dragontkm

You are the network administrator for Company. The network consists of a single Active Directory domain named Company.com. All network servers run Windows Server 2003. All client computers run Windows XP Professional. An administrator named Sara creates a shared folder named Data on a server named Server1. The shared folder is a central location for users to store and share data. The shared folder is accessed only from the network. When a user named Karen attempts to copy a file name Sales.doc to a shared folder, she receives the error message shown in the exhibit. Error Copying File or Folder Cannot Copy Sales.doc. Access is denied. Make sure that the disk is not full or write protected and that the file is not currently in use. You view the effective permissions of the Users group for the Data folder Effective Permissions for USERS group in Advanced Security Settings for DATA share: All checked except for Full Control and Delete Subfolders and files You need to ensure that users can modify documents in the Data shared folder. What should you do? A.Assign the Anonymous group theAllow - Full Control NTFS permissions for the Data folder. B.Assign the Anonymous group theAllow - Change share permissions for the Data shared folder. C.Instruct User to log off and then log on to her computer. D.Enable File and Print Sharing on user's computer. I like to say B is the correct answer. But study material say C is the correct one. I'm thinking B becasue there is a note in the MS study material that in a Windows Server 2003 domain environment, you can allow members of the Anonymous Logon group to be members of the Everyone group on a domain controller by editing the domain security policy and also now with W2K3 Everyone Group now has READ only Share Permission by default. It does not state that Administrator made any changes to the Everyone group READ share permission and therefore it stays at READ only and it is possible that Domain Security Policy is edited to allow Anonymous group be part of Everyone Group. That way, Anonymouse group will have whatver Everyone group has, which is READ only. If that is the case, Anonymous group needs to be assigned with NTFS - allow - CHANGE permission on the shared folder users are having trouble with. Notice though with my strategy I had to assume that Domain Security Policy's edited which was no part in the question. Still I'm not sure what role the USER group plays here.

thx everyone.. I was just sitting in the dark thinking about it. Clear now

Originally, it came from this exam question. I'm taking 70-290 soon and studying on my own with limited materials. You are the network administrator for Company.com The network consists of a single Active Directory domain named Company.com. All network servers run Windows Server 2003 .All client computers run Windows XP Professional. A user named Laura regurarly accesses a folder named LauraDocs on a server named Company1. You instruct another administrator to audit and modify share permissions and NTFS permissions on . Now, Laura reports that she cannot access the shared folder from the network. You verify that no changes were made to group memberships in the domain. On Company1, you view effective permissions for the LauraDocs folder, as shown in the exhibit, You need to ensure that Laura can access the data in the shared folder. What should you do? Exhibit shows; All effective Permission Entries selected except for Full Control,Delete Subfolders and Filters. (and they are in shaded boxes so, I assume that they are inherinted entries) A.Add Laura's user account to the ACL on the Sharingtab. B.Instruct Laura to log off and log on to the computer. C.Delete Laura's user account and re-create the user account. D.Add Laura'user account to the local Power Users group. I'm picking answer A because it is the closest I could imagine. But i like to know the real reason behind this. I'm confused as to why we cannot correct this by making sure correct NTFS permissions applied to the user account for the resource access. Why bother share? permission? there is no exhibit that shows standard NTFS permissions. thx in advance

Please help explain: Why can't user access the data in shared folder while having the Effective Permissions in the Advance Security Settings to the resource for her?? Thx in advance

Your are right. To run applications hosted in shared folder, Allow - READ share permissions. Your explaination makes a lot of sense. It cleared up the confusion ...

help answer this: if we need to ensure that group members are required to run the application from the shared folder Add the group to the ACL on the Sharing tab and the ACL on the Security tab for the folder. You need to configure the appropriate permissions. What should you do? What share and NTFS permissions to apply?? Thx

just like we can configure NTFS level permissions to file, can we assign share permissions to file?

Is assigning Share Level Permissions on files on the network? Thx in advance

I found this site very helpful