You are the desktop administrator for your company’s sales department. Susan is a user in the sales department. Susan’s Windows XP Professional computer has a single hard disk, which is formatted as NTFS. Susan’s computer contains a folder named C:Files1. The C:Files1 folder is shared as Files1. Users in the sales department have permissions to create files in the Files1 shared folder. Company policy allows interns to read files, but prohibits interns from creating files in the Files1 shared folder. Company policy allows members of the Sales group and the Marketing group to create files in the Files1 shared folder. Carlos is an intern. He is a member of the Interns group, the Sales group, and the Marketing group. Susan reports that Carlos is able to create files in the Files1 shared folder. You inspect Susan’s computer to evaluate the Files1 shared folder. Permissions on Susan’s computer are granted as shown in the following table.
You want ensure that Carlos cannot create files in the Files1 shared folder.
What should you do?
A.
On the Files1 shared folder, remove the Interns group’s access.
B.
On the C:Files1 folder, remove the Interns group’s access.
C.
On the C:Files1 folder, assign the Interns group Deny – Full Control permission.
D.
On the C:Files1 folder, assign the Interns group Deny – Write permission.
Explanation:The interns group has Change Share permission, as a member of the Everyone group, and Modify NTFS permission, as a member of the Sales group (and the Marketing group). The effective combined remote permissions is there Change. By explicitly denying Denying NTFS Write permission the effective permission would be Read, and Carlos would no longer be able to create files in the Files1 folder.
Incorrect Answers:
A: Removing the Interns shared access to Files1, will not help since the Everyone group has Change share permission to the Files1 folder and the Interns group is a member of the Everyone group.
B: Removing the Interns NTFS Write permission on C:Files will not help, since Carlos is a member of Sales group (and Marketing group) which as Modify NTFS permissions to C:Files folder.
C: Denying Full Control will be too restrictive. It would deny Read as well. The interns group would have no access to the C:Files folder.Reference:
Rick Wallace, MCSE (Exam 70-270) Microsoft XP Professional Training Kit, Microsoft
Press, Redmond, 2002, Chapter 8, Lesson 2