Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
18 Cards in this Set
- Front
- Back
|
access control entries (ACEs)
|
Each ACE consists of a security principal (that is, the name of the user, group, or computer being granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows 7 permission systems, you are actually creating and modifying the ACEs in an ACL.
|
|
|
access control list (ACL)
|
An ACL is a collection of individual permissions, in the form of access control entries (ACEs).
|
|
|
effective permissions
|
Effective permissions are the combination of Allow permissions and Deny permissions that a security principal receives for a given system element, whether explicitly assigned, inherited, or received through a group membership.
|
|
|
NTFS permissions
|
Control access to the files and folders stored on disk volumes formatted with the NTFS file system. To access a file, whether on the local system or over a network, a user must have the appropriate NTFS permissions.
|
|
|
print device
|
A print device is the actual hardware that produces hard copy documents on paper or other print media. Windows 7 supports both local print devices, which are directly attached to the computer's parallel, serial, Universal Serial Bus (USB), or IEEE 1394 (FireWire) ports, or network interface print devices, which are connected to the network, either directly or through another computer.
|
|
|
printer
|
In Windows parlance, a printer is the software interface through which a computer communicates with a print device. Windows 7 supports numerous interfaces, including parallel (LPT), serial (COM), USB, IEEE 1394, Infrared Data Access (IrDA), and Bluetooth ports, and network printing services such as lpr, Internet Printing Protocol (IPP), and standard TCP/IP ports.
|
|
|
printer control language (PCL)
|
The printer is associated with a printer driver that takes the commands generated by the application and converts them into a language understood by the printer, which is called a printer control language (PCL). PCLs can be standardized, as in the case of the PostScript language, or they can be proprietary languages developed by the print device manager.
|
|
|
printer driver
|
A printer driver is a device driver that converts the print jobs generated by applications into an appropriate string of commands for a specific print device. Printer drivers are designed for a specific print device and provide applications with access to all of the print device's features.
|
|
|
print server
|
A print server is a computer (or stand‐alone device) that receives print jobs from clients and sends them to print devices that are either locally attached or connected to the network.
|
|
|
security principal
|
The name of the user, group, or computer being granted the permissions
|
|
|
Share permissions
|
Control access to files and folders shared over a network. To access a file over a network, a user must have appropriate share permissions and appropriate NTFS permissions.
|
|
|
Additive Permission Management
|
Start with no permissions and then grant Allow permissions to individual security principals to provide them with the access they need.
|
|
|
Subtractive Permission Management
|
Start by granting all possible Allow permissions to individual security principals, providing them with full control over the system element, and then grant them Deny permissions for the access you don't want them to have.
|
|
|
Turn off inheritance
|
When you assign special permissions, you can configure an ACE not to pass its permissions down to its subordinate elements. This effectively blocks the inheritance process.
|
|
|
Deny permissions
|
When you assign a Deny permission to a system element, it overrides any Allow permissions that the element might have inherited from its parent objects.
|
|
|
NTFS Copying Files/Folders
|
When you copy NTFS files or folders from one location to another, whether the destination is on the same or a different NTFS volume, the new copy does not take the permissions from its original location with it. Instead, the new copy inherits permissions from its parent folder at the new location.
|
|
|
NTFS Moving Files/Folders
|
When moving files or folders, the behavior is different. If you move files or folders to a new location on the same NTFS volume, their existing permissions move with them. If you move files or folders to a different volume, they leave their existing permissions behind and inherit permissions from the parent folder at the new location.
|
|
|
Effective Permission Rules
|
Allow permissions are cumulative: When a security principal receives Allow permissions from more than one source, the permissions are combined to form effective permissions. For example, if Alice receives the Allow Read and Allow List Folder Contents permissions for a particular folder by inheriting them from its parent folder, and receives the Allow Write and Allow Modify permissions to the same folder from a group membership, Alice's effective permissions for the folder are the combination of all four permissions. If you then explicitly grant Alice's user account the Allow Full Control permission, this fifth permission is combined with the other four.
Deny permissions override Allow permissions: When a security principal receives Allow permissions, whether explicitly, by inheritance, or from a group, you can override those permissions by granting the principal Deny permissions of the same type. For example, if Alice receives the Allow Read and Allow List Folder Contents permissions for a particular folder by inheritance, and receives the Allow Write and Allow Modify permissions to the same folder from a group membership, explicitly granting her the Deny permissions to that folder prevents her from accessing it in any way. Explicit permissions take precedence over inherited permissions: When a security principal receives permissions by inheriting them from a parent or from group memberships, you can override those permissions by explicitly assigning contradicting permissions to the security principal itself. For example, if Alice inherits the Deny Full Access permission for a folder, explicitly assigning her user account the Allow Full Access permission to that folder overrides the denial. |
