Apply Your Knowledge

For the 70-270 exam, you need to master a variety of file and folder management techniques. These include:

Creating and removing shared folders
Configuring share permissions
Managing files and folder hierarchies
Configuring NTFS permissions and viewing effective permissions
Sharing web folders
Configuring compression
Configuring offline folders

The Step by Step exercises throughout the chapter assist you in mastering these skills. You can supplement these exercises by practicing how to install IIS. You should have the Windows XP installation CD available.

Exercises

5.1 Installing IIS

A simple web server, IIS offers any Windows XP Professional computer the capability to share an intranet website with other users. Because IIS is available for any computer and is targeted at intranet usage, administrators and engineers alike should understand how to install and configure the service.

Estimated Time: 15 minutes.

1.	Click Start, Control Panel, Add or Remove Programs.
2.	Click Add/Remove Windows Components in the left pane.
3.	Scroll to locate and click to select Internet Information Services (IIS). Click Next.
4.	The Windows Components Wizard starts. If prompted, insert the Windows XP installation CD in your CD-ROM drive. If you copied the installation files to your hard drive previously, click the Browse button to locate the files. Click OK.
5.	When the Completing the Windows Components Wizard screen appears, click Finish.
6.	Restart your computer.

Review Questions

1.	If you are granted the Write permission to a file but not the Read & Execute permission, can you see the file in a folder? Why would someone grant just the Write permission?
2.	How should you resolve a problem in which a person can read a file locally but cannot read the file across a network?
3.	Why would you install SSL for use with WebDAV?
4.	When should you apply NTFS permissions to individual user accounts rather than create groups?
5.	Why would moving a file to a different NTFS volume cause it to inherit NTFS permissions from the destination parent folder, when moving a file to a different folder within the same NTFS volume retains the NTFS permissions?

Exam Questions

You are the systems administrator for your company. You created a hierarchy of folders on your computer running Windows XP Professional, as shown in the exhibit. SUB2 contains a file named SUB2FILE and another subfolder named SUBSUB3, which contains a file named SUBSUB3FILE. You have applied the Full Control right to a user named Joe in TOP for this folder only.

You have granted Joe the Read right for SUB2 and the Write right for SUB1. Which files will Joe be able to read, open, append data to, and save? (Choose all that apply.)

	A.	TOPFILE
	B.	SUB1FILE
	C.	SUB2FILE
	D.	SUBSUB3FILE

You are the systems administrator for your company. A user, Jack, called you because he cannot access a file named WORK that other persons in his group, TEAM1, are able to access on the shared computer. WORK is a sensitive database that only members of TEAM1 are allowed to access. Jack has recently been moved from the TEAM2 group into TEAM1. Your company has a policy to apply rights only to groups, not users. You check to make certain that Jack is a member of TEAM1. Other members of Jack's group have been able to use the file. What is the most likely problem?

	A.	Jack has been specifically denied permission to WORK.
	B.	Jack is still a member of TEAM2.
	C.	The Everyone group has been denied access to WORK.
	D.	The TEAM1 group has been denied access to WORK.

You are a domain administrator. Miranda's boss, Gerald, has been called away for a weeklong summit meeting. He brought his laptop with him. Gerald calls Miranda in a panic because he forgot to copy his presentation to his laptop. It is on his desktop computer, and he asks Miranda to make several specific changes to the presentation and then email it to his offline email address. Miranda logs on to the computer and cannot access the file. You view permissions on the computer and find that the file is in a folder where everyone except Gerald has been denied access. You suspect that this folder also contains several sensitive documents. What should you do to help Miranda?

	A.	You cannot help Miranda.
	B.	Make Miranda an administrator of the domain.
	C.	Make Miranda an administrator of Gerald's computer.
	D.	Take ownership of the file and grant Miranda access.

You are the systems administrator for your company. A new administrative assistant named Jan calls you for help. She tells you that she had customized her computer file rights so that users who tried to access her computer would not be able to damage important files. When she rebooted, she discovered that she could not log on as her domain user ID, but that she could log on as a local Administrator. What did Jan likely do?

	A.	She deleted her user account.
	B.	She removed rights to the %systemroot% folder.
	C.	She added her user account to the local Administrators group.
	D.	She denied her user account access to the My Documents folder.

You are the systems administrator for your company. You made Joanne a member of two groupsSALES and SERVICE. You granted the SALES group Full Control to the ACCOUNTS folder. The ACCOUNTS folder includes a NEWS subfolder. The NEWS subfolder contains a file named DATA. You explicitly granted the SERVICE group the Read & Execute permission to the DATA file. Joanne has tried to append data to the file, but the computer won't allow her to do so. No other person in the SALES group has this same error. What should you do?

	A.	Reinstall Windows XP.
	B.	Check whether the right to Full Control was actually denied to the SALES group.
	C.	Check whether the SERVICE group was deleted.
	D.	Nothing. The explicit Read & Execute permission granted to the SERVICE group overrides the inherited Full Control permission granted to the SALES group.

What will be the result when you move a file to a floppy disk when the file has been granted the Read & Execute permission for the Everyone group, Full Control permission for the SALES group, and explicitly denied Full Control permission for the COLLECTIONS group?

	A.	All permissions remain the same.
	B.	All users will have the Read & Execute permission.
	C.	The COLLECTIONS group will have the Full Control permission.
	D.	The SALES group will be denied Full Control.

You are the systems administrator for your company. Bill is a manager who wants to share files from his Windows XP Professional computer with his assistant across the network. He has set permissions on a share named VOLT, which is the C:\DATA\VOLT directory on his hard drive. The assistant logs on to Bill's computer and can append data to the files locally. He can read the share from his own computer across the network, but he cannot make changes to the files from his computer. What should you do?

	A.	Reset the NTFS permissions to allow Write.
	B.	Reset the NTFS permissions to deny Read & Execute.
	C.	Reset the share permissions to allow Full Control.
	D.	Reset the share permissions to deny Read.

You are the systems administrator for your company. Emily calls you for help. She is attempting to open a Microsoft Word document titled Workhabits.doc, using Internet Explorer. When she clicks File, Open and types http://server2/files/workhabits.doc in the Open text box, she receives an error message stating that the page is not found.

You find that Workhabits.doc is in a shared folder named Files on Server2. How should Emily be given access to this file?

	A.	Grant Emily's user account full control on `Workhabits.doc`.
	B.	Ask Emily to type `file://server2/files/workhabits.doc` into the Address text box in Internet Explorer and press Enter.
	C.	Ask Emily to run `ipconfig /renew` from a command prompt on her computer.
	D.	Ask Emily to type the following command from Internet Explorer: `net use://server2/files/workhabits.doc`

In reorganizing your hard disk, you intend to move files from the compressed \OLDFILES folder to the uncompressed \NEWFILES folder, on the same volume of the hard disk. What will be the result of attempting this move?

	A.	The files moved to the \NEWFILES folder are not compressed.
	B.	The files moved to the \NEWFILES folder are compressed.
	C.	An error message is shown stating that the proposed move can't be done unless the \OLDFILES folder is uncompressed.
	D.	An error message is shown stating that this can't be done unless you are logged on with administrative rights.

10.

Bob is logged on as a local user on his Windows XP Professional computer. He wants to download a file in a share named SHARE from another Windows XP Professional computer named Tasmania on the network. He does not have a user account on that computer. Bob asks you, the network administrator, whether he can download files from Tasmania. Which of the following must be enabled for Bob to download files? (Choose all that apply.)

	A.	Web folders must be installed and configured with permissions for anonymous users. The SHARE folder must be configured as a web folder.
	B.	ICMP Services must be installed with IIS and configured to accept anonymous logons.
	C.	Simple File Sharing must be enabled. Bob will require a user account and password to access files with Simple File Sharing.
	D.	Simple File Sharing must be enabled. When Bob downloads files he will be using the Guest account.

11.

You have installed IIS on your Windows XP Professional computer and you are logged on as an administrator. You require your virtual server to support 20 simultaneous connections. Which of the following statements apply to this scenario? (Choose two.)

	A.	The version of IIS supplied with Windows XP Professional cannot support 20 simultaneous connections.
	B.	Using the Tools tab of the IIS snap-in, you can modify the virtual server properties, enabling it to accept 20 simultaneous connections.
	C.	Editing the appropriate registry keys can enable a maximum of 20 simultaneous connections.
	D.	It is necessary to install a Windows 2000 or Windows Server 2003 server to support 20 simultaneous connections.

12.

You are the IT administrator for your company. Fred is a member of the Sales user group. He reports that he can't save a file in a shared folder on the network. The permissions of the shared folder are shown in the following table:

Group or User	Permission	Permission Type
Administrators	Allow - Full Control	NTFS
Sales	Allow - Read and Execute	NTFS
Managers	Allow - Modify	NTFS
Everyone	Allow - Full Control	Shared Folder

What should you do to allow Fred to save the file in the shared folder?

	A.	Give Fred the Change shared folder permission.
	B.	Give the Sales group the List Folder Contents NTFS permission.
	C.	Change the Sales group permission to the Allow - Write NTFS permission.
	D.	Change the Everyone Shared Folder permission to Deny - Full Control and give the Full Control NTFS permission to the Sales group.

Answers to Review Questions

1.	No, you should not be able to see a file if you were granted the Write permission but not the Read permission. This type of permission is given to people who may need to append data to a file that an application opens on their behalf. For more information, see the section "Assigning Permissions to Files and Folders."
2.	When a person has more permissions locally than the person has across the network, it points to a restrictive shared permission problem. You can look at the share permissions to discover which group membership is restricting the access to the file. For more information, see the section "Working with Share Permissions."
3.	SSL is an encrypting protocol for data that uses the HTTP protocol. WebDAV is the protocol used for sharing a web folder. SSL used in concert with WebDAV ensures that data retrieved from a web folder is secured as it traverses the network. When sharing a web folder across an unsecure network, you should always use SSL. For more information, see the section "Managing and Troubleshooting Web Server Resources."
4.	Never. Even if you have a single, one-off instance that you could never imagine occurring again in the future, you should still create a group, add the user to the group, and then apply permissions. There is always the possibility that another person will take over that first user's position or will supplement the work that the first user was doing and will need the same permissions. And it is much easier tracking down unnecessary permissions if you know that they will only ever be applied to groups and not individual users. For more information, see the section "Understanding NTFS Permissions."
5	The answer lies in the way that a move operation works rather than how permissions work. When you move a file from one folder to another on the same NTFS volume, it basically marks a new file location in the file entry of the NTFS table. Thus, when you move the file on the same NTFS volume, you don't change any information pertaining to the permissions. However, when you move a file from one NTFS volume to another, you end up removing the file entry from the originating NTFS volume, and creating a new file entry on the new NTFS volume. Because you lost the permission information on the originating volume, you end up inheriting permissions from the destination folder on the new volume. For more information, see the section "Calculating How Permissions Change When Moving or Copying a File."

Answers to Exam Questions

1.	A. Joe should be able to read, open, append data to, and save TOPFILE because he has been granted full control to the TOP folder. Answers B, C, and D are incorrect because you have selected This Folder Only option for the TOP folder, so the permissions do not flow down to subfolders. None of the subfolders include enough permissions by themselves for Joe to perform all the operations on the file. For more information, see the section "Understanding NTFS Permissions."
2.	B. Jack is likely still a member of TEAM2. Because users in TEAM1 are able to access the file, and because Jack has not been denied access to WORK individually, he must have a Deny permission overriding access to the file. Because the company policy is to grant rights only to groups, the most likely conflict is that Jack's user object was never removed from TEAM2. For more information, see the section "Understanding NTFS Permissions."
3.	D. As an administrator, you can take ownership of the file and grant Miranda the permission to access the file. Answer A is incorrect because you can help Miranda. Answer B is incorrect because it is generally considered a breach of security to add new Domain Administrators for accessing a file. Answer C is incorrect because as a local Administrator for the computer, Miranda would have access to sensitive documents aside from the presentation in question. For more information, see the section "Understanding NTFS Permissions."
4.	B. Jan probably removed rights to the %systemroot% folder for her user account, which has adverse effects. Answer A is incorrect because her user account is a domain account. Answer C is incorrect because adding her account to the local Administrators group would add permissions, rather than remove them. Answer D is incorrect because the My Documents folder is not critical to logging on. For more information, see the section "Securing the %systemroot% Folder and Subfolders."
5.	D. In this case, the explicitly applied right to Read & Execute the DATA file overrides all inherited permissions for the file. For more information, see the section "Handling Permission Inheritance."
6.	C. Because all permissions are negated when you copy a file to a FAT16 or FAT32 volume, with which a floppy disk would be formatted, all users would be given Full Control access to the file, including the COLLECTIONS group who had been previously denied access to the file when it was on the NTFS volume. For more information, see the section "Calculating How Permissions Change When Moving or Copying a File."
7.	C. The problem is apparently a share permission that is more restrictive than the NTFS permissions because the assistant can log on locally and use the files, but cannot make changes to them from across the network. This means that there is no need to make changes to NTFS permissions, so answers A and B are incorrect. It also means that the share permissions should be increased by allowing Full Control (your only option in this case) rather than denying Read, which is why answer D is incorrect. For more information, see the section "Working with Share Permissions."
8.	D. This is the only way to allow access to shares using Internet Explorer. For more information, see the section "Managing and Troubleshooting Access to Shared Folders."
9.	B. A move operation in the same volume only updates directory pointers and does not create a new file. For more information, see the section "Configuring, Managing, and Troubleshooting File Compression."
10.	A and D. You can configure the SHARE folder as a web folder and allow anonymous users to connect to it. You can also enable Simple File Sharing, which allows any user to connect to shared files using the Guest account. This is called ForceGuest. Answer B is incorrect because ICMP is not a file sharing protocol. Answer C is incorrect because Simple File Sharing does not require a user to connect with a user account. For more information, see the section "Controlling Access to Files and Folders by Using Permissions."
11	A and D. The version of IIS that can be installed on a Windows XP Professional computer can handle a maximum of 10 simultaneous connections. If more than this are required, use a member of the Windows 2000/2003 server families. For more information, see the section "Creating and Removing Shared Folders."
12.	C. This is the only answer that will give Fred sufficient permissions to save the file to the shared folder. Remember that a denial overrides everything as far as permissions are concerned. For more information, see the section "Assigning Permissions to Files and Folders."