HOTSPOT
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a folder
named Folder1.
A user named User1 is a member of Group1 and Group2. A user named User2 is a member of
Group2 and Group3.
You need to identify which actions the users can perform when they access the files in Share1.
What should you identify?
To answer, select the appropriate actions for each user in the answer area.
Answer: 
User1: Yes to all
User2: Y-Y-N-N-N
0
0
No
0
0
Have setup and tested in a LAB.
Answer given by aiotestking is correct
User1: Y N N N Y
User2: Y Y N N N
Share Permissions gets applied first, then they are further restricted by NTFS permissions.
Note to All, Please Pease restrict from posting comments unless you are 100% certin of you answers
0
0
OMG what a typo
User1 : YYNNN
User2: YNNNY
0
0
I would say that the answer is correct. Most restrictive right will always win, so in this case we are checking only folder permissions.
0
0
Since it’s a Share, don’t only Share permissions apply?
0
0
face palm
0
0
The listed answer is correct. Between folder and share permissions whichever is most restrictive always wins. If a user is in multiple groups their effective permissions are the combination of the two. So User 1 effectively has “Read and Write” folder permissions and “Full Control” share permissions. The folder permissions are the most restrictive so they win out. For User 2 their effective permissions are “Read and Execute” folder permissions and “Change” share permissions. Again the folder permissions are the most restrictive so they win out.
User1: YYNNN
User2: YNNNY
1
0
If most restrictive always wins…and both are in group 2 and the most restrictive is ‘read’ how is the above answer correct?
0
0
Agree. Since user 2 is member of group 2 and 3, it shoulnt be allowed to execute either?
0
0
I think they mean most restrictive in terms of NTFS permissions (Folder Permissions) vs Share Permissions not restrictive in terms of multiple groups. If Group 3 is allowed both read and execute and Group 2 just Read and the user belongs to both groups then the user can perform both read and execute.
0
0
This is getting really confusing, I only hope I wont get this question in my exam. i have people saying ” For User 2 their effective permissions are “Read and Execute” folder permissions and “Change” share permissions. Again the folder permissions are the most restrictive so they win out”
and I have people saying “most restrictive in terms of NTFS permissions (Folder Permissions) vs Share Permissions not restrictive in terms of multiple groups. If Group 3 is allowed both read and execute and Group 2 just Read and the user belongs to both groups then the user can perform both read and execute”
?????
0
0
Just pray it doesn’t come in the exam. LOL
1
0
Thanks Dev7 for the explanation
0
0
The permissions resolve as below:
User1 => Folder(Read/Write) | Share (Full) = Most Restrictive is (Read/Write)
User2 => Folder(Read/Execute) | Share (Change) = Most Restrictive is (Read/Execute)
Answer is:
User1 YYNNN
User2 YNNNY
https://technet.microsoft.com/en-us/library/cc754178.aspx
0
0
What the difference between Read the files and edit the contents ?
Thanks
0
0
You combine the NTFS permission, then combine the share permissions. then take the most restrictive of the 2
User NTFS Share combined
User1 read/write full control read/write (read/edit)
User2 read/exec change read/exec
0
0
gh
0
0
Completely correct. Exactly as Drifter said.
0
0
Tried in a lab and the answers are correct. Here’s the logic:
Both NTFS and Share permissions are cumulative (meaning effects of permissions are combined).
User1 effective NTFS permissions are: Read and Write (Read + Read and Write)
User2 effective NTFS permissions are: Read & Execute (Read + Read & Execute)
User1 effective Share permissions are: Full Control (Full Control + Read)
User2 effective Share permissions are: Change (Read + Change)
The most restrictive combination takes effect when combining NTFS and Share permissions, so:
User1 effective permissions: Read and Write
User2 effective permissions: Read & Execute
NOTE: A “Read” Share permission allows users to execute files if they have “Read & Execute” NTFS permissions on the folder.
0
0