Lesson 4: Configuring File and Share Access

Question 1

Reasons to store files on a shared server drive instead of local workstation

Answer 1

Collaboration, Backup, Access Control, Simplify network shared resources, monitor disk space consumption, manage permissions (prevent users from having to do it)

Question 2

3 resources provided to users in a well-designed sharing strategy

Answer 2

Private storage space (home folder)
Public storage space (for sharing)
Shared workspace for communal/collaborative docs

Question 3

Principle of least privileges

Answer 3

Users should have only the privileges they need to perform their required tasks.

Question 4

A users’s private storage should be ____

Answer 4

Private and inaccessible / invisible to other users

Question 5

ReFS lacks encryption and compression but still supports ___

Answer 5

NTFS - style permission system

Question 6

AD DS network

Answer 6

Network running Active Directory Domain Services

Question 7

Your sharing strategy tells you

Answer 7

What folders will be shared
What names you will assign the share
What permissions you will grant users to the shares
What offline files settings you will use for the shares

Question 8

SMB

Answer 8

Server message blocks. Standard file-sharing protocol used by all versions of Windows

Question 9

NFS

Answer 9

Standard file-sharing protocol used by most Unix / Linux distros

Question 10

Access-based Enumeration

Answer 10

Feature of file sharing that, when enabled, only allows users to see files/folders they can read, instead of listing everything.

Question 11

Share Caching

Answer 11

Allowing contents of a share to be available to offline users.

Question 12

BranchCache

Answer 12

Feature that when enabled allows branch cache servers to cache the contents of a shared directory locally for an offsite branch

Question 13

PowerShell command to add an SMB Share

Answer 13

New-smbShare -Name -Path [-FullAccess ] [-ReadAccess ] [-NoAccess ]

Question 14

Four permissions systems

Answer 14

Share permissions (folders over a network)
NTFS permissions (files on a disk)
Registry permissions (parts of the Windows registry)
AD Permissions (Access to AD DS hierarchy)

Question 15

ACL

Answer 15

Access control list

Question 16

ACE

Answer 16

Access control entries – permissions within an ACL

Question 17

Security Principle

Answer 17

The name of the user, group, or computer granted permission. Each ACE has one.

Question 18

Every ACL has _____s. Every _____s has a _____

Answer 18

Every ECL has ACEs. Every ACE has a Security Principle

Question 19

When you manage permissions in any 2012 permission system, you are actually creating/modifying ___ in a ____

Answer 19

ACEs in an ACL

Question 20

An ACL is at the ____ level.

Answer 20

File / Element / Folder. — In other words, adding an ACE to an ACL changes the element wherever it’s moved. A principle that has access to a folder on one network share has the same access if the folder is moved to another network share

Question 21

Additive permission strategy

Answer 21

Start with no permissions and then grant allow permissions to individual security principals to provide them with the access they need.

Question 22

Subtractive permission strategy

Answer 22

Start with all allow permissions and then grant deny

Question 23

Permission inheritance

Answer 23

Permissions tend to run downward through a hierarchy. Parent elements pass their permissions down to their subordinate elements

Question 24

How do you prevent subordinate elements from inheriting permissions from their parents?

Answer 24

Turn off inheritance

Deny permissions

Question 25

Turn off inheritance

Answer 25

When you assign advanced permissions, you can configure an ACE not to pass its permissions down to its subordinate elements. Not best practice.

Question 26

Deny Permissions & Inheritance

Answer 26

Assigning a deny permission to a system element overrides any allow permissions that the element might have inherited from its parent objects.

Question 27

Effective Access

Answer 27

The combination of allow, deny permissions that a security principal receives for a given system element, whether assigned, inherited or received through a group membership.

Applies just to NTFS permission system.

Question 28

Three rules that govern permission conflicts between permissions assigned, inherited or received through group membership

Answer 28

Allow permissions are cumulative
Deny permissions override allow permissions
Explicit permissions take precedence over inherited permissions

Question 29

Share permissions on a standalone server are not the same as NTFS permissions because ___

Answer 29

They do not combine or inherit in the same way.

Question 30

3 types of share permissions on a stand-alone serer

Answer 30

Full Control (this includes permisions modifications), Write, Read

Question 31

SID

Answer 31

Security Identifiers. Unique ID for a security principal

Question 32

Authorization

Answer 32

System reads the SIDs for a user and its groups & compares it to the SIDs stored in a file or folder’s ACEs to determine access level.

Question 33

What can you do with NTFS Full Control of a folder?

Answer 33

Modify folder permissions
Take ownership of the folder
Delete subfolders & files contained in the folder
Perform all actions associated with other NTFS file permissions

Question 34

What can you do with NTFS Full Control of a file?

Answer 34

Modify the file permissions
Take ownership of the file
Perform all actions associatd with the other NTFS folder permissions

Question 35

What can you do with NTFS Modify permission a folder?

Answer 35

Delete the folder

Perform all actions associated with read & execute and write permissions

Question 36

What can you do with NTFS Modify permission a file?

Answer 36

Modify the file
Delete the file
Perform all actions associated with the write and the Read/Execute permissions

Question 37

What can you do with NTFS Read and Execute permission a folder?

Answer 37

Navigate through restricted folders to reach other files and folders
Perform all actions associated with the read and list folder contents permissions

Question 38

What can you do with NTFS Read and Execute permission a file?

Answer 38

Perform all actions associated with the read permission

Run applications

Question 39

What can you do with NTFS List Folder Contents permission a folder?

Answer 39

View the names of the files and subfolders contained in the folder

Question 40

What can you do with NTFS Read permission a folder?

Answer 40

See the files and subfolders contained in the folder

View the folder’s ownership, permissions, and attributes

Question 41

What can you do with NTFS read permission a file?

Answer 41

Reach the file contents

View the file’s ownership, permissions and attributes

Question 42

What can you do with NTFS Write permission a folder?

Answer 42

Create new files and subfolders inside the folder
Modify the folder attributes
View the folder’s ownership and permissions

Question 43

What can you do with NTFS write permission a file?

Answer 43

Overwrite the file
modify the file attributes
view the file’s ownership and permissions

Question 44

Share versus NTFS permissions

Answer 44

Share permissions are for network shares. NTFS permissions are for files on a hard drive. These combine when NTFS permissions have been set for a network share.

Question 45

Simplest system between share and NTFS permission systems

Answer 45

Share permission system is simpler than NTFS by far

Question 46

When NTFS and share permissions conflict, which wins?

Answer 46

The most restrictive permission.

Question 47

When using a well planned NTFS permission system on a network share, how should you handle share permissions

Answer 47

It’s likely safe to open it up – Full control for all. The NTFS permissions will be more restrictive (if you planned it that way) and prevent issues.

Question 48

Shadow Copies

Answer 48

Previous versions of files on a server so that users can access deleted or overwritten copies of a file if they make a mistake

Question 49

Shadow copies can be applies to what

Answer 49

Entire volume. You cannot apply this to specific shares, folders or files.

Question 50

Most number of shadow copies supported for a single file

Answer 50

64

Question 51

NTFS Quotas

Answer 51

Enable you to set a storage limit for users of a particular volume. Set at the volume level.

Question 52

Limits of NTFS storage quotas

Answer 52

You can only set a single limit for all users of a volume.