you are configuring access for a shared folder on a windows server. there is a global group called appusers who need read-only access. however, there is a member of appusers, jsmith, who should not have any access at all. how can you configure your share so that the members of appusers have access but jsmith does not while creating the least disruption to your existing administrative structure?