There is no additional configuration to be done to access files across a network than to make sure that the resource is accessible shared and that the user has appropriate permissions to
Trang 1Objective 2.7 Troubleshoot User Authentication 15-35
Objective 2.7
Without proper authentication, a user will be unable to access network resources, and,
in some cases, will not be able to log on to his or her local computer At the root of authentication is the combination of username and password which comprise the user’s credentials If there is a mismatch between what the user believes his or her credentials to be and what the authenticating system expects, the user will not be able to connect to that resource If that resource is the local computer, the user will not be able
to log on at all
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 2Objective 2.7 Questions
1 A traveling user has been away from the office for several months The laptop computer with which the user travels is not configured for dial-in access to the corporate network because it is used mostly for presentations and client documentation
Upon returning to the office and connecting to the corporate network, the user is unable to log on to his or her computer using a local account, and is presented with the “Log on Failed” dialog box
What should you do?
A
B
C Use the password reset disk for that user to reset the password on the local computer
D Disconnect the computer from the network, and then restart the computer
2 A user has returned from an extended business trip, and reconnects his or her computer to the network The user is able to log on, but is not able to connect to any net-work resources
You examine the accounts associated with the user in Active Directory Users And Computers, and note that the computer account for the user’s laptop is marked with a red
Trang 3Objective 2.7 Troubleshoot User Authentication 15-37
3 You are the systems administrator for a medium-sized organization that runs a single Windows Server 2003 domain The Default Domain Group Policy object has the following password policy settings:
10 Passwords Remembered
Maximum Password Age 10 days Minimum Password Age 2 days Minimum Password Length 10 characters
A group of 40 developers who work in a department in your organization has lobbied management for a separate set of password policies specific to its members The developers want the minimum password age set to 0 days and the maximum password age set to 28 days Which of the following methods will allow you to alter the password policy for this group of developers?
A Create a child domain of the current domain and move the developers’ accounts
to this domain Edit the Default Domain GPO of the child domain and implement the separate password policy requested by the developers
B Create a separate OU and move the 40 developers’ user accounts into this OU Create and edit a new GPO, implementing the separate password policy requested
by the developers via this GPO Apply the GPO to the newly created OU hosting the developers’ accounts
C Resubnet the network and create a new site within Active Directory Place all the
40 developers’ workstations onto this new subnet Create and edit a new GPO, implementing the separate password policy requested by the developers via this GPO Apply the GPO to the newly created site hosting the developers’ computer accounts
D Edit the Local GPO on each of the developer’s workstations, implementing the separate password policy requested by the developers via this GPO
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 4Objective 2.7 Answers
1 Correct Answers: C
A Incorrect: The “Logon Failed” dialog box appears only if a password reset disk
has been created for an account on the local computer The domain user account
is not involved in this problem
B Incorrect: The “Logon Failed” dialog box only appears if a password reset disk
has been created for an account on the local computer The domain computer account is not involved in this problem
C Correct: The password reset disk is created for local user accounts, and can be
used when a user is trying to access a local computer account with the incorrect credentials, as in this case
D Incorrect: The computer’s connection to the network or any network interaction
does not cause the “Logon Failed” dialog box to appear
2 Correct Answers: B
A Incorrect: The user’s password would not affect the computer account, as the
icon indicates, in Active Directory
B Correct: The password between the laptop and the domain computer account
has become unsynchronized and must be reset
C Incorrect: This would solve the problem, but might cause other problems if
there are permissions set on resources for this laptop computer Also, this process would take much more time than a computer password reset
D Incorrect: This would compound the problem by not only having unsynchro
nized passwords, but mismatched SIDs as well
Trang 5Objective 2.7 Troubleshoot User Authentication 15-39
3 Correct Answers: A
A Correct: Password policies apply domain-wide The only method by which users
can have separate password policies is if their user accounts reside in different domains A child domain does not inherit the password policy of its parent domain
B Incorrect: Password policies apply domain-wide Password policies applied at
the OU level do not override the password policies set at the domain level If this set of steps is taken, the password policies will remain as they did before at the domain level
C Incorrect.: Password policies apply domain-wide Password policies applied at
the site level do not override the password policies set at the domain level If this set of steps is taken, the password policies will remain as they did before at the domain level
D Incorrect: Password policies apply domain-wide Password policies applied at
the local level do not override the password policies set at the domain level If this set of steps is taken, the password policies will remain as they did before at the domain level
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 716 Managing and Maintaining
Access to Resources (3.0)
Access to resources requires proper identification and proper permissions There is no additional configuration to be done to access files across a network than to make sure that the resource is accessible (shared) and that the user has appropriate permissions to accomplish the desired action (read, write, delete, and so on) This transactional process of analyzing the user’s access token involves reading the entries on the access control list (ACL) of the resource, and comparing the list with the security identifiers (SIDs) on the token If the security services governing the resource access process determine that the combination of SIDs and their permissions is sufficient to perform the requested task, permission and access is granted; if not, access to the resource is denied
Such permission-based access is accomplished by the operating system based upon the file system that is installed on the storage device where the resource resides On a FAT32 file system, for example, even if the operating system version is Windows Server
2003, permissions cannot be set at the file system level: NTFS permissions are required for this type of permission assignment
Share permissions, however, can be set regardless of the file system on which the resources are stored The operating system alone controls the share permissions, which are valid for any entity attempting to access the resource from across the network Terminal Services provides a different type of access to resources, in that it presents a local environment to the user over the network The creation and use of this virtual local environment requires additional permissions and configuration, but the resource access to files and folders is still governed by network (share) and file system (NTFS) permissions The understanding of these additional configuration needs and possibilities is key to the proper use of Terminal Services
Testing Skills and Suggested Practices
The skills that you need to master the Managing and Maintaining Access to Resources
objective domain on Exam 70-290: Managing and Maintaining a Microsoft Window
Server 2003 Environment include
■ Configure access to shared folders
❑ Practice 1: Set permissions for individual users and groups Create increasingly complex sets of group memberships and permission assignments so as
to make a 2–3 layer set of permissions using multiple group memberships for
a user account, and nested memberships for groups
16-1 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 8❑ Practice 2: Configure sets of permissions on network share points Configure NTFS permissions for the same resource, and analyze the effective resulting permissions for a user
■ Troubleshoot terminal services
❑ Practice 1: Configure Terminal Services in Remote Desktop for Administration mode such that various users are allowed or denied permissions Set proper-ties for allowed users to control their profile paths, home directories, and whether their sessions can be controlled remotely through another Terminal Services session
❑ Practice 2: Configure Group Policy for Terminal Services users to redirect local printer and drive output to the Terminal Services session Know the purposes and functionalities for each of these settings
■ Configure file system permissions
❑ Practice 1: Set permissions for individual users and groups Create increasingly complex sets of group memberships and permission assignments so as
to make a 2–3 layer set of permissions using multiple group memberships for
a user account, and nested memberships for groups
❑ Practice 2: Configure sets of NTFS permissions on file system objects Configure share permissions for the same resource, and analyze the effective resulting permissions for a user
■ Troubleshoot access to shared files and folders
❑ Practice 1: Access the properties of a file for which you have set complex NTFS permissions for several groups of users Select a user that is a member
of more than one of the groups that you have assigned the permissions to for the file Use the advanced button in the securities tab to access the “effective permissions” tab Enter the user’s name to discover his or her effective per-missions to that file
❑ Practice 2: Access the properties of a folder for which multiple groups have been given different NTFS permissions Use the advanced button in the securities tab to access the “effective permissions” tab Enter a group name to view the effective group permissions for that folder
Trang 9Chapter 16 Managing and Maintaining Access to Resources (3.0) 16-3
Further Reading
This section contains a list of supplemental readings divided by objective Study these sources thoroughly before taking the exam
Objective 3.1 Review Chapter 6, “Files and Folders.” This chapter examines share
permissions, NTFS permissions, and auditing of resource access
Microsoft Corporation Frequently Asked Questions: Security Technologies This based resource is free and can be accessed at the URL: http://www.microsoft.com
Web-/windowsserver2003/community/centers/security/security_faq.asp
Objective 3.2 Review Chapter 2, Lesson 3, “Remote Administration with Terminal
Services.” This lesson discusses configuration and permission issues involved with Terminal Services, Remote Desktop, and Remote Assistance
Microsoft Corporation Windows Server 2003, Help and Support Center: Remote
Assistance
Objective 3.3 Review Chapter 6, “Files and Folders.” This chapter explores share
permissions, NTFS permissions, and auditing of resource access
Microsoft Corporation Technet; Script Center: Disks and File Systems This
Web-based resource is free, and can be accessed at the following URL: http:
//www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/dfs /default.asp
Objective 3.4 Review Chapter 6, “Files and Folders.” Examine the material on
troubleshooting permissions, including how to view effective permissions
Review the following article on Microsoft Technet: http://www.microsoft.com
/technet/prodtechnol/windowsserver2003/proddocs/standard/acl_view_effective _permissions.asp
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 10Objective 3.1
Configure Access to Shared Folders
Share permissions are set within the Windows Server 2003 operating system on work access points—shares—within the file system These share permissions are assigned in the folder properties interface (Sharing tab) in Windows Explorer Individual files cannot be shared
net-For multiple user entities, permissions are analyzed for each SID presented in the user’s access token, and the most liberal permission is granted The exception to this liberal permission assignment is when one (or more) of the SIDs presented in the token has
a deny permission assigned in the resources’ ACL; in that case, the deny permission takes precedence
If NTFS permissions are in use on the file system, the effective share permission is compared to the effective NTFS permission, and the most restrictive permission is then assigned as the final, effective permission for the user on that resource
Trang 11Objective 3.1 Configure Access to Shared Folders 16-5
Objective 3.1 Questions
1 Server01 is a file server running Microsoft Windows Server 2003 that is used by the accounting department to provide timesheet and expense report forms for employees You are setting permissions on the share points for these folders, and must meet the following requirements:
■ Employee-specific forms are stored in the Forms folder These forms should be accessible by all employees
■ Only Authenticated Users should be able to access the forms
■ Employees can upload completed forms to a folder named Forms\Reports
Supervisors are members of the Supervisors Global Group
NTFS permissions are set on all folders to Authenticated Users–Modify
Permissions are granted to the shared folders as follows:
Shared Folder Share Permissions
Supervisors Supervisors, Allow Read
<username> <username> Allow Change
Which of the following requirements is met? (Select all that apply.)
A
B
C
D Only Authenticated Users can download forms
E Only Supervisors can download Supervisor-specific forms
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 12All users are able to log on locally to the computer
What permissions do you need to set on the shared folder? (Select all that apply.)
Trang 13Objective 3.1 Configure Access to Shared Folders 16-7
4 A folder, Documents, on Server01 is shared as Docs$ The permissions on the shared folder are set as follows:
■ Docs$ Shared Folder Permissions: Everyone–Full Control
■ Documents Folder NTFS Permissions: Authenticated Users–Read, Write; ers–Modify; Administrators–Full Control
Manag-Which of the following statements regarding access to the resource are true? (Select all that apply.)
A Only Administrators can access the shared folder from the network
B All Users can access the shared folder from the network
C Authenticated Users can delete files in the folder
D Managers can delete files in the folder
E Authenticated Users can write files in the folder
F Authenticated Users can change ownership of a file in the folder
G Managers can change ownership of a file in the folder
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 14Objective 3.1 Answers
1 Correct Answers: A, B, and D
A Correct: All employees can access their forms through the Forms shared folder as
part of the Everyone Group
B Correct: All employees can access their user folders through the change permis
sion assigned to them
C Incorrect: Although the change permission on each username folder restricts
access through that share point, any user can navigate to any individual folder through the Forms shared folder
D Correct: In Windows Server 2003, by default, the Everyone group does not con
tain the identity Anonymous Logon
E Incorrect: Although the users will not be able to access the Supervisors shared
folder directly, they can navigate to it using the Forms shared folder
2 Correct Answers: C and E
A Incorrect: Giving Authenticated Users Full Control permission will allow modi
fication or deletion of any files in the folder, which gives more permission than required
B Incorrect: Giving Authenticated Users Change permission will allow modifica
tion of any files in the folder, which gives more permission that required
C Correct: Giving Authenticated Users Read permission will allow reading of any
files in the folder, which fulfills the requirement
D Incorrect: Giving permissions for Creator/Owner–Full Control will allow users to
modify or delete their own files, but would also allow them to change permissions
on the files With the ability to change permissions, the Creator/Owner could set permissions that allow other users to modify or delete files
E Correct: Giving permissions for Creator/Owner–Change will allow users who
create the file to modify or delete it, which satisfies the requirements
F Incorrect: Giving permissions for Creator/Owner–Read will not allow users to
create or modify any files in the folder, which does not satisfy the requirements
3 Correct Answers: D and E
A Incorrect: This setting will allow any user logged on to the computer to change
files The NTFS permissions are the only permissions that apply to users logged on locally, which is what the Interactive entity group includes
Trang 15Objective 3.1 Configure Access to Shared Folders 16-9
B Incorrect: This setting will allow any user logged on to the computer to read
files, which violates the requirements The NTFS permissions are the only permissions which apply to users logged on locally, which is what the Interactive entity group includes
C Incorrect: This setting will allow any user logged on to the computer to read
files, which violates the requirements The NTFS permissions are the only permissions which apply to users logged on locally, which is what the Interactive entity group includes
D Correct: This setting will allow for the Managers to have change permission
when logged on locally They will also have the change permission when accessing the file from the network unless the share permissions are more restrictive
E Correct: This setting will allow all users who access the folder from across the
network to have read access With no other share permissions assigned, the Managers will not have any additional access to the files outside the context of their being in the Network entity group
F Incorrect: The interactive permission, although it can be set, does not have any
effect for users attaching across the network The Interactive entity group is for users who log on locally at the console of the computer
G Incorrect: This setting will allow the Managers to change the files from across
the network, which violates the requirements: the Managers are only to be able to read and modify files when they are logged on locally to the computer
4 Correct Answers: B, D, and E
A Incorrect: The $ in the share name hides the share from the browse list, but does
not affect the permissions of the share available from the network Although any shares created by the operating system as hidden shares to the root of a drive are configured with Administrator-only access permission, any hidden shares created manually do not have the Administrator-only access permissions set
B Correct: The combination of Full Control shared folder permissions and Read,
Write NTFS permissions allow for access from the network by Authenticated Users
C Incorrect: Users do not have Delete or Modify permissions, which are required
to delete files
D Correct: The NTFS Modify permission allows Managers to delete files
E Correct: The NTFS Write permission allows Authenticated Users to write files to
the folder
F Incorrect: The NTFS Read, Write permissions are insufficient to allow modifica
tion of file ownership
G Incorrect: The NTFS Modify permission is insufficient to allow modification of
file ownership
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 16Objective 3.2
Troubleshoot Terminal Services
Terminal Services has unique permission and configuration settings compared with share permissions on other resources The use of Terminal Services requires User Rights (log on locally, for example) for the computer on which Terminal Services is running in addition to the explicit permission to use Terminal Services In Windows Server 2003, all these rights and permission for the use of Terminal Services are given
to the Remote Desktop Users group
The settings in Terminal Services for Remote Control, home directory, application startup, and profile settings should not be confused with the permissions and User Rights needed to access Terminal Services
Trang 17Objective 3.2 Troubleshoot Terminal Services 16-11
Objective 3.2 Questions
1 You have configured several users to be able to connect to Server01 through Terminal Services, and have modified the default configuration with the Terminal Services Con-figuration console to allow for redirection of client printers The goal is for all users of the Terminal Server to be able to print to print devices configured on their local computer from their Terminal Server session
The users, however, report that they are unable to print to their locally configured print devices
What should you do to correct the problem?
A Enable the Client/Server data redirection setting in Group Policy for each Terminal Server client computer
B Enable the Client/Server data redirection setting in Group Policy for the Terminal Server computer
C Instruct the user to install the local printer from within their Terminal Server session
D Use a logon script for the users’ Terminal Server session to add the printer
2 You have configured several client computers with the Terminal Service client, Remote Desktop Connection, and have configured a Terminal Server in Remote Desktop for Administration (default) mode When the users attempt to connect to the Terminal Server, they receive an error message stating that the local policy of this system does not permit them to log on interactively
What should you do to correct the problem?
A
B
C Enable the Group Policy setting for Client/Server data redirection
D Enable the Terminal Services Remote Control setting for each user
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 183 A user has sent you a request, by e-mail, for a Remote Assistance session You attempt
to connect to the user’s computer to establish the Remote Desktop session, but cannot establish the network connection
You are able to connect to the user’s computer to access the file system through the C$ share
What is the most likely cause of the problem?
A Your user account is not a member of the local Administrators group on the user’s computer
B You do not have the Terminal Services client installed on your computer
C Port 3389 is not open on the firewall between your network segment and the work segment that the user’s computer is on
net-D The user’s account in Active Directory is configured so as not to allow Remote Control
4 All computer users in your company access several applications through a single Terminal Server, Server01, located on the same Local Area Network segment You are running a Windows Server 2003 Active Directory and DNS, and the Terminal Server is a Windows Server 2003 server
At the end of business on the previous day, you renamed the Terminal Server to App1 You verified that the server was reachable using its new name through Terminal Services both as administrator and as a regular user, and through Windows Explorer This morning, all users report that they cannot connect to the Terminal Server You verify that connection to the Terminal Server is possible through Windows Explorer, but that user connection through Terminal Services is not possible You are able to connect
to the Terminal Server as Administrator
What is the most likely cause of the problem?
A
B
C A Terminal Services Licensing Server needs to be installed and configured
D The Terminal Server needs to be restarted
Trang 19Objective 3.2 Troubleshoot Terminal Services 16-13
5 You attempt to connect to Server01 through the Remote Desktop for Administration client, but receive a message that you cannot connect because the number of concurrent connections has been exceeded
You can connect with the Remote Desktop for Administration client to Server02, Server03, and Server04, which are member servers in the same domain You have administrator privileges on each of these servers
Server01 is not physically accessible to you, as it is in a remote location
What steps should you take to resolve the problem? (Select all that apply.)
A Connect to Server02 with the Remote Desktop for Administration client
B Connect to Server01 from the Terminal Services session on Server02 with the Terminal Services Manager Disconnect one of the Remote sessions
C Connect to Server01 from the Terminal Services session on Server02 with the Remote Desktop for Administration client Disconnect one of the Remote sessions
D Open the Server01 Properties dialog box from Active Directory Users And Computers Configure Server01 to deny Terminal Services connections, and then reconfigure Server01 to allow Terminal Services connections
E Connect to Server01 from the Terminal Services session on Server02 with the Remote Desktop for Administration client Open the System properties page for Server01 and configure Server01 to deny Remote Desktop Connections, and then reconfigure Server01 to allow Remote Desktop Connections
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 20Objective 3.2 Answers
1 Correct Answers: A
A Correct: Although set to Not Configured by default, if set to Disabled, this Group
Policy setting will override the Terminal Server console settings for the property of data redirection Changing this policy from Disabled to Enabled will correct the problem
B Incorrect: This Group Policy setting is for local computer behavior during a Ter
minal Services session from that computer Enabling this setting for the Terminal Server computer would control outgoing Terminal Server sessions from that con-sole, not incoming from the client computers as required here
C Incorrect: This would configure a network printer connection to the local com
puter, which is not what the circumstance requires Additional steps to share and set permissions for the printer from the local computer would have to be taken
D Incorrect: This would configure a network printer connection to the local com
puter, which is not what the circumstance requires Additional steps to share and set permissions for the printer from the local computer would have to be taken
2 Correct Answers: A
A Correct: The Remote Desktop Users group has the appropriate configuration and
rights to allow access to the Terminal Server
B Incorrect: This setting will remove one of the barriers to the user’s connecting to
the Terminal Server, but there are permissions for connection to the Terminal Server itself that still must be set Additionally, this action would allow the user to log on locally to the console as well, which may not be desired
C Incorrect: This setting is for controlling how printer and drive redirection is
accomplished within a user session, not for configuring logon access to the session itself
D Incorrect: This setting is for controlling how Remote Control can be used on an
established Terminal Services session, not for the logon access to the session itself
3 Correct Answers: C
A Incorrect: This is not the case, seeing as you are able to establish a connection
to an administrative share point (C$) on the user’s computer
B Incorrect: The Terminal Services client is not involved in a Remote Assistance
session The Windows Messenger Services are responsible for handling the establishment and usage of a Remote Assistance session
Trang 21Objective 3.2 Troubleshoot Terminal Services 16-15
C Correct: The Remote Assistance services use port 3389 to communicate If you
are unable to establish a connection to the user’s computer, this is likely the problem
D Incorrect: This setting controls whether or not Remote Control is allowed of a
user’s Terminal Server session, not Remote Assistance
4 Correct Answers: C
A Incorrect: Because the computer is reachable through Windows Explorer, name
resolution is not the problem
B Incorrect: The connection permissions were configured properly, as you verified
after the name change on the Terminal Server, and there are no other refresh problems that would occur These permissions are not affected by any DNS or Group Policy refreshing mechanism
C Correct: This is likely the cause of the problem Terminal Services will install and
run properly for 120 days After this period has expired, the Terminal Server will refuse connections until a License Server is configured and available
D Incorrect: The service is not likely to be the problem because you can connect
as Administrator, and the service was running properly when tested after the server name change
5 Correct Answers: A and B
A Correct: By connecting to another Terminal Server (any of the others accessible
to you would suffice), you will gain access to the Terminal Services Manager sole, which is how you will disconnect one of the established Terminal Services sessions to Server01, allowing you to establish another under your credentials
con-B Correct: The Terminal Services Manager can connect to any server in the domain
that is running Terminal Services From the Terminal Services Manager, you are able to disconnect one of the remote sessions, allowing you to establish another under your credentials
C Incorrect: If you are unable to connect to Server01 using the Remote Desktop
client on your computer, the same denial of connection will occur if you attempt
to connect from any other computer, regardless of whether or not that other computer is a Terminal Server
D Incorrect: This is not a valid option The Properties dialog box of a system in
Active Directory Users And Computers does not allow the configuration of Terminal Services
E Incorrect: This disabling/enabling exercise will not change any configuration on
the computer, nor will it disconnect any active sessions Because the denial of your remote connection is due to the limit on the number of sessions, the problem persists
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 22NTFS permissions function in the same way as share permissions in terms of blending
to effective permissions All the SIDs that are listed in your user token are compared with the entries in the ACL for a resource All of the permissions for your various SIDs are sorted, and the most liberal permission is given
Exceptions to this liberal blending are if any of the permissions associated with one of your SIDs is a deny permission: in that case, the deny permission overrides
Trang 23Objective 3.3 Configure File System Permissions 16-17
Objective 3.3 Questions
1 A user, Joe, has an account in the contoso.com domain, and is a member of the Sales
global group The permissions on the Documents folder on the file server, output using the Cacls command, are as follows:
C:\>cacls documents C:\Documents CONTOSO\Joe:(OI)(CI)(DENY)(special access:)
READ_CONTROL FILE_READ_DATA FILE_READ_EA FILE_READ_ATTRIBUTES
CONTOSO\Sales:(OI)(CI)(DENY)(special access:)
FILE_WRITE_DATA FILE_APPEND_DATA FILE_WRITE_EA FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:F CONTOSO\Sales:(CI)R CONTOSO\Sales:(OI)(CI)(special access:)
READ_CONTROL SYNCHRONIZE FILE_GENERIC_READ FILE_READ_DATA FILE_READ_EA FILE_READ_ATTRIBUTES
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 24BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F CREATOR OWNER:(OI)(CI)(IO)F BUILTIN\Users:(OI)(CI)R BUILTIN\Users:(CI)(special access:)
The Accounting group should have Read access to content in the Finance folder The AccountingExec group should have Change control over content in the Finance folder
All users need Read access to a file named Summary.rpt in the Finance folder Users should have access to no other files in the folder
How will you configure share and NTFS permissions on the Finance folder?
A Share: Accounting–Read; AccountingExec–Read; Users–Read NTFS: Accounting–Read; AccountingExec–Modify; Users–Read
B Share: Accounting–Full Control; AccountingExec–Full Control; Users–Read NTFS: Accounting–Read; AccountingExec–Modify; Users–List, Read access on Summary.rpt
C Share: Accounting–Read; AccountingExec–Modify; Users–Read NTFS: Accounting–Read; AccountingExec–Full Control; Users–Read
D Share: Accounting–Full Control; AccountingExec–Full Control; Users–Deny Read
Trang 25Objective 3.3 Configure File System Permissions 16-19
3 Current permissions set on the shared folder Documents are shown in the following graphic:
Which of the following statements is true of the permissions for the Sales Group? (Select all that apply.)
A Attributes of the folder can be read
B Attributes of the folder can be written
C Files can be written to the folder
D Files cannot be written to the folder
E Files can be read from the folder
F Files cannot be read from the folder
4 A folder called Reports on Server01 resides in the Marketing\Summary folder The Marketing folder is shared on the network with the name MKTG