Skip to content

Module 2 challenge: Users, Administrators, Groups and Permissions (Operating Systems and You: Becoming a Power User) Answers 2025

Question 1

As a Windows Administrator for a large company, you are asked to grant temporary software installation permissions to the Sales department. Which of the following would be the most efficient method for accomplishing this task?

  • ❌ Grant temporary Administrator permissions to each employee in the Sales department.

  • ❌ Grant each employee in the Sales department temporary Local Administrator permissions on their individual computers.

  • ❌ Grant each employee in the Sales department temporary software installation permissions on their individual User accounts.

  • βœ… Add the User account for each employee in the Sales department into a special Group, then grant temporary software installation permissions to the Group.

πŸ”Ή Explanation:
Using Groups is the most efficient and secure way to manage permissions for multiple users. By creating a group for the Sales department and assigning installation permissions to that group, you can easily grant or revoke permissions for all members at once.

Question 2

In the Computer Management tool in Windows, what setting can an administrator enable if a user’s password was compromised and they need to update it?

  • ❌ User cannot change password

  • βœ… User must change password at next logon.

  • ❌ Password never expires

  • ❌ Password must be changed

πŸ”Ή Explanation:
The β€œUser must change password at next logon” option ensures the user updates their password the next time they sign in, enhancing security after a compromise.

Question 3

Which Windows PowerShell CLI command can be used to list the Groups on a given computer?

  • ❌ Get-GPOReport

  • ❌ Get-LocalGroupMember

  • βœ… Get-LocalGroup

  • ❌ Get-LocalUser

πŸ”Ή Explanation:
The Get-LocalGroup command displays a list of all groups defined on the local computer. To view members within those groups, you’d use Get-LocalGroupMember.

Question 4

On a Linux system, which file contains information about the users on a machine?

  • βœ… /etc/passwd

  • ❌ /etc/sudoers

  • ❌ /etc/group

  • ❌ /etc/users

πŸ”Ή Explanation:
The /etc/passwd file lists user account information including username, UID, GID, and home directory path. It does not store actual passwords (those are in /etc/shadow).

Question 5

What parameter can be used in the Windows CLI to force a user to change their password on the next logon?

  • ❌ /passwordkeep:no

  • ❌ /newpassword:logon

  • βœ… /passwordchg:yes

  • ❌ /logonpasswordchg:yes

πŸ”Ή Explanation:
In the Windows Command Line (CLI), the /passwordchg:yes parameter forces users to change their password the next time they log in, typically set through net user commands.

Question 6

What is the name of the privileged file on Linux that stores scrambled passwords?

  • βœ… /etc/shadow

  • ❌ /etc/passwords

  • ❌ /etc/shade

  • ❌ /passwords

πŸ”Ή Explanation:
The /etc/shadow file stores encrypted (hashed) passwords for system users and is only accessible by privileged (root) users to protect security.

Question 7

Which of the following methods can Administrators use to add a user in Windows? (Choose all that apply)

  • ❌ With Powershell, use the Create-LocalUser username command.

  • ❌ At the CLI, using the DOS style net computer computername/new command.

  • βœ… At the CLI, use the DOS style net user username * /add command.

  • βœ… In the GUI, under Local Users and Groups in the Computer Management tool, right click Users and select New User.

πŸ”Ή Explanation:
Admins can add new users using either the net user username * /add command in Command Prompt or via Computer Management β†’ Local Users and Groups β†’ New User.

Question 8

What does DACL stand for?

  • ❌ Discretionary Access Content List

  • ❌ Discretionary Admin Control List

  • ❌ Direct Access Control List

  • βœ… Discretionary Access Control List

πŸ”Ή Explanation:
A Discretionary Access Control List (DACL) defines which users or groups have access to an object and what actions they can perform, such as read, write, or execute.

Question 9

When examining the permissions on a file in Linux you find the first four bits are -rwx. What does this mean?

  • ❌ It is a directory file and the owner has read, write, and execute permissions.

  • ❌ It is a regular file and the owner has read, write, but no execute permissions.

  • βœ… It is a regular file and the owner has read, write, and execute permissions.

  • ❌ It is a directory file and the owner has read, write, and exchange permissions.

πŸ”Ή Explanation:
The first character indicates the file type (- = regular file, d = directory). The next three (rwx) show that the owner has read, write, and execute permissions.

Question 10

When using ICACL in the Windows CLI, what flag shows that a given user can create files?

  • βœ… CF

  • ❌ WD

  • ❌ S

  • ❌ write

πŸ”Ή Explanation:
In ICACLS (Integrity Control Access Control List), the CF flag stands for Create Files, indicating that a user or group can create new files in that directory.

🧩 Summary:

  • Groups are the most efficient way to assign permissions in Windows.

  • The β€œUser must change password at next logon” setting ensures security after compromises.

  • Use Get-LocalGroup to list groups in PowerShell.

  • Linux user info is stored in /etc/passwd, and encrypted passwords in /etc/shadow.

  • /passwordchg:yes forces password updates in Windows CLI.

  • Add users via net user or Computer Management GUI.

  • DACL controls access permissions in Windows.

  • Linux file permissions -rwx indicate a regular file with full owner access.

  • ICACLS β€œCF” allows file creation permissions.

βœ… Key takeaway:
Effective user and permission management across Windows and Linux involves using group-based permissions, understanding access control systems (DACL, ICACLS), and applying secure password and account policies to maintain a stable and protected environment.