Retain file permissions when you copy or move files and folders
By default, an object inherits permissions from its parent object,
either at the time of creation or when it is copied or moved to its parent
folder. The only exception to this rule occurs when you move an object to a
different folder on the same volume. In this case, the original permissions are
retained.
File Permissioning Rules:
The Everyone group is granted Allow Full Control permissions to
the root of each NTFS drive.
Deny permissions always take precedence over Allow permissions.
Explicit permissions take precedence over inherited permissions.
If NTFS permissions conflict -- for example, if group and user
permissions are contradictory -- the most liberal permissions take precedence.
Permissions are cumulative.
Tools/Utilities
to Retain File Permissions:
To preserve permissions when files and folders are copied or
moved, use :
v Xcopy.exe utility with the /O or the /X
switch. The object’s original permissions will be added to inheritable
permissions in the new location.
To add an object's original permissions to inheritable
permissions when you copy or move an object, use the Xcopy.exe utility with the
–O and –X switches.
v Robocopy.exe utility
To preserve existing permissions without adding inheritable permissions
from the parent folder, use the, which is available in the Windows 2000
Resource Kit. For additional information about the Windows 2000 Resource Kit,
visit the following Microsoft Web site:
v Registry Fix
You can modify how Windows Explorer handles permissions when
objects are copied or moved to another NTFS volume. When you copy or move an
object to another volume, the object inherits the permissions of its new
folder. However, if you want to modify this behavior to preserve the original
permissions, modify the registry as follows.
Ensure you backup your registry before performing any of the Registry edits or follow:
Ensure you backup your registry before performing any of the Registry edits or follow:
322756 How
to back up and restore the registry in Windows
1. Click Start,
click Run, type regedit in the Open box, and then press ENTER.
2. Locate and then
click the following registry key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
3. On the Edit
menu, click Add Value, and then add the following registry value:
Value name: ForceCopyAclwithFile
Data type: DWORD
Value data: 1
4. Exit Registry
Editor.
You can modify how Windows Explorer handles permissions when
objects are moved in the same NTFS
volume. As mentioned, when an object is moved within the same volume, the
object preserves its permissions by default. However, if you want to modify
this behavior so that the object inherits the permissions from the parent
folder, modify the registry as follows:
1.
Click Start, click Run, type regedit,
and then press ENTER.
2.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
3.
On the Edit menu, click Add Value,
and then add the following registry value:
Value name: MoveSecurityAttributes
Data type: DWORD
Value data: 0
Value name: MoveSecurityAttributes
Data type: DWORD
Value data: 0
4.
Exit Registry Editor.
5.
Make sure that the user account that is used to move the object
has the Change Permissions permission set. If the permission is not
set, grant the Change Permissions permission to the user
account.
Note The MoveSecurityAttributes registry value only applies to
Windows XP and to Windows Server 2003.
Comments
Post a Comment