Thursday, February 3, 2011

Windows Admin Basics: Security 101

\\Server1\e$\FolderA (NTFS):
(local) Administrators = Full Control
(local) Users = Read
(domain) SalesManagers = Modify

\\Server1\FolderSales (Shared: "FolderA")
Everyone = Read
(local) Administrators = Change

User "jdoe" is a member of "SalesManagers" AD security group.  He gets an "access denied" message when trying to save a file into the folder "\\Server1\FolderSales".  Which of the following actions can be taken to allow "jdoe" to save the file into this shared location without requiring "jdoe" to log off and log back onto the domain?

1. Add user "jdoe" to the local "Administrators" security group on Server1.

2. Add the "SalesManagers" domain security group to have Change rights to the FolderSales share permissions.

3. Add user "jdoe" to the "Server Admins" domain security group, which is a member of the local "Administrators" group on every server in the domain.
Post a Comment