# Solved: Special Identities?



## mountian (Sep 9, 2009)

Hi everyone thanks in advance for all you help.
studying for the 70-640 exam. there is a scenario where you want to make a subfolder of a shared folder to which all employees have access. You want to ensure that team members access the data only while logged on the computer locally and not form other computers in the enterprise. What must you do? the answer is Assign the Deny Full Control permission to the Network Group. "The Special Identities Network group"

does anyone know how this is done? the book say's you cannot view the groups in any list ( in the active directory users and computers snap-in,for example), you cannot view of modify the membership of these special identities, and you cannot add them to other groups. Yu can however, use these groups to assign rights and permissions. I'm confused?
How do you assing permissions to the interactive special identity groups?


----------



## mountian (Sep 9, 2009)

Ray,

Go to the folder in which you want to control access. Right click and select properties. Select the security tab. Click edit. Click Add. Type network and click search names. Select the Network group (not Network Services) and click OK. Edit the permissions for the new group you just added (Deny). Then click OK.

That will add the Network group and set its permissions so that, if one is trying to access the folder through the network, that user will not be able to access the folder. By default, it allows someone with permissions to access the folder, but only if the access attempt is not coming through the network.

Let me know if this helps


----------

