Recommendations for Access Controls
Learning Objectives and Outcomes
You will learn about the different access controls and the impact of changes to access controls on the given Windows environment.
Assignment Requirements
You defined the groups, users, and listed access controls necessary to fulfill specific access requirements. In this assignment, you will evaluate how each control affects users' access to files and folders. You'll also examine how changing access controls can affect your users' ability to access files and folders.
Here are the users and group you defined in Unit 1 lab:
User Member of groups
SFuser01 Shop Floor
SFuser02 Shop Floor
SF manager Shop Floor, Manager
HRuser01 Human Resources
HRuser02 Human Resources
HR manager Human Resources, Manager
You considered access requirements for four folders:
? D:ERPdocuments - This folder will contain miscellaneous shared files for the ERP software.
? D:ERPdocumentsHRfiles - Folder for shared Human Resources user files.
? D:ERPdocumentsSFfiles - Folder for shared Shop Floor user files.
? D:ERPdocumentsMGRfiles - Folder for shared Manager user files.
Here is a suggested list of access controls with basic permissions for each of the four folders your users will need to access:
Folder
Who can modify
Who can read and execute Who can list folder contents
D:ERPdocuments
Manager
Manager Manager, Shop Floor,
Human Resources
D:ERPdocumentsHRfiles
Human Resources Manager, Human
Resources Manager, Human
Resources
D:ERPdocumentsSFfiles Manager, Shop Floor Manager, Shop Floor Manager, Shop Floor
D:ERPdocumentsMGRfiles Manager Manager Manager
© ITT Educatio nal Services, Inc.
All Rights Reserved. -116- Change Date: 05/25/2011
IS3340 Windo ws Security STUDENT COPY: Graded Assignment Requirements
Based on the requirements stated above, answer the following questions:
1. The access requirements in the table above are based on reference groups. However, should Windows access controls to implement these requirements be based on groups or individual users? Explain.
2. How would you provide a human resource (HR) manager with the ability to modify files in
D:ERPdocumentsHRfiles without giving the same ability to other managers?
3. Describe what would happen if you removed HR from the =List folder contents' permission for
D:ERPdocumentsHRfiles?
4. Describe what would happen if you added Shop Floor to the =Modify' permission for
D:ERPdocumentsHRfiles?
Required Resources
None