+ Reply to Thread
Results 1 to 15 of 15
  1. Junior Member Registered Member
    Join Date
    Nov 2015
    Posts
    7
    #1

    Default Permissions question. Am I just stupid?

    Trying to make this short.
    Alice- permissions
    ntfs-read only and full control
    shared-read only and change
    Answer is 'change' in my book. I thought change would not be the most restrictive.

    I need a tutor lol.
    Reply With Quote Quote  

  2. SS -->
  3. VMware Dude! TheProf's Avatar
    Join Date
    Jun 2010
    Location
    Canada
    Posts
    327

    Certifications
    vExpert | CCA | CCAA | MCSA | MCTS | MCITP:EMA 2010 | VCP5-DCV/DT | VTSP4/5 | VSP 5 | Network +
    #2
    Not sure what your question is to be honest... Unless I am missing something?

    Are you asking about what permission would be the most restrictive? but in what context? Share permissions vs NTFS?
    Reply With Quote Quote  

  4. Junior Member Registered Member
    Join Date
    Nov 2015
    Posts
    7
    #3
    Yes which permission is most restrictive out of all of them. She is accessing the file over network so if I'm right both sets of permissions would apply.
    Reply With Quote Quote  

  5. Member
    Join Date
    Aug 2014
    Location
    NY
    Posts
    74

    Certifications
    CWTS, MCP O365 (346), Net+, A+
    #4
    NTFS is most restrictive. From my current experience, shared permissions would be full control and then use NTFS permissions to apply the access needed for that user.

    Hope that helps!
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Nov 2015
    Posts
    7
    #5
    Thanks still a little confused. Book makes it sound like either way, 'change' will more restrictive than 'read only'. Is this right? I have another question in the book that ends up showing change is more restrictive than read only. Still trying to see what difference between change and modify is lol.
    Last edited by darkgnite; 11-06-2015 at 04:47 PM.
    Reply With Quote Quote  

  7. Member
    Join Date
    Aug 2014
    Location
    NY
    Posts
    74

    Certifications
    CWTS, MCP O365 (346), Net+, A+
    #6
    Read only is more restrictive. Think of change as 'Read & Write' - you can open the files, view information about the files, edit files and deleted and create new files.

    With read only you can view information about the file and open but that is it.

    In summary, read only is more restrictive that change.

    Edit: This can change however if the person has different permissions applied based on file/folder and if those permissions are set to inherited but this goes into NTFS permissions.
    Last edited by Kore; 11-06-2015 at 04:55 PM.
    Reply With Quote Quote  

  8. Junior Member Registered Member
    Join Date
    Nov 2015
    Posts
    7
    #7
    I've got the Shapiro book I'm studying. Wondering if he meant to make the book this way lol. I must be missing something, almost every site I look at only lists-full, modify, read and write. I don't see change as a permission.
    Last edited by darkgnite; 11-06-2015 at 04:58 PM.
    Reply With Quote Quote  

  9. Senior Member sthomas's Avatar
    Join Date
    Dec 2006
    Posts
    1,242

    Certifications
    A+, Network+, Linux+, Security+, Server+, MCSE 2003, MCSA 2008, Google Certified Associate - G Suite Administrator
    #8
    The most restrictive permissions always take affect. So if Alice is read only on the share permissions but has full control on NTFS permissions she will still only have read only access to the files/folder. But the share permissions only take affect when accessing the shared folder over the network from another computer. If Alice was accessing the folder locally on the workstation with the share she would have full control in this example.

    Also, perhaps "change" in the book you are talking about is supposed to mean modify?
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    Nov 2015
    Posts
    7
    #9
    Thanks It helps. I just won't go by the book lol. Each question says they are accessing the files over the internet so that is not local.
    Reply With Quote Quote  

  11. Senior Member sthomas's Avatar
    Join Date
    Dec 2006
    Posts
    1,242

    Certifications
    A+, Network+, Linux+, Security+, Server+, MCSE 2003, MCSA 2008, Google Certified Associate - G Suite Administrator
    #10
    It does get confusing, best practice in the real world is to set share permissions to everyone full control and then manage the permissions via NTFS permissions. That way most restrictive would be easier to figure out because you have full access to share and you can lock it down with the NTFS permissions.
    Working on: MCSA 2012 R2
    Reply With Quote Quote  

  12. VMware Dude! TheProf's Avatar
    Join Date
    Jun 2010
    Location
    Canada
    Posts
    327

    Certifications
    vExpert | CCA | CCAA | MCSA | MCTS | MCITP:EMA 2010 | VCP5-DCV/DT | VTSP4/5 | VSP 5 | Network +
    #11
    The most important thing to understand when dealing with permissions is to understand the impact that share permissions have vs NTFS permissions. Share permissions don't always apply unless you share something, like a folder.

    When you share a folder, the idea is to have one place where you manage all those permissions. The recommendation has always been to give full control on Share Permissions and then use NTFS permissions to control who has access to what.

    For example, you can set the share permissions for the user to FULL, meaning they have all the access to write/create/delete/modify/read, but if NTFS permissions say Read-Only, well the most restrictive permission will apply, in this case Read-Only, even though your share permissions are set to FULL CONTROL.
    Reply With Quote Quote  

  13. Junior Member Registered Member
    Join Date
    Nov 2015
    Posts
    7
    #12

    Default One last question lol.

    The answer given in book is full control. I thought change or modify would be answer.
    You have a user named Will who has access to the Finance folder on your network server. Will belongs to the following groups;

    NTFS
    Admin Full Control
    Finance Modify

    Shared Permissions
    Admin Full Control
    Finance Change

    When Will logs into the Finance folder from his Windows 8.1 machine, what are his effective permissions?
    A. Full Control
    B. Read only
    C. Change
    D. Read and Write
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    May 2006
    Posts
    2,005

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #13
    Quote Originally Posted by darkgnite View Post
    The answer given in book is full control. I thought change or modify would be answer.
    You have a user named Will who has access to the Finance folder on your network server. Will belongs to the following groups;

    NTFS
    Admin Full Control
    Finance Modify

    Shared Permissions
    Admin Full Control
    Finance Change

    When Will logs into the Finance folder from his Windows 8.1 machine, what are his effective permissions?
    A. Full Control
    B. Read only
    C. Change
    D. Read and Write
    The answer is Full control. He is in the Admin group so he inherts the permissions of the admin group.
    Reply With Quote Quote  

  15. Junior Member Registered Member
    Join Date
    Nov 2015
    Posts
    7
    #14
    Thanks. I always miss things like that. There was another that had same situation but i'll save that for a tutor if I get one. I just thought we had to permission with the most restrictions.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    May 2006
    Posts
    2,005

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #15
    Quote Originally Posted by darkgnite View Post
    Thanks. I always miss things like that. There was another that had same situation but i'll save that for a tutor if I get one. I just thought we had to permission with the most restrictions.
    No access is by default the highest restriction but if you want to give access and still have high restrictions to data you can give that user Read-only access.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks