You work on the team that manages Active Directory at a large enterprise. It was recently discovered that a user in Sales accidentally deleted several files belonging to a folder of a different department. Which of the following should you check to determine why the user in Sales had permissions to the folder?

Group Policy
Check the user's default Shared Directory
Run the groups command in bash
Security Groups

Report Issue

Answer Description

In Windows, a security group is a collection of user accounts, computer accounts, or other groups that are managed together for the purpose of controlling access to shared resources and enforcing security policies. Security groups are a fundamental part of Windows security and are used to simplify the process of granting permissions and rights to multiple users or computers simultaneously. Checking which security groups have access to the folder and then checking the groups the user is in would determine how this issue occurred.

Wikipedia

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Directory. However, it ultimately became an umbrella title for various directory-based identity-related services.A domain controller is a server running the Active Directory Domain Service (AD DS) role. It authenticates and authorizes all users and computers in a Windows domain-type network, assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer part of a Windows domain, Active Directory checks the submitted username and password and determines whether the user is a system administrator or a non-admin user. Furthermore, it allows the management and storage of information, provides authentication and authorization mechanisms, and establishes a framework to deploy other related services: Certificate Services, Active Directory Federation Services, Lightweight Directory Services, and Rights Management Services.Active Directory uses Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS.Robert R. King defined it in the following way:"A domain represents a database. That database holds records about network services-things like computers, users, groups and other things that use, support, or exist on a network. The domain database is, in effect, Active Directory."

Active_Directory - Wikipedia, the free encyclopedia