Folder and file permissions question

[Dracula28]

Yeah I'm back to ask yet another stupid question. Anyway, walk me through this question;

You are configuring share permissions for a shared folder on a file server. You want all Authenticated users to be able to save files to the folder, read all files in the folder, and modify or delete files that they own.

What are the correct security and share permissions that you need to set on the shared forlder to achieve your objective? (choose all that apply)

A. Authenticated Users-Full Control
B. Authenticated Users-Change
C. Authenticated Users-Read
D. Creator /Owner-Full Control
E. Creator/Owner-Change
F. Creator/Owner-Read

Its easy to get that Creator Owner needs the change permission, but according to the training kit (where this question is from), Authenticated users only needs the Read permission. And thats what I do not get, because how can they create files in the folder, with only the read permission? Is there something I'm missing. Of course giving them the change permission would give them more permission than required, but how can they create files, with only the read permission?

[CharlesD]

What training kit?

What are you selecting for your answers - and why? Did you get the latest errata for your training kit?
_________________
MCSE, MCSA, MCDST, A+, N+
Currently Evil Network Admin snob
Retired Detective & K9 Patrol/Narcotics
USAF SPS K9 68-77 Vietnam Vet 69 DaNang, 70 Tuy Hoa

[Dracula28]

The official microsoft 70-290 training kit, its the second edition, which I received in the mail today. I think the same answer was listed in the first edition as well.

According to the training kit, correct answers are C and E. While I think that the Autheticated users would need atleast the write NTFS permission, and the change/write or full control share permission. Because how can they write files to the folder without having any write permissions to it?

Strange.

[CharlesD]

But you're mixing up Share and NTFS permissions. What did the question ask? Did it say anything regarding NTFS - answer NO, it said SHARE - there is a difference.

Go to your computer, go to a folder, right click it and go to "sharing and security, under tab sharing, click "share this folder", and click on "permissions" button, now what are your options - look carefully.

You'll have to add the authenicated users but you don't want to give any more access than necessary.

Know the difference - then it'll make sense.
_________________
MCSE, MCSA, MCDST, A+, N+
Currently Evil Network Admin snob
Retired Detective & K9 Patrol/Narcotics
USAF SPS K9 68-77 Vietnam Vet 69 DaNang, 70 Tuy Hoa

[thenjduke]

Listen to Charles on this one ! Just think about the question and read it carefully.

[Dracula28]

Hehe, I still don't get it guys.

The question asks "What are the correct security and share permissions that you need to set on the shared folder to achieve your objective?"

So I'm assuming that "security" in this instance are the NTFS permissions. Even if the Authenticated users are given read share permission, they still don't have the write ntfs permission (although they should have it by default of course,as all users have (special) write NTFS permission to a folder when its created), but still the more restrictive would be the read share permission. Unless the Autheticated users are given write permission to the folder, they will not be able to write to the folder.

Of course the default share premission is "everyone - read".

I think I'll ask the question at windowsitpro, Orin Thomas, one of the co-writers of the book, is a regular there, or atleast he used to be. And see what he/they answer.

[CharlesD]

And you won't get it as long as you confuse NTFS and Share permissions and what the question is asking. So we can't help you on that one, you're just going to have to keep studying from various sources until it clicks and your brain accepts the differences, plus paying close attention to exactly what question is asking.

EDIT: Oh and another thing, don't assume anything when you see certain words like "security" and your brain kicks back NTFS - Nothing in the question or possible answers indicate NTFS. If you look at the question, you'll see this is already a SHARED folder on a network. You are ONLY configuring SHARE permissions to accomplish a set goal. In this case you're only selecting the BEST possible answers to accomplish a task, you're not reconfiguring the network share.
_________________
MCSE, MCSA, MCDST, A+, N+
Currently Evil Network Admin snob
Retired Detective & K9 Patrol/Narcotics
USAF SPS K9 68-77 Vietnam Vet 69 DaNang, 70 Tuy Hoa

[CharlesD]

Read this section http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml beginning at Share Permissions:

Read it first, then look at the whole article (which was right here on this site).
_________________
MCSE, MCSA, MCDST, A+, N+
Currently Evil Network Admin snob
Retired Detective & K9 Patrol/Narcotics
USAF SPS K9 68-77 Vietnam Vet 69 DaNang, 70 Tuy Hoa

[Dracula28]

Its not my intention to be difficult, nor am I trying to prove the training kit wrong. I apologize if it seems that way. My sole purpose is to try and understand the subject, because I honestly have a hard time comprehending how someone with only read permissions can write to a folder. I (of course) do know the difference between NTFS and share permissions, otherwise I would not have passed the 270 exam.

Anyway, please tell me where in my thought process I'm thinking wrong:

I create a new folder called "finance", and share it, by default, it has the following share and ntfs permissions:

Share

Everyone - Read

NTFS

Administrators - Full control
Creator Owner - Special (Full Control)
System - Full Control
Users - Read & special (write)

Everyones effective permission: Read

Now I add the creator owner group to the share permissions tab, and give them the change share permission. Then I add the authenticated users group, and give them the read share permission.

Which gives the following Share permissions:

Everyone - Read
Creator Owner - Change
Authenticated users - Read

Ntfs permissions stay the same; which means that the authenticated users effective ntfs permission is write, but but their effective share permission is read, which means that their effective permission, when they connect to the folder via network, should be read, which is the more restrictive.

I think we've established that my thought process in this matter is wrong, but I just want to know, where do I go wrong?

Btw, I've tried the scenario I listed above in a lab, and I get access is denied when I try to write to the folder. Maybe I'm supposed to assume that Everyone has been given full control share permission, which is the norm in working enviroments? In that case Authenticated users effective permission would of course be the more restrictive (NTFS) write permission.

[Dracula28]

[CharlesD]

and we have a winner good job.
_________________
MCSE, MCSA, MCDST, A+, N+
Currently Evil Network Admin snob
Retired Detective & K9 Patrol/Narcotics
USAF SPS K9 68-77 Vietnam Vet 69 DaNang, 70 Tuy Hoa

[Dracula28]

Thanks. I've printed the errata and I'm keeping it by my side for future references.

[CharlesD]

I generally make the corrections in my books ASAP. I generally donate my books after I'm done with them to the local library if I don't intend on keeping them as reference books.
_________________
MCSE, MCSA, MCDST, A+, N+
Currently Evil Network Admin snob
Retired Detective & K9 Patrol/Narcotics
USAF SPS K9 68-77 Vietnam Vet 69 DaNang, 70 Tuy Hoa

[DragonNOA1]

Can you post a link to the errata so I can download also? I've been searching and can't find it. Thanks.
_________________
The command line, an elegant weapon for a more civilized age

[CharlesD]

What is the title and publisher of your book? - Info is on their web site.
_________________
MCSE, MCSA, MCDST, A+, N+
Currently Evil Network Admin snob
Retired Detective & K9 Patrol/Narcotics
USAF SPS K9 68-77 Vietnam Vet 69 DaNang, 70 Tuy Hoa