8-11LESSON 2 ASSIGNING NTFS PERMISSIONS AND SPECIAL PERMISSIONSF08US06...

Question

8-11Lesson 2 Assigning NTFS Permissions and Special PermissionsF08us06Figure 8-6 Select special permissions by using the Permission Entry For dialog box.Table 8-5 Special PermissionsPermission DescriptionFull Control Full Control applies all permissions to the user or group.Traverse Folder/Traverse Folder is applied only to folders and allows a user to move (or Execute Filedenies a user from moving) through folders even when the user has no per-missions set on the traversed folder (the folder that the user is moving through). For example, a user might not have permissions set on a folder named Sales, but might have permission to access a subfolder named Bro-chures that is in the Sales folder. If allowed the Traverse Folder permission, the user could access the Brochures folder. The Traverse Folder permission has no affect on users for whom the Bypass Traverse Checking user right is assigned.Execute File is applied only to files and allows or denies running executable files (application files). Execute File applies only to files.List Folder/Read List Folder allows or denies viewing file names and subfolder names within the folder. List Folder applies only to folders.DataRead Data allows or denies viewing the contents of a file. Read Data applies only to files.Read Attributes Read Attributes allows or denies the viewing of the attributes of a file or folder. These attributes are defined by NTFS.Read Extended Read Extended Attributes allows or denies the viewing of extended Attributesattributes of a file or a folder. These attributes are defined by programs.Create Files/Create Files allows or denies the creation of files within a folder. Create Write DataFiles applies to folders only.Write Data allows or denies the making of changes to a file and the over-writing of existing content. Write Data applies to files only.Create Folders/Create Folders allows or denies the creation of folders within the folder. Append DataCreate Folders applies only to folders.Append Data allows or denies making changes to the end of the file, but not changing, deleting, or overwriting existing data. Append Data applies to files only.Write Attributes Write Attributes allows or denies the changing of the attributes of a file or Write Extended Attributes allows or denies the changing of the extended Write Extended Delete Subfolders Delete Subfolders And Files allows or denies the deletion of subfolders or And Filesfiles within a folder, even if the Delete permission has not been granted on the particular subfolder or file.Delete Delete allows or denies the deletion of a file or folder. A user can delete a file or folder even without having the Delete permission granted on that file or folder, if the Delete Subfolder And Files permission has been granted to the user on the parent folder.Read Permissions Read Permissions allows or denies the reading of the permissions assigned to the file or folder.Change Permis-Change Permissions allows or denies the changing of the permissions sionsassigned to the file or folder. You can give other administrators and users the ability to change permissions for a file or folder without giving them the Full Control permission over the file or folder. In this way, the administrator or user cannot delete or write to the file or folder, but can assign permis-sions to the file or folder.Take Ownership Take Ownership allows or denies taking ownership of the file or folder. The owner of a file can always change permissions on a file or folder, regardless of the permissions set to protect the file or folder.Synchronize Synchronize allows or denies different threads in a multithreaded program to synchronize with one another. A multithreaded program performs multi-ple actions simultaneously by using both processors in a dual-processor computer. This permission is not assigned to users, but instead applies only to multithreaded programs.!Exam Tip When you grant permissions, grant users the minimum permissions that they need to get their job done. This is referred to as the principle of least privilege.

8-11LESSON 2 ASSIGNING NTFS PERMISSIONS AND SPECIAL PERMISSIONSF08US06...

Select special permissions by using the Permission Entry For dialog box.

Special Permissions

Permission Description

Full Control Full Control applies all permissions to the user or group.

Traverse Folder/

Traverse Folder is applied only to folders and allows a user to move (or

Execute File

denies a user from moving) through folders even when the user has no per-

missions set on the traversed folder (the folder that the user is moving

through). For example, a user might not have permissions set on a folder

named Sales, but might have permission to access a subfolder named Bro-

chures that is in the Sales folder. If allowed the Traverse Folder permission,

the user could access the Brochures folder. The Traverse Folder permission

has no affect on users for whom the Bypass Traverse Checking user right is

assigned.

Execute File is applied only to files and allows or denies running executable

files (application files). Execute File applies only to files.

List Folder/Read

List Folder allows or denies viewing file names and subfolder names within

the folder. List Folder applies only to folders.

Data

Read Data allows or denies viewing the contents of a file. Read Data applies

only to files.

Read Attributes Read Attributes allows or denies the viewing of the attributes of a file or

folder. These attributes are defined by NTFS.

Read Extended

Read Extended Attributes allows or denies the viewing of extended

Attributes

attributes of a file or a folder. These attributes are defined by programs.

Create Files/

Create Files allows or denies the creation of files within a folder. Create

Write Data

Files applies to folders only.

Write Data allows or denies the making of changes to a file and the over-

writing of existing content. Write Data applies to files only.

Create Folders/

Create Folders allows or denies the creation of folders within the folder.

Append Data

Create Folders applies only to folders.

Append Data allows or denies making changes to the end of the file, but

not changing, deleting, or overwriting existing data. Append Data applies to

files only.

Write Attributes Write Attributes allows or denies the changing of the attributes of a file or

Write Extended Attributes allows or denies the changing of the extended

Write Extended

Delete Subfolders

Delete Subfolders And Files allows or denies the deletion of subfolders or

And Files

files within a folder, even if the Delete permission has not been granted on

the particular subfolder or file.

Delete Delete allows or denies the deletion of a file or folder. A user can delete a

file or folder even without having the Delete permission granted on that file

or folder, if the Delete Subfolder And Files permission has been granted to

the user on the parent folder.

Read Permissions Read Permissions allows or denies the reading of the permissions assigned

to the file or folder.

Change Permis-

Change Permissions allows or denies the changing of the permissions

sions

assigned to the file or folder. You can give other administrators and users

the ability to change permissions for a file or folder without giving them the

Full Control permission over the file or folder. In this way, the administrator

or user cannot delete or write to the file or folder, but can assign permis-

sions to the file or folder.

Take Ownership Take Ownership allows or denies taking ownership of the file or folder. The

owner of a file can always change permissions on a file or folder, regardless

of the permissions set to protect the file or folder.

Synchronize Synchronize allows or denies different threads in a multithreaded program

to synchronize with one another. A multithreaded program performs multi-

ple actions simultaneously by using both processors in a dual-processor

computer. This permission is not assigned to users, but instead applies only

to multithreaded programs.

!

Exam Tip When you grant permissions, grant users the minimum permissions that they

need to get their job done. This is referred to as the principle of least privilege.

Bạn đang xem 8 - - MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 - 270 PHẦN 4 DOC