HOTSPOT
You have a file server named Server1 that runs Windows Server 2012 R2.Server1 contains
a folder named Folder1.
A user named User1 is a member of Group1 and Group2.A user named User2 is a member
of Group2 and Group3.
You need to identify which actions the users can perform when they access the files in
Share1.
What should you identify?
To answer, select the appropriate actions for each user in the answer area.
Answer: pending
y pending?
i’ve been waiting for this. answers with different version. I hope this will not appear in my exam
0
0
Permissions applied from multiple groups are generally cumulative (Depending on inheritance/explicitly applied etc) This question doesn’t specify inheritance so assume cumulative.
When combining Share and NTFS permissions, the most restrictive one wins. So for Group 1 Read & Write is the permission they’ll have even though they have Full Control at the Share permission.
Group 2 is all the same so only Read – Group 3 has Read & Execute as this is more restricted than Change.
So User 1 can:
Read the Files, Edit contents but nothing else
User 2 can:
Read the files, Run executables but nothing else
Deleting files needs Modify (or Delete/Delete Subfolder and Files) permission
Modify Permissions needs Full Control
http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml
0
0
I agree with Bob and tried in my test lab. The way I do it is create a quick chart. First determine NTFS + Share for all the groups then add them up.
Not relevant in this question but be on the lookout for gotchas like an inherited deny loosing to an explicit allow
This site has some decent info which I will post after the link.
http://www.ntfs.com/ntfs-permissions-precedence.htm
Permission Precedence
Because of the fact that users have can have many different rights settings and objects can have many different permission settings, it is possible that conflicting permission settings might apply to a particular object and access method.
When this occurs, the system must engage in a process of resolving the various permissions to determine which ones should govern the access.
Here are some rules for resolving permissions conflicts:
“Deny” permissions generally take precedence over “allow” permissions.
Permissions applied directly to an object (explicit permissions) take precedence over permissions inherited from a parent (for example from a group).
Permissions inherited from near relatives take precedence over permissions inherited from distant predecessors. So permissions inherited from the object’s parent folder take precedence over permissions inherited from the object’s “grandparent” folder, and so on.
Permissions from different user groups that are at the same level (in terms of being directly-set or inherited, and in terms of being “deny” or “allow”) are cumulative. So if a user is a member of two groups, one of which has an “allow” permission of “Read” and the other has an “allow” of “Write”, the user will have both read and write permission–depending on the other rules above, of course.
Although Deny permissions generally take precedence over allow permissions, this is not always the case. An explicit “allow” permission can take precedence over an inherited “deny” permission.
The hierarchy of precedence for the permissions can be summarized as follows, with the higher precedence permissions listed at the top of the list:
Explicit Deny
Explicit Allow
Inherited Deny
Inherited Allow
File permissions override folder permissions, unless the Full Control permission has been granted to the folder.
0
0
In the real exam, it be changed:
User1 is the member of Group2 and Group3, and User2 is a member of Group1 and Group2
0
0
My answer as it is….
1.Read the files : user1,User2
2.Edit the contents of the Files :user1
3. Delete files created by other user : no one
4.modify the permissions on the files :no one
5. Run Executable Files :User2
for further information
https://www.youtube.com/watch?v=XQNYkUwmV5E
https://www.youtube.com/watch?v=GfmkD12ywfw
0
0