module 2 day 3: windows file permissions through windows special permissions

Question 1

who do we want to give access to certain files and directories?

Answer 1

those who need it

Question 2

How are files and directory permissions assigned in Windows?

Answer 2

using Access Control Lists, or ACLs

Question 3

What will we work with in this course for files and directory permissions?

Answer 3

Discretionary Access Control Lists, or DACLs

Question 4

What can windows files and folders also have for permissions?

Answer 4

System Access Control Lists, or SACLs, assigned to them

Question 5

What are used to tell Windows that it should use an event log to make a note of every time someone accesses a file or folder?

Answer 5

SACLs

Question 6

What is a note about who can use a file and what they’re allowed to do with it?

Answer 6

DACL

Question 7

What has an owner and one or more DACL?

Answer 7

Each file or folder on a Windows machin

Question 8

how can you see the properties dialogue for your Home Directory in Windows?

Answer 8

Go in file explorer, home directory, right click desktop, select properties

Question 9

how do you see the permissions window in the properties dialogue for a directory?

Answer 9

go to the securities tab, and that tab is the permissions window.

Question 10

what is in the top box in the permissions window for a directory?

Answer 10

Group or user names

Question 11

what is in the bottoms box in the permissions window for a directory?

Answer 11

Permissions for SYSTEM, a list of permissions that each user group has been assigned

Question 12

What permission lets you see that a file exists and lets you read its contents and also lets you read the files and directories in a directory?

Answer 12

Read

Question 13

What permission lets you read files, and if the file is executable, you can run the file? Includes Read, so if you select it, Read will be automatically selected

Answer 13

Read and Execute

Question 14

what permission is an alias for Read and Execute on a directory? so checking one will check the other? You can read and execute files in that directory

Answer 14

List folder contents

Question 15

what permission lets you make changes to a file? you can have this access without having read permission. Lets you create subdirectories and write to files in the directory

Answer 15

Write

Question 16

what permission is an umbrella permission that includes read, execute, and write?

Answer 16

Modify

Question 17

what permission gives a user or group access to do anything they want to the file? All the permissions of modify, and the ability to take ownership of a file and change its ACLs.

Answer 17

Full Control

Question 18

how can you see the permissions for the user?

Answer 18

click on the user’s name in the permissions page for the file or directory, and it will show in the Permissions list below.

Question 19

how can you see which ACLs are assigned to a file? what utility designed to view and change ACLs?

Answer 19

use icacls, improved change ACLs. PowerShell.

Question 20

how would you look at the desktop with icacls?

Answer 20

icacls ~\Desktop

Question 21

what does the output for icacls ~\Desktop show us?

Answer 21

you can see the user accounts with access to your Desktop, and you can see if your account is one of them.

Question 22

In PowerShell, in icacls, what do the capital letters in parentheses represent?

Answer 22

the ones in front of the user represent the file permissions the user has.

Question 23

what is the help parameter for icacls?

Answer 23

icacls /? It’s a DOS command

Question 24

in icacls, what does F mean?

Answer 24

full access

Question 25

what is full access the same as?

Answer 25

full control

Question 26

what permissions can be inherited?

Answer 26

ntfs

Question 27

what does OI mean in icacls?

Answer 27

object inherit

Question 28

what does CI mean in icacls?

Answer 28

container inherit

Question 29

what does it mean if I have object and container inherit permissions, with full access?

Answer 29

if I create objects, files, or containers, directories, inside that directory, they inherit that DACL, and I retain full access permissions with them. objects and containers.

Question 30

what is a list of access control entries, or ACE?

Answer 30

ACL

Question 31

What identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee?

Answer 31

Each ACE in an ACL

Question 32

What can contain two types of ACL: a DACL and a SACL?

Answer 32

the security descriptor for a securable object

Question 33

What does DACL stand for?

Answer 33

discretionary access control list

Question 34

What identifies the trustees that are allowed or denied access to a securable object?

Answer 34

DACL

Question 35

When does the system check the ACEs in the object’s DACL to determine whether to grant access to it?

Answer 35

when a process tries to access a securable object

Question 36

what does the system do if the object doesn’t have a DACL?

Answer 36

grants full access to everyone

Question 37

what happens if the object’s DACL has no ACE?

Answer 37

the system denies all attempts to access the object because the DACL doesn’t allow any access rights

Question 38

What does the system do until it finds one or more ACE that alllow all the requested access rights or until any of the requested access rights are denied?

Answer 38

checks the ACE’s in sequence

Question 39

what allows admins to log attempts to access a secured object?

Answer 39

sacls

Question 40

what specifies the types of access attempts by a specified trustee that cause the system to generate a record in the security event log?

Answer 40

each ACE

Question 41

what can generate audit records when an access attempt fails, when it succeeds, or both?

Answer 41

an ACE in a SACL

Question 42

What should i use to make sure that ACLs are semantically correct?

Answer 42

use the appropriate functions to create and manipulate ACLs. Don’t work directly with them.

Question 43

what provide access control to Microsoft Active Directory service objects?

Answer 43

ACLs

Question 44

What include routines to create and modify the contents of ACLs?

Answer 44

Active Directory Service Interfaces, ADSI

Question 45

How many different permissions can you have in Linux?

Answer 45

three

Question 46

in Linux, what permission lets someone read the contents of a file or folder?

Answer 46

Read

Question 47

in linux, what permission allows someone to write information to a file or folder?

Answer 47

write

Question 48

in linux, what permission allows someone to execute a program?

Answer 48

Execute

Question 49

what flag with the ls command in linux lets us see the permissions on a file?

Answer 49

ls -l

Question 50

when looking at a file’s long ls, what is the first thing we see in the first column? linux.

Answer 50

10 bits. the first is the file type, the next 9 bits are our actual permissions, grouped in trios or sets of three.

Question 51

what does a - mean for the file type? linux

Answer 51

regular file, in this example

Question 52

what does a d stand for as file type?

Answer 52

directory

Question 53

in linux, in the 9 bits that tell us our actual permissions, what does the first trio refer to?

Answer 53

the permission of the owner of the file

Question 54

in linux, in the 9 bits that tell us our actual permissions, what does the second trio refer to?

Answer 54

the permission of the group this file belongs to

Question 55

in linux, in the 9 bits that tell us our actual permissions, what does the third trio refer to?

Answer 55

the permission of all other users

Question 56

in actual permissions, what stands for readable? Linux.

Answer 56

r

Question 57

what stands for writable in linux permissions?

Answer 57

w

Question 58

what stands for executable in LInux permissions?

Answer 58

x

Question 59

in permissions, what do we say if a bit is set?

Answer 59

it is enabled.

Question 60

what does - mean in the linux actual permissions 9 bit section?

Answer 60

the permission is disabled. if not a dash, it is enabled.

Question 61

why are permissions in linux flexible and powerful?

Answer 61

They allow us to set specific permissions based on a role, such as an owner, in a group, or everyone else.

Question 62

where is the owner field of ls -l?

Answer 62

after the permissions field, after that one number. This owner is the one whose permissions are referred to in the first three bits of the permissions field.

Question 63

where is the group field of ls -l? where can you see the group this file belongs to?

Answer 63

after the owner field

Question 64

how do you change folder permissions on the Windows GUI?

Answer 64

right click on the folder you want to change permissions for, go to properties, security, Edit

Question 65

what do I need to input in the Add page to change user permissions? Adding a user on an ACL named Devan

Answer 65

enter the object names to select:
Devan
click check names to verify you typed it right, click OK after it is verified

Question 65

Where can I add a group or usernames to an ACL?

Answer 65

click Add in the Permissions for a file, in the Editing page.

Question 66

when can you click on Devan’s username in the permissions page to see the permissions he has?

Answer 66

when you add him to the ACL

Question 67

Where can I change permissions for a user I have added?

Answer 67

in the “permissions for user” section of the permissions page, where you edit permissions. Check the allow boxes for the permissions you want to give the user.

Question 68

what setting in the file/directory permissions page doesn’t allow you to have a certain permission? It takes precedence over the allow permissions in general

Answer 68

Deny.

Question 69

When is the Deny permissions option useful?

Answer 69

When a user is in a group with access to a folder, but we don’t want that individual in that group with access to have as much access as the rest of the group.

Question 70

what command can you use to modify a permission in the CLI?

Answer 70

icacls

Question 71

what command for permissions was designed for the command prompt before PowerShell? its parameters use permissions that confuse PowerShell

Answer 71

Icacls

Question 72

what do we need to do with icacls parameters so we tell PowerShell not to try to interpret the parameter as code?

Answer 72

single quotes

Question 73

what do I need to do to run the commands for icacls in cmd.exe?

Answer 73

not put in the quotes in order for them to work

Question 74

what is the format for giving everyone access to the filename, Vacation Pictures, in PowerShell?

Answer 74

”"”icacls ‘C:\Vacation Pictures' /grant ‘Everyone:(OI)(CI)(R)’ “””

Question 75

what is the format for using icacls in cmd.exe? to give everyone file permissions?

Answer 75

icacls “C:\Vacation Pictures” /grant Everyone:(OI)(CI)(R)

Question 76

in PowerShell, what quotes do we add to make PowerShell ignore parentheses and the fact that a filename path has a space?

Answer 76

single quotes

Question 77

in cmd.exe, what do we have to use with a path that has a space?

Answer 77

double quotes.

Question 78

what do I see when I put in PowerShell:
icacls ‘C:\Vacation Pictures’?

Answer 78

the DACLs for the file, which list the users that have permissions for it

Question 79

what permissions do you want to give a user you only want to see files, but not add to them or remove?

Answer 79

read

Question 80

how can I use icacls to give everyone Read permissions to a directory?

Answer 80

icacls ‘C:\Vacation Pictures' /grant ‘Everyone: (OI)(CI)(R)’

Question 81

what does the Everyone group include? PowerShell.

Answer 81

Everyone on the computer. Local user accounts, guests.

Question 82

A special type of user that is allowed to use the computer without a password. Disabled by default, but may be enabled in specific situations.

Answer 82

Guest users

Question 83

what if i only want people with passwords on the computer to be able to see a file?

Answer 83

Use the Authenticated Users group, which does not include guests

Question 84

how do you add a new dacl for the Authenticated Users group for the Vacation Pictures folder? Read permission

Answer 84

icacls ‘C:\Vacation Pictures' /grant: ‘Authenticated Users:(OI)(CI)(R)’

Question 85

how do you remove the group, “Everyone” from having access to the file, Vacation Pictures?

Answer 85

icacls ‘C:\Vacation Pictures’ /remove Everyone

no need to have Everyone surrounded by quotes.

Question 86

how do we use icacls to verify that permissions are set as intended? for Vacation Pictures

Answer 86

icacls ‘C:\Vacation Pictures’
and then you’ll see the list of Vacation Pictures

Question 87

what command do we use to change permissions in linux?

Answer 87

chmod

Question 88

what do you pick first for the chmod command?

Answer 88

the permission set you want to change

Question 89

what are the permission sets in linux?

Answer 89

owner, group the file belongs to, Other users

Question 90

what permission set is denoted by a u?

Answer 90

the owner

Question 91

what permission set in linux is denoted by a g?

Answer 91

the group the file belongs to

Question 92

what permission set in linux is denoted by an o?

Answer 92

other users

Question 93

how do you add or removed permissions? what symbol?

Answer 93

a plus or minus symbol that indicates who the permission effects

Question 94

what does chmod u+x, mycoolfile.txt do?

Answer 94

it says we want to change the permission of mycoolfile.txt by giving executable permissions to the owner, or u.

Question 95

what does chmod u-x mycoolfile.txt do?

Answer 95

removes executable permissions for the user.

Question 96

what does
chmod u+rx mycoolfile.txt
do?

Answer 96

add multiple permissions for the user to a file, read and execute in this case.

Question 97

what does chmod ugo+rx mycoolfile.txt do?

Answer 97

add multiple permissions, r and x, to multiple permission sets: owner, group the file belongs to, and others.

Question 98

what is known as symbolic format?

Answer 98

using ugo and rwx to denote users and permissions in chmod

Question 99

what is a benefit of changing permissions numerically?

Answer 99

it is much faster and simpler, and lets us change all permissions at once.

Question 100

numerical equivalent of rwx: for read, or r.

Answer 100

4 for read, or r

Question 101

the numerical equivalent of rwx: for write, or w

Answer 101

2 for write, or w

Question 102

the numerical equivalent of rwx: for execute, or x

Answer 102

1 for execute, or x

Question 103

how do we set permissions numerically?

Answer 103

add the numbers of rwx for every permission set you want to affect.

Question 104

what does chmod 754 mycoolfile.txt do?

Answer 104

change permissions for mycoolfile.txt so that:
7: owner has all permissions, 5: group that owns the file has the execute and read, 4: everyone else has the read permission

Question 105

what formats in linux can you use to change the permissions/

Answer 105

symbolic or numeric

Question 106

what command allows you to change the owner of a file?

Answer 106

the chown command

Question 107

What prank could I do that still keeps my computer relatively secure?

Answer 107

make a guest account that has very few permissions at all for someone to try to use.

Question 108

what would the command
sudo chown devan filename.txt
do?

Answer 108

change the owner of filename.txt to devan

Question 109

what does the command
sudo chgrp this_group filename.txt
do?

Answer 109

changes the group the file belongs to to this_group.

Question 110

what command do you use to change groups a file belongs to?

Answer 110

sudo chgrp filename.txt groupname

Question 111

what are an essential building block to computer security?

Answer 111

permissions

Question 112

what are the simple permissions in Windows?

Answer 112

Read, Read and Execute, List Folder Contents, Write, Modify, Full Control.

Question 113

What are sets of special, or specific permissions?

Answer 113

Simple permissions

Question 114

when you set a simple permission, what are you actually doing/

Answer 114

setting multiple special permissions

Question 115

where can you see a list of available special permissions? gui, windows

Answer 115

advanced tab, under the permission settings in the gui. click a username and go to advanced permissions.

Question 116

what can you see in advanced permissions?

Answer 116

a list of all the special permissions enabled on a file

Question 117

when you select a basic permission like read, what are you enabling in advanced permissions/

Answer 117

list folder/ read data, read attributes, read extended attributes, read permissions, synchronize

Question 118

how can you modify special permissions/

Answer 118

like any other basic permissions

Question 119

what permissions will be all you need in most cases?

Answer 119

simple permissions

Question 120

when would you need to use special permissions?

Answer 120

when making a file or folder that doesn’t follow a simple pattern

Question 121

in the PowerShell CLI, how would you view the special permissions? Temp folder

Answer 121

icacls C:\Windows\Temp

Question 122

what directory is used to hold temporary files for all users in the system?

Answer 122

C:\Windows\Temp

Question 123

what does IO mean in the DACL? for the C:\Windows\Temp folder

Answer 123

inherited only. it will be inherited, but it does not apply to this container.

Question 124

in the list of DACLs for C:\Windows\Temp, what includes the list of all user accounts on the local machine?

Answer 124

the user’s group

Question 125

In DACL’s, what permission does WD stand for?

Answer 125

create files/write data

Question 126

in DACLs, what permission does AD stand for?

Answer 126

Create folders, append data

Question 127

in DACLs, what does S stand for in permission?

Answer 127

synchronize

Question 128

what is the creator owner in DACL list?

Answer 128

a special user that represents the owner of whichever file the DACL applies to.

Question 129

What does
Creator owner:(OI)(CI)(IO)(F) represent?

Answer 129

whoever owns a file or folder has full control over it.

Question 130

how can you make a file? put it in C:\Windows\Temp, and name it example

Answer 130

mkdir C:\Windows\Temp\example

Question 131

what will
icacls C:\Windows\Temp\example&raquo_space; icacls.txt
do?

Answer 131

record the output of the icacls of example in the file icacls.txt.

Question 132

what is the redirect output symbol?

Answer 132

> >

Question 133

what does it mean that you inherit permissions when you make a file?

Answer 133

When you make a file, the permission settings for the owner or creator of the file apply to you.