTFS question...
"LTCstudent" wrote in message ... This is a question from my book that me my friend and I are struggling with. ::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING. They require full access to C:\ACCOUNTING\FORMS. This can be accomplished by:* :: *A)* not possible *B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and assigning the user Full control to C:\ACCOUNTING\FORMS *C)* assigning the user Full control to C:\ACCOUNTING *D)* blocking permission inheritance at C:\ACCOUNTING and assigning the user Full control to C:\ACCOUNTING\FORMS *E)* assigning the user Full control to C:\ACCOUNTING\FORMS My friend believes the answer is *E*. I believe that may give you the same end result that you are looking for, but that would be assuming that the _Full_Control_ permission would override the _Read_ permission (which may be true, but our book doesn't specifically state anything like that). I personally believe the answer is *B* because when you deny the permission inheritance, it will (as stated in the book) prompt you to clarify whether the permissions should be copied or just removed entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS folder should have. His reasoning is (I think this is crap by the way) that the book wants us to go the "shortest" route possible, similar to computer programming. The analogy he used was that when you are writing a program you try to write the program as small and use as few steps as possible in order to make the program as efficient as possible and that is the same with this question and that is why E is right. :sarc: My reasoning is that the book explains permissions as though you should remove the inheritance from the folder then assign the permission the way you want the person to have them. Period. Please help us figure this out. We have a mid-term Wednesday (in 2 days) and I'm beginning to get confused. TIA -- LTCstudent I picked E) User only has read access to ACCOUNTING, so blocking inherited rights is pointless since you're giving the user full access to the sub-directory FORMS. Now, if you wanted the user to have full access to ACCOUNTING and limited access to FORMS, then you would want to block inherited rights and set permission accordingly, like read access. B) would accomplish the same results, but it has an unnecessary step and therefore not the best answer. |
|
|||
Please help with this NTFS question...
E
-- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "LTCstudent" wrote in message ... This is a question from my book that me my friend and I are struggling with. ::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING. They require full access to C:\ACCOUNTING\FORMS. This can be accomplished by:* :: *A)* not possible *B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and assigning the user Full control to C:\ACCOUNTING\FORMS *C)* assigning the user Full control to C:\ACCOUNTING *D)* blocking permission inheritance at C:\ACCOUNTING and assigning the user Full control to C:\ACCOUNTING\FORMS *E)* assigning the user Full control to C:\ACCOUNTING\FORMS My friend believes the answer is *E*. I believe that may give you the same end result that you are looking for, but that would be assuming that the _Full_Control_ permission would override the _Read_ permission (which may be true, but our book doesn't specifically state anything like that). I personally believe the answer is *B* because when you deny the permission inheritance, it will (as stated in the book) prompt you to clarify whether the permissions should be copied or just removed entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS folder should have. His reasoning is (I think this is crap by the way) that the book wants us to go the "shortest" route possible, similar to computer programming. The analogy he used was that when you are writing a program you try to write the program as small and use as few steps as possible in order to make the program as efficient as possible and that is the same with this question and that is why E is right. :sarc: My reasoning is that the book explains permissions as though you should remove the inheritance from the folder then assign the permission the way you want the person to have them. Period. Please help us figure this out. We have a mid-term Wednesday (in 2 days) and I'm beginning to get confused. TIA -- LTCstudent |
|
|||
Please help with this NTFS question...
E
-- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "LTCstudent" wrote in message ... This is a question from my book that me my friend and I are struggling with. ::*A user is assigned Read permission to the NTFS folder C:\ACCOUNTING. They require full access to C:\ACCOUNTING\FORMS. This can be accomplished by:* :: *A)* not possible *B)* blocking permission inheritance at C:\ACCOUNTING\FORMS and assigning the user Full control to C:\ACCOUNTING\FORMS *C)* assigning the user Full control to C:\ACCOUNTING *D)* blocking permission inheritance at C:\ACCOUNTING and assigning the user Full control to C:\ACCOUNTING\FORMS *E)* assigning the user Full control to C:\ACCOUNTING\FORMS My friend believes the answer is *E*. I believe that may give you the same end result that you are looking for, but that would be assuming that the _Full_Control_ permission would override the _Read_ permission (which may be true, but our book doesn't specifically state anything like that). I personally believe the answer is *B* because when you deny the permission inheritance, it will (as stated in the book) prompt you to clarify whether the permissions should be copied or just removed entirely. Then you can clarify what permission the C:\ACCOUNTING\FORMS folder should have. His reasoning is (I think this is crap by the way) that the book wants us to go the "shortest" route possible, similar to computer programming. The analogy he used was that when you are writing a program you try to write the program as small and use as few steps as possible in order to make the program as efficient as possible and that is the same with this question and that is why E is right. :sarc: My reasoning is that the book explains permissions as though you should remove the inheritance from the folder then assign the permission the way you want the person to have them. Period. Please help us figure this out. We have a mid-term Wednesday (in 2 days) and I'm beginning to get confused. TIA -- LTCstudent |
|
|||
Please help with this NTFS question...
Ok... When I checked the forum for responses to my question this morning before school, I had 2 responses: One saying the answer was *E* and the other saying the answer was *B*. That kind of sucked, but I wasn't worried because I figured I would just ask one of the teachers at school. Well, I asked Teacher #1 who is really knowledgeable about Server and permissions (he teaches Server, Exchange, etc at the school) and he said the answer was *B*. But then I mentioned it to Teacher #2 (who actually teaches the class where this question arose) and he said the answer was *E*. I guess 'street smarts' would say just go with the teacher who is teaching the class and be done with it, but i really want to understand this stuff. So now I've returned from school and it looks like the consensus on this forum is that the correct answer is *E* which is fine. BUT Teacher #1 made a convincing point to me. He stated that the _only_ permission assigned to a folder (c:\accounting\forms) that can override the inheritance permission is the 'Deny' permission unless you -block the permission inheritance-. If the answer is *E* that would mean that 'Full Control' can also override the 'Read' permission. I'm assuming you guys say this because assigning 'Full Control' permission is giving the user more control therefore it will take precedence? I don't know. I'm not trying to aggravate anyone here and I'm not trying to insult anyone's knowledge in NTFS security, I'm just trying to understand why the answer is *E* and not *B* and why there are so many professionals giving different answers. Thanks again. -- LTCstudent |
|
|||
Please help with this NTFS question...
Ok... When I checked the forum for responses to my question this morning before school, I had 2 responses: One saying the answer was *E* and the other saying the answer was *B*. That kind of sucked, but I wasn't worried because I figured I would just ask one of the teachers at school. Well, I asked Teacher #1 who is really knowledgeable about Server and permissions (he teaches Server, Exchange, etc at the school) and he said the answer was *B*. But then I mentioned it to Teacher #2 (who actually teaches the class where this question arose) and he said the answer was *E*. I guess 'street smarts' would say just go with the teacher who is teaching the class and be done with it, but i really want to understand this stuff. So now I've returned from school and it looks like the consensus on this forum is that the correct answer is *E* which is fine. BUT Teacher #1 made a convincing point to me. He stated that the _only_ permission assigned to a folder (c:\accounting\forms) that can override the inheritance permission is the 'Deny' permission unless you -block the permission inheritance-. If the answer is *E* that would mean that 'Full Control' can also override the 'Read' permission. I'm assuming you guys say this because assigning 'Full Control' permission is giving the user more control therefore it will take precedence? I don't know. I'm not trying to aggravate anyone here and I'm not trying to insult anyone's knowledge in NTFS security, I'm just trying to understand why the answer is *E* and not *B* and why there are so many professionals giving different answers. Thanks again. -- LTCstudent |
|
|||
Please help with this NTFS question...
"LTCstudent" wrote in message ... Ok... When I checked the forum for responses to my question this morning before school, I had 2 responses: One saying the answer was *E* and the other saying the answer was *B*. That kind of sucked, but I wasn't worried because I figured I would just ask one of the teachers at school. Well, I asked Teacher #1 who is really knowledgeable about Server and permissions (he teaches Server, Exchange, etc at the school) and he said the answer was *B*. But then I mentioned it to Teacher #2 (who actually teaches the class where this question arose) and he said the answer was *E*. I guess 'street smarts' would say just go with the teacher who is teaching the class and be done with it, but i really want to understand this stuff. So now I've returned from school and it looks like the consensus on this forum is that the correct answer is *E* which is fine. BUT Teacher #1 made a convincing point to me. He stated that the _only_ permission assigned to a folder (c:\accounting\forms) that can override the inheritance permission is the 'Deny' permission unless you -block the permission inheritance-. OK, now you're just trying to come up with a scenario where answer B might work better and misinterpreted what Teacher #1 is saying to fit your argument. There's three states of access control. Expressly granted access If your name is on the guest list you get in. The host knows you and you been invited. No access permission granted Your name is not on the guest list, you are not getting in. The host does not know you and you're not invited in. Expressly denied access You name appears on list of people forbidden to enter, you're not getting in. The host knows you and told the guards to keep you out. It seems to me, you're confusing "No access permission granted" with "Expressly denied access." In the original scenario, it does not mention "deny" at all. Not being granted access is not the same as expressly denied access, although the net result is the same. If you are expressly denied access to the party, but want to use the port-a-potty outback and the guard at the port-a-potty is told to let you use it, you can. In this case, Teacher #1 is wrong. Block permission inheritance doesn't do any good here. Expressly granted permission overrides denied inherited permission. As long as you bypass the party and go directly to the port-a-potty. Using the Command Prompt, you can CD (change directory) to /Party/Port-a-Potty, but you can't CD to /Party. Only "Expressly granted access" will get you in. "No permissions granted" means you aren't granted access and "Expressly denied access" means you are denied access by name. The latter two denies you permission. Block permission inheritance is used when you want the subfolder to have tighter restrictions than the parent folder. You want to grant full access to ACCOUNTING, but only READ access to FORMS. So you use block permission inheritance so the user doesn't get full access to FORMS, because they inherited full access from ACCOUNTING. If the answer is *E* that would mean that 'Full Control' can also override the 'Read' permission. I'm assuming you guys say this because assigning 'Full Control' permission is giving the user more control therefore it will take precedence? I strongly disagree with the usage of "override". It's a logical AND, you have Read access AND Full Control, net permission access is Full Control. Now, if you had inherited Expressly denied read access and receive Full access control THEN that would override the inherited expressly denied read access. Blocking permission inheritance so the user doesn't get Read access makes no sense if the net permission access is going to be Full Control. It doesn't hurt, but it's a pointless gesture. You want to block permission inheritance if you want to limit the access to subfolders. It resets the access permissions, so you start with no access granted. Then access permissions are added from there, rather than inherited from the parent. I don't know. I'm not trying to aggravate anyone here and I'm not trying to insult anyone's knowledge in NTFS security, I'm just trying to understand why the answer is *E* and not *B* and why there are so many professionals giving different answers. Thanks again. -- LTCstudent Well, I haven't seen anyone pick B and you misinterpreted Teacher #1 and he is also wrong about usage of block permission inheritance. I would stick with what Teacher #2 says, he seems to know what he is talking about. He IS the one teaching the class and you can do your own tests to verify what he says is true. But that's just my opinion. Thanks to your post, I had to do some investigating and I ended up learning a thing or two about NTFS security. |
|
|||
Please help with this NTFS question...
"LTCstudent" wrote in message ... Ok... When I checked the forum for responses to my question this morning before school, I had 2 responses: One saying the answer was *E* and the other saying the answer was *B*. That kind of sucked, but I wasn't worried because I figured I would just ask one of the teachers at school. Well, I asked Teacher #1 who is really knowledgeable about Server and permissions (he teaches Server, Exchange, etc at the school) and he said the answer was *B*. But then I mentioned it to Teacher #2 (who actually teaches the class where this question arose) and he said the answer was *E*. I guess 'street smarts' would say just go with the teacher who is teaching the class and be done with it, but i really want to understand this stuff. So now I've returned from school and it looks like the consensus on this forum is that the correct answer is *E* which is fine. BUT Teacher #1 made a convincing point to me. He stated that the _only_ permission assigned to a folder (c:\accounting\forms) that can override the inheritance permission is the 'Deny' permission unless you -block the permission inheritance-. OK, now you're just trying to come up with a scenario where answer B might work better and misinterpreted what Teacher #1 is saying to fit your argument. There's three states of access control. Expressly granted access If your name is on the guest list you get in. The host knows you and you been invited. No access permission granted Your name is not on the guest list, you are not getting in. The host does not know you and you're not invited in. Expressly denied access You name appears on list of people forbidden to enter, you're not getting in. The host knows you and told the guards to keep you out. It seems to me, you're confusing "No access permission granted" with "Expressly denied access." In the original scenario, it does not mention "deny" at all. Not being granted access is not the same as expressly denied access, although the net result is the same. If you are expressly denied access to the party, but want to use the port-a-potty outback and the guard at the port-a-potty is told to let you use it, you can. In this case, Teacher #1 is wrong. Block permission inheritance doesn't do any good here. Expressly granted permission overrides denied inherited permission. As long as you bypass the party and go directly to the port-a-potty. Using the Command Prompt, you can CD (change directory) to /Party/Port-a-Potty, but you can't CD to /Party. Only "Expressly granted access" will get you in. "No permissions granted" means you aren't granted access and "Expressly denied access" means you are denied access by name. The latter two denies you permission. Block permission inheritance is used when you want the subfolder to have tighter restrictions than the parent folder. You want to grant full access to ACCOUNTING, but only READ access to FORMS. So you use block permission inheritance so the user doesn't get full access to FORMS, because they inherited full access from ACCOUNTING. If the answer is *E* that would mean that 'Full Control' can also override the 'Read' permission. I'm assuming you guys say this because assigning 'Full Control' permission is giving the user more control therefore it will take precedence? I strongly disagree with the usage of "override". It's a logical AND, you have Read access AND Full Control, net permission access is Full Control. Now, if you had inherited Expressly denied read access and receive Full access control THEN that would override the inherited expressly denied read access. Blocking permission inheritance so the user doesn't get Read access makes no sense if the net permission access is going to be Full Control. It doesn't hurt, but it's a pointless gesture. You want to block permission inheritance if you want to limit the access to subfolders. It resets the access permissions, so you start with no access granted. Then access permissions are added from there, rather than inherited from the parent. I don't know. I'm not trying to aggravate anyone here and I'm not trying to insult anyone's knowledge in NTFS security, I'm just trying to understand why the answer is *E* and not *B* and why there are so many professionals giving different answers. Thanks again. -- LTCstudent Well, I haven't seen anyone pick B and you misinterpreted Teacher #1 and he is also wrong about usage of block permission inheritance. I would stick with what Teacher #2 says, he seems to know what he is talking about. He IS the one teaching the class and you can do your own tests to verify what he says is true. But that's just my opinion. Thanks to your post, I had to do some investigating and I ended up learning a thing or two about NTFS security. |
Thread Tools | |
Display Modes | |
|
|