I have seen a lot of people have problems understanding this topic so I thought I would offer my easy way to remember. First a few ground rules:

1)    No Access means no Access. If an NTFS or Share Permission has No Access assigned to it than it does not matter what the other permissions are. YOU HAVE NO ACCESS!!!

2) Permissions are cumulative. That means you add them up...you keep getting more permissions.

OK now the window below is a SHARE Permission. That means you are accessing the object remotely or more accurately via the network. You can be signed on to the machine that has the file on its local Hard Drive but if you access it through the network, like via Network Neighborhood you are accessing it remotely!

When Share permissions are assigned to a user or group the window keeps getting bigger till you reach the most permissive permission. You add them up. UNLESS (remember rule #1 above) there is a No Access assigned.

So no problem so far... until we add the NTFS Permissions into the mix. Again the same rules apply to these permissions, that is you add them up and that's what you get..unless..... you got it!! No Access means No Access!!!

Now here it is..... If you are accessing the file locally (not via the network) forget about the Share Permissions. They don't come into play. Easy so far.

Now when you access it through the window or remotely (you have to pull it through the window to use it) you can only see as much of the NTFS Permission as the window will allow! Voila..that's it.

So if you have Full Control on the NTFS permissions locally but the window is only open as far as Read then you can only read it.

If you have Full Control via the Share (or window) but the NTFS Permission is Read well then you only have a Read permission available to be pulled through the window.

That's it!!! E-mail me if you have any questions or if you think I'm wrong. But try it on some of your test prep questions and see if doesn't give you the right answer every time!!!