HOTSPOT
You have a shared folder named Share1. The folder permissions of Share1 are configured
as shown in the Folder Permissions exhibit.(Click the Exhibit button.)
The Share permissions of Share1 are configured as shown in the Share Permissions
exhibit.(Click the Exhibit button.)
You have a group named Group1. The members of Group1 are shown in the Group1
exhibit.(Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information;
otherwise select No. Each correct selection is worth one point.
Answer: 
Explanation:
NTFS permissions control access to the files and folders stored on disk volumes formatted
with the NTFS file system. Share permissions control access to folders over a network. To
access a file over a network, a user must have appropriate share permissions (and
appropriate NTFS permissions if the shared folder is on an NTFS volume).Granting a user
Full Control NTFS permission on a folder enables that user to take ownership of the folder
unless the user is restricted in some other way.User1 was not granted Full Control
permission.
The Administrators have Full Control permission. I assume that User2 is an administrator
since the Group1 exhibit shows only User1 as a member.
References:
http://technet.microsoft.com/en-us/library/cc754178.aspx
Exam Ref 70-410: Installing and configuring Windows Server 2012 R2, Chapter 2: Configure
server roles and features, Objective 2.1: Configure file and share access, p.75-80
Both contoso\administrator and contoso\user2 aren’t permitted, how could they delete file? Only local admin has full control permission.
I think Modify includes deleting files. Am I wrong? So through Everyone entries user2 and contoso\Administrator (we don’t know if he/she belongs to server12\Administrators group) can acces those files to delete them.
Modify gives delete permissions so everyone except the members of Group1 can delete the files.
http://msdn.microsoft.com/en-us/library/bb727107.aspx
You can’t just assume User 2 belongs to the Administrators group. If the test was based on our assumptions, we would all pass.
agree.
User2 doesn’t need to belong to Administrators group, Everyone has the below access:
NTFS: Modify Access
Share: Change Access
User2 is obviously belongs to everyone group and so he can delete files
Share permissions:
Everyone (including user2) = Change rights
NTFS permissions:
User = read & execute
Everyone (user2) = Modify
Share permissions are overruling ntfs permissions. For example: Everyone has READ share rights and everyone has FULL Control NTFS permissions. In this case the users are not able to create or delete a file or folder.
On this question user2 has change share rights and modify ntfs permissions. Wich means the user2 is able to delete a file or folder. If user2 only has Read&Execute ntfs permissions he was not able to delete a file or folder.
The administrator has full control share rights and modify ntfs rights (everyone group). He is able to delete a file or folder.
User2 is part of everyone group (Everyone encompasses all accounts) for NTFS permission. Everyone NTFS group has “Modify”
Modify permission allows for delete
Therefore User2 can delete content of Share1
The answer presented is correct.
Here’s the facts:
Administrator:
Is the Owner of the folder and has Full Control permissions.
User 1:
-NTFS: Read/Execute (Blocks the users from deleting)
-Is not considered part of “Everyone” because there’s a condition the excludes that.
User 2:
-NTFS: Modify (Allows deleting)
-Considered part of “Everyone”.
Share permissions are not restrictive here:
-Everyone gets change (allows for most tasks except modifying permissions to share)
-Administrators FULL control.
Answer, who can delete:
User1: NO
User2: YES
Admin: YES
Agreed
I agree too.
Agreed with “bob jones” in final answer, but not entirely in explanation. Owner of share folder is local Administrator (Server12\Administrator) but in question there is domain user Administrator (CONTOSO\Administrator). This two are different users. Also, if someone is owner of object, this does not assume that he has full control. Owner can always change permissions but he can have less permissions.
So, all three users in question have change permission on share (we don’t know if domain user Administrator is member of local group Administrators (directly or through domain admins group). On NTFS everyone has modify except User1 which has Read & execute. Change on share and modify on NTFS permit deleting files.
Answer is NYY.
The correct answer for User 1 is “YES”.
I was so unsecure, that I tested it for user1 & user2 in my own lab.
The test confirmed my 1st thought – User1’s Membership in Group1 doesn’t deny his permissions to modify. It is an authenticated user as User2, so it is getting the permission over “everyone”.
To make a cross-check I added a advanced permission for group1 to deny creating files and folders and deleting -> than no creating or deleting was possible
It is the same like in 1995 when I started with Windows NT Server 3.51 -> explicit deny goes always over allow, but if that is not the case allow permissions are cumulated.
you are almost right. but i think you missed the condition. which excludes group1 from everyone. and user1 is a member from group1.
conclusion:
User1 Can delete? No (not a member of everyone see condition)
user2 Can delete? Yes
Admin Can deelte? Yes
if the condition was not set user 1 could delete too!
correct me if i’m wrong
All three users can delete via Everyone permission. Verified in lab. User1 also falls under everyone so they are allowed to delete as well.
User 1 – no
User 2 – yes
Administrator – yes (because he is OWNER)
Always a massive fan of linking to bloggers that I appreciate but do not get a good deal of link enjoy from.
we like to honor numerous other web internet sites around the net, even if they arent linked to us, by linking to them. Below are some webpages worth checking out
The data mentioned in the post are some of the very best out there
check beneath, are some absolutely unrelated web-sites to ours, nonetheless, they are most trustworthy sources that we use
The information mentioned within the article are a number of the best accessible
CHANGE can create, modify and delete files and subfolders. It is denied only to modify the files and folders permissions. Which is granted by FULL CONTROL.
EVERYONE, have the condition EXCEPT GROUP1 explicited on the first image.
USER1 is member of GROUP1, for which is granted READ & EXECUTE.
CONTOSO\USER2 and CONTOSO\ADMINISTRATOR will be taken by EVERYONE – and receive CHANGE permissions.
Hence:
USER1: Can delete: No.
USER2 and ADMINISTRATOR: Can delete: YES
Mark van Dijk’s reply explains it in the best possible way.
Share permissions:
Everyone (including user2) = Change rights
NTFS permissions:
User = read & execute
Everyone (user2) = Modify
Share permissions are overruling ntfs permissions. For example: Everyone has READ share rights and everyone has FULL Control NTFS permissions. In this case the users are not able to create or delete a file or folder.
On this question user2 has change share rights and modify ntfs permissions. Wich means the user2 is able to delete a file or folder. If user2 only has Read&Execute ntfs permissions he was not able to delete a file or folder.
The administrator has full control share rights and modify ntfs rights (everyone group). He is able to delete a file or folder.
I tried this on a lab.
User1: Cant delete
User2: Can Delete (Cause of Everyone)
Administrators: Can Delete
If you have to ignore the answer material as available information. I’d say, I can’t prove user2 exists.
The answer is correct, just tried it in my lab. Don’t let the Everyone group throw you off, there’s a condition added to it. Under Advance Security Settings on the Permissions tab, select the Everyone group and click Edit. At the bottom there is a conditions section, there you would add Group1 to limit access.