Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
53 Cards in this Set
- Front
- Back
|
Question |
Answer
|
|
|
Reasons to store files on a shared server drive instead of local workstation
|
Collaboration Backup Access Control Simplify network shared resources monitor disk space consumption manage permissions (prevent users from having to do it)
|
|
|
3 resources provided to users in a well-designed sharing strategy
|
Private storage space (home folder)Public storage space (for sharing)Shared workspace for communal/collaborative docs
|
|
|
Principle of least privileges
|
Users should have only the privileges they need to perform their required tasks.
|
|
|
A users's private storage should be ____
|
Private and inaccessible / invisible to other users
|
|
|
ReFS lacks encryption and compression but still supports ___
|
NTFS - style permission system
|
|
|
AD DS network
|
Network running Active Directory Domain Services
|
|
|
Your sharing strategy tells you
|
What folders will be sharedWhat names you will assign the shareWhat permissions you will grant users to the sharesWhat offline files settings you will use for the shares
|
|
|
SMB
|
Server message blocks. Standard file-sharing protocol used by all versions of Windows
|
|
|
NFS
|
Standard file-sharing protocol used by most Unix / Linux distros
|
|
|
Access-based Enumeration
|
Feature of file sharing that when enabled only allows users to see files/folders they can read instead of listing everything.
|
|
|
Share Caching
|
Allowing contents of a share to be available to offline users.
|
|
|
BranchCache
|
Feature that when enabled allows branch cache servers to cache the contents of a shared directory locally for an offsite branch
|
|
|
PowerShell command to add an SMB Share
|
New-smbShare -Name -Path [-FullAccess ] [-ReadAccess ] [-NoAccess ]
|
|
|
Four permissions systems
|
Share permissions (folders over a network)NTFS permissions (files on a disk)Registry permissions (parts of the Windows registry)AD Permissions (Access to AD DS hierarchy)
|
|
|
ACL
|
Access control list
|
|
|
ACE
|
Access control entries -- permissions within an ACL
|
|
|
Security Principle
|
The name of the user group or computer granted permission. Each ACE has one.
|
|
|
Every ACL has _____s. Every _____s has a _____
|
Every ECL has ACEs. Every ACE has a Security Principle
|
|
|
When you manage permissions in any 2012 permission system you are actually creating/modifying ___ in a ____
|
ACEs in an ACL
|
|
|
An ACL is at the ____ level.
|
File / Element / Folder. --- In other words adding an ACE to an ACL changes the element wherever it's moved. A principle that has access to a folder on one network share has the same access if the folder is moved to another network share
|
|
|
Additive permission strategy
|
Start with no permissions and then grant allow permissions to individual security principals to provide them with the access they need.
|
|
|
Subtractive permission strategy
|
Start with all allow permissions and then grant deny
|
|
|
Permission inheritance
|
Permissions tend to run downward through a hierarchy. Parent elements pass their permissions down to their subordinate elements
|
|
|
How do you prevent subordinate elements from inheriting permissions from their parents?
|
Turn off inheritanceDeny permissions
|
|
|
Turn off inheritance
|
When you assign advanced permissions you can configure an ACE not to pass its permissions down to its subordinate elements. Not best practice.
|
|
|
Deny Permissions & Inheritance
|
Assigning a deny permission to a system element overrides any allow permissions that the element might have inherited from its parent objects.
|
|
|
Effective Access
|
The combination of allow deny permissions that a security principal receives for a given system element whether assigned inherited or received through a group membership. Applies just to NTFS permission system.
|
|
|
Three rules that govern permission conflicts between permissions assigned inherited or received through group membership
|
Allow permissions are cumulativeDeny permissions override allow permissionsExplicit permissions take precedence over inherited permissions
|
|
|
Share permissions on a standalone server are not the same as NTFS permissions because ___
|
They do not combine or inherit in the same way.
|
|
|
3 types of share permissions on a stand-alone serer
|
Full Control (this includes permisions modifications) Write Read
|
|
|
SID
|
Security Identifiers. Unique ID for a security principal
|
|
|
Authorization
|
System reads the SIDs for a user and its groups & compares it to the SIDs stored in a file or folder's ACEs to determine access level.
|
|
|
What can you do with NTFS Full Control of a folder?
|
Modify folder permissionsTake ownership of the folderDelete subfolders & files contained in the folderPerform all actions associated with other NTFS file permissions
|
|
|
What can you do with NTFS Full Control of a file?
|
Modify the file permissionsTake ownership of the filePerform all actions associatd with the other NTFS folder permissions
|
|
|
What can you do with NTFS Modify permission a folder?
|
Delete the folderPerform all actions associated with read & execute and write permissions
|
|
|
What can you do with NTFS Modify permission a file?
|
Modify the fileDelete the filePerform all actions associated with the write and the Read/Execute permissions
|
|
|
What can you do with NTFS Read and Execute permission a folder?
|
Navigate through restricted folders to reach other files and foldersPerform all actions associated with the read and list folder contents permissions
|
|
|
What can you do with NTFS Read and Execute permission a file?
|
Perform all actions associated with the read permissionRun applications
|
|
|
What can you do with NTFS List Folder Contents permission a folder?
|
View the names of the files and subfolders contained in the folder
|
|
|
What can you do with NTFS Read permission a folder?
|
See the files and subfolders contained in the folderView the folder's ownership permissions and attributes
|
|
|
What can you do with NTFS read permission a file?
|
Reach the file contentsView the file's ownership permissions and attributes
|
|
|
What can you do with NTFS Write permission a folder?
|
Create new files and subfolders inside the folderModify the folder attributesView the folder's ownership and permissions
|
|
|
What can you do with NTFS write permission a file?
|
Overwrite the filemodify the file attributesview the file's ownership and permissions
|
|
|
Share versus NTFS permissions
|
Share permissions are for network shares. NTFS permissions are for files on a hard drive. These combine when NTFS permissions have been set for a network share.
|
|
|
Simplest system between share and NTFS permission systems
|
Share permission system is simpler than NTFS by far
|
|
|
When NTFS and share permissions conflict which wins?
|
The most restrictive permission.
|
|
|
When using a well planned NTFS permission system on a network share how should you handle share permissions
|
It's likely safe to open it up -- Full control for all. The NTFS permissions will be more restrictive (if you planned it that way) and prevent issues.
|
|
|
Shadow Copies
|
Previous versions of files on a server so that users can access deleted or overwritten copies of a file if they make a mistake
|
|
|
Shadow copies can be applies to what
|
Entire volume. You cannot apply this to specific shares folders or files.
|
|
|
Most number of shadow copies supported for a single file
|
64
|
|
|
NTFS Quotas
|
Enable you to set a storage limit for users of a particular volume. Set at the volume level.
|
|
|
Limits of NTFS storage quotas
|
You can only set a single limit for all users of a volume. |
