Mary belongs to the Accounting group and the Temps group. The AP folder, which is located on a computer running Windows XP, has the following permissions:
Accounting - Allow Modify Temps - Deny Write
The AP folder is shared and the share has the Everyone - Full Control permission.
What access to the folder does Mary have when accessing it through the network share?
1. Mary cannot access any files in the folder.
2. >>Mary can read and modify files in the folder.
3. Mary can read files in the folder.
4. Mary can read, modify, and delete files in the folder.
Explanation : Mary can read files in the folder, but cannot modify or delete them. Mary obtains the Read permission through her membership in the Accounting group. However, her membership in the Temps group revokes the Write permission that would otherwise be granted through her membership in Accounting. When a resource is accessed through a share, both the NTFS permissions and the share permissions are checked and the most restrictive set of permissions is used. In this case, the most restrictive permissions are the NTFS permissions.
Mary cannot modify files in the share because a Deny overrides any Allow and the Temp group is denied Write permission.
Mary cannot delete files in the share. The Modify permission grants the ability to read, create, and modify files. However, users can only delete their own files. Also, Mary is denied Write access so she cannot make changes to the contents of the folder.
Mary can read files in the share. This permission is assigned as part of the Modify permission.
Objective: Security
