Lesson 4: Configuring File and Share Access Flashcards

1
Q

Reasons to store files on a shared server drive instead of local workstation

A

Collaboration, Backup, Access Control, Simplify network shared resources, monitor disk space consumption, manage permissions (prevent users from having to do it)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

3 resources provided to users in a well-designed sharing strategy

A

Private storage space (home folder)
Public storage space (for sharing)
Shared workspace for communal/collaborative docs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Principle of least privileges

A

Users should have only the privileges they need to perform their required tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A users’s private storage should be ____

A

Private and inaccessible / invisible to other users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ReFS lacks encryption and compression but still supports ___

A

NTFS - style permission system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AD DS network

A

Network running Active Directory Domain Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your sharing strategy tells you

A

What folders will be shared
What names you will assign the share
What permissions you will grant users to the shares
What offline files settings you will use for the shares

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SMB

A

Server message blocks. Standard file-sharing protocol used by all versions of Windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

NFS

A

Standard file-sharing protocol used by most Unix / Linux distros

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Access-based Enumeration

A

Feature of file sharing that, when enabled, only allows users to see files/folders they can read, instead of listing everything.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Share Caching

A

Allowing contents of a share to be available to offline users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

BranchCache

A

Feature that when enabled allows branch cache servers to cache the contents of a shared directory locally for an offsite branch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

PowerShell command to add an SMB Share

A

New-smbShare -Name -Path [-FullAccess ] [-ReadAccess ] [-NoAccess ]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Four permissions systems

A
Share permissions (folders over a network)
NTFS permissions (files on a disk)
Registry permissions (parts of the Windows registry)
AD Permissions (Access to AD DS hierarchy)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ACL

A

Access control list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ACE

A

Access control entries – permissions within an ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Security Principle

A

The name of the user, group, or computer granted permission. Each ACE has one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Every ACL has _____s. Every _____s has a _____

A

Every ECL has ACEs. Every ACE has a Security Principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

When you manage permissions in any 2012 permission system, you are actually creating/modifying ___ in a ____

A

ACEs in an ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

An ACL is at the ____ level.

A

File / Element / Folder. — In other words, adding an ACE to an ACL changes the element wherever it’s moved. A principle that has access to a folder on one network share has the same access if the folder is moved to another network share

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Additive permission strategy

A

Start with no permissions and then grant allow permissions to individual security principals to provide them with the access they need.

22
Q

Subtractive permission strategy

A

Start with all allow permissions and then grant deny

23
Q

Permission inheritance

A

Permissions tend to run downward through a hierarchy. Parent elements pass their permissions down to their subordinate elements

24
Q

How do you prevent subordinate elements from inheriting permissions from their parents?

A

Turn off inheritance

Deny permissions

25
Q

Turn off inheritance

A

When you assign advanced permissions, you can configure an ACE not to pass its permissions down to its subordinate elements. Not best practice.

26
Q

Deny Permissions & Inheritance

A

Assigning a deny permission to a system element overrides any allow permissions that the element might have inherited from its parent objects.

27
Q

Effective Access

A

The combination of allow, deny permissions that a security principal receives for a given system element, whether assigned, inherited or received through a group membership.

Applies just to NTFS permission system.

28
Q

Three rules that govern permission conflicts between permissions assigned, inherited or received through group membership

A

Allow permissions are cumulative
Deny permissions override allow permissions
Explicit permissions take precedence over inherited permissions

29
Q

Share permissions on a standalone server are not the same as NTFS permissions because ___

A

They do not combine or inherit in the same way.

30
Q

3 types of share permissions on a stand-alone serer

A

Full Control (this includes permisions modifications), Write, Read

31
Q

SID

A

Security Identifiers. Unique ID for a security principal

32
Q

Authorization

A

System reads the SIDs for a user and its groups & compares it to the SIDs stored in a file or folder’s ACEs to determine access level.

33
Q

What can you do with NTFS Full Control of a folder?

A

Modify folder permissions
Take ownership of the folder
Delete subfolders & files contained in the folder
Perform all actions associated with other NTFS file permissions

34
Q

What can you do with NTFS Full Control of a file?

A

Modify the file permissions
Take ownership of the file
Perform all actions associatd with the other NTFS folder permissions

35
Q

What can you do with NTFS Modify permission a folder?

A

Delete the folder

Perform all actions associated with read & execute and write permissions

36
Q

What can you do with NTFS Modify permission a file?

A

Modify the file
Delete the file
Perform all actions associated with the write and the Read/Execute permissions

37
Q

What can you do with NTFS Read and Execute permission a folder?

A

Navigate through restricted folders to reach other files and folders
Perform all actions associated with the read and list folder contents permissions

38
Q

What can you do with NTFS Read and Execute permission a file?

A

Perform all actions associated with the read permission

Run applications

39
Q

What can you do with NTFS List Folder Contents permission a folder?

A

View the names of the files and subfolders contained in the folder

40
Q

What can you do with NTFS Read permission a folder?

A

See the files and subfolders contained in the folder

View the folder’s ownership, permissions, and attributes

41
Q

What can you do with NTFS read permission a file?

A

Reach the file contents

View the file’s ownership, permissions and attributes

42
Q

What can you do with NTFS Write permission a folder?

A

Create new files and subfolders inside the folder
Modify the folder attributes
View the folder’s ownership and permissions

43
Q

What can you do with NTFS write permission a file?

A

Overwrite the file
modify the file attributes
view the file’s ownership and permissions

44
Q

Share versus NTFS permissions

A

Share permissions are for network shares. NTFS permissions are for files on a hard drive. These combine when NTFS permissions have been set for a network share.

45
Q

Simplest system between share and NTFS permission systems

A

Share permission system is simpler than NTFS by far

46
Q

When NTFS and share permissions conflict, which wins?

A

The most restrictive permission.

47
Q

When using a well planned NTFS permission system on a network share, how should you handle share permissions

A

It’s likely safe to open it up – Full control for all. The NTFS permissions will be more restrictive (if you planned it that way) and prevent issues.

48
Q

Shadow Copies

A

Previous versions of files on a server so that users can access deleted or overwritten copies of a file if they make a mistake

49
Q

Shadow copies can be applies to what

A

Entire volume. You cannot apply this to specific shares, folders or files.

50
Q

Most number of shadow copies supported for a single file

A

64

51
Q

NTFS Quotas

A

Enable you to set a storage limit for users of a particular volume. Set at the volume level.

52
Q

Limits of NTFS storage quotas

A

You can only set a single limit for all users of a volume.