Ok, so this is my first time posting here, and I am not very sure if I should even be posting this here, but I am going to give it a shot in hopes that someone will help me out. I have a few questions about NTFS security that I need help with that are from my assignment. I would greatly appreciate it! Thanks!


12. You are called by a department manager who wants one of his employees to have access to a specific document in the manager’s home directory. The department manager wants to retain the file in his own home directory, rather than move it to a share. You successfully assign the correct NTFS rights to the employee who needs to access the file, but when the employee attempts to access the file he fails. You instruct the user to log off and log back on, at which point the employee is successful in accessing the object. You have not made any other changes. This is because the act of logging on has generated a new user _____________________, reflecting the updated NTFS permissions and allowing the user to access the file. (For this one I got group)


13. You are a Domain Administrator in the Contoso Domain, and have been called to the accounting department to assist the Accounting Manager. The manager needs access to a database file in order to complete her monthly reports on deadline. The database file is normally stored on an NTFS network share and updated there by whichever employee is assigned to track it for the month. However, the manager has discovered that the employee assigned to manage the file this month has brought the file to his local machine and has made all the updates there. Although she can log onto the employee’s workstation, the manager cannot access the file. The employee is offsite on an assignment and the manager has been unable to reach him. You log onto the employee’s Windows XP machine and are also unable to access the file as a Domain Administrator. You solve the problem by _____________________of the needed file and copying it back to the network share from which it originated. (For this one I got taking ownership)

14. The vice president of finance has called you with a security concern. She has placed a folder called Board, which contains sensitive executive bonus information, in the Finance folder on the corporate FTP server so that it may be accessed by members of the board of directors, who are meeting at an offsite location. She asks that you make absolutely sure that the files can now be accessed only by members of the board. Everyone with access rights to this server has membership in a group reflecting the department that employs them, e.g., Management, Finance, Support, etc. Board members are in their own user group, with no membership in any other groups on the FTP server. To protect your network, the FTP server, which is directly accessible from the Internet, is maintained as a stand-alone workgroup machine and is not a member of your domain. It is running the Windows XP Professional operating system. You realize the special circumstances of the situation call for a solution that is not usually a recommended method of controlling access. To fulfill the manager’s request, you issue a specific ___________ permission to all groups other than Everyone, Authenticated Users, and Board Members for the Board folder. (For this one I got NTFS)

15. The metadata repository containing pointers to the actual storage sites of data on the physical disk is known as the ________________. (For this one I got MFT)



17. You are called to the desk of a user in the engineering department. The user is working with a new Windows XP Professional workstation that is joined to the domain, and is trying to secure a group of folders on this machine. The folders contain data on a highly sensitive project to which he has been assigned, and the user wishes to ensure that he is the only person allowed to access the files. The user, an experienced Windows XP operator, tells you that he is unable to even try to secure the files because the Security tab is missing from the properties dialog on both the folder and file menu. Checking his machine, you verify that he has local administrator permissions and all necessary rights and privileges to make the changes he is attempting. What is the problem? ( I dont understand this one)

18. Adelle, a Help desk technician, is approached by the manager of the editorial department with a unique request. The department manager is responsible for assigning editorial workload and tracking employee productivity data that is published and posted in a monthly report. Recently, there have been several instances in which department employees have complained that they were not properly credited for work they performed. The editorial department manager tracks productivity by referencing the NTFS file attributes for Author at the end of each month. The manager now wants to ensure that he and only he can change this information on the files he tracks. Which of the 13 NTFS discrete permissions should Adelle focus her attention on? (I dont understand this one)


19. Jack is setting up a new FTP server that is running the Windows XP operating system. This FTP server will be shared by seven different corporate departments, each identified by a user group, but access is to be restricted by department. The Domain Administrators, Departmental Managers, and Senior Management groups are to have access to all folders. Jack starts by creating an FTP folder on the system data drive and granting access to all the above-mentioned groups. Under the FTP folder, Jack creates individual folders for all seven departments. What must Jack do to ensure the requirement that access be restricted by department is met? (This one I dont understand)

20. Victoria is the administrator of the Contoso domain. Contoso is highly dependent on an application, developed in house, that manages workflow and ordering. Over the past several weeks, a number of virus attacks have severely impacted Contoso productivity by attaching themselves to the executable for the application, which is stored on all users’ Windows XP Professional workstations. Although Victoria protects her systems with antivirus software, the viruses that impacted the systems were so new that the anti-virus software did not recognize or stop them. Victoria was forced to take the infected machines out of service and restore the impacted files from backup before returning the computers to their users. What user file permissions can Victoria assign to the application executables in order to prevent, or at least reduce, the impact of this type of attack in the future? (For this one I got modify)

21. You are contacted by a Windows XP Professional user who is having issues reaching a folder to which his manager arranged access. The folder is located three levels below the root folder of the manager’s Windows XP desktop. The user has no problem connecting to the top-level share his manager set up and can explore folders one level down, but he is denied permission to access the folder he is trying to reach. The user gets a permission denial even when using the URL his manager sent him. The manager confirms that he has given the user rights to access and read from the folder, but not the folder immediately above, which he does not wish the user to see. Both the manager and the user, and their respective computers, are members of the domain you administer. Which of the following is the cause of the problem?

a. Group Policy has been modified to prevent the Everyone group from having the Traverse Folder right, and the user has not been granted the Traverse Folder right to the folders above the one he is trying to reach. (I think this one is the answer)

b. The user has incorrect DNS server settings. The user cannot resolve the URL for the folder.

c. The user needs to have Full Control rights in order to reach the folder in question.

d. The users access is being blocked by a specific deny on the root share created by the manager.

e. Windows XP Professional can only share files between XP machines in a Workgroup arrangement. The file will have to be placed on a domain-based file server in order to be shared once the computers are joined to the domain.


22. Marlon is the Backup Administrator of the Contoso Domain. He is trying to devise a scheme by which he can back up the entire documents folder used by the editorial department to create advertising documents, news releases, and the like. Marlon has been frustrated in his efforts to achieve a consistently error-free backup by the fact that users in the editorial department frequently access documents remotely through the corporate VPN while the backup is running. In these cases, backup will skip these files because they are open during the backup routine. In discussing his problem with Archie, a Help Desk technician, Archie informs Marlon that he can write a batch file using the command-line tool CACLS.exe to accomplish this goal. Is Archie’s statement true or false?
I got false for this one

There are some good questions.

In #17, the dude's machine is probably using FAT32, rather than NTFS.

In #22, theres multiple approaches to this common problem. My draconian favorite: Schedule VPN downtime at 1AM, or some other non-peak time. If users can't connect, they can't mess with the files!
Or you could use a proggie like Unlocker to forcibly unlock the files and folders so that you may copy them at will.

Many of the others, particularly the FTP crap, just make me laugh. Seriously, trusting WINDOWS to secure sensitive data? HAHAHAHAAHA!

Most of the problems can simply be fixed with a site licence of PKZIP/SecureZIP. Just create AES-encrypted ZIP files of sensitive data. Even if the files are leaked, the data is still useless - becuase its so heavily encrypted!

In #18, what are those people smoking? Why can't they just enable MS Office's "Track Changes" feature? It's soooo much easier to use than disk attributes. Good grief!

Yeah, I know I wasn't very helpful. But maybe you learned something about practical application versus what some textbook says.