DOCUMENT:Q266627 08-AUG-2001 [winnt] TITLE :Copying and Moving Files and Folders PRODUCT :Microsoft Windows NT PROD/VER::2000,3.51,4.0 OPER/SYS: KEYWORDS:w2000acl kbACL ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows 2000 Server - Microsoft Windows 2000 Professional - Microsoft Windows NT Server versions 3.51, 4.0 - Microsoft Windows NT Workstation versions 3.51, 4.0 ------------------------------------------------------------------------------- SYMPTOMS ======== The procedures for copying and moving files are the same for Microsoft Windows 2000 Server and Microsoft Windows 2000 Professional as they are for Microsoft Windows NT 4.0 and earlier versions. The main difference is the automatic inheritance of permissions in Microsoft Windows 2000. When a file is copied from one location to another location, whether on the same or different volume, a new file is created in the destination location. The file inherits the permissions, the Access Control List (ACL), from its parent folder. When a file is moved from one location to another on the same volume, the file retains its security descriptor. Only the pointer to the resource is modified. When a file is moved from one location to another on a different volume, it acts similar to the copy, except the file is deleted from the source location. The moved file inherits the permission from the parent folder. RESOLUTION ========== To move a file within the same volume and have it inherit from the parent folder, follow these steps: 1. Prior to moving the file, clear the "Allow inheritable permissions from the parent to propagate to this object" check box. 2. Click Copy to copy the current permissions to the object. 3. Move the file or folder to a different location on the same volume. 4. Click "Allow inheritable permissions from the parent to propagate to this object". 5. Click Apply. The permissions from the parent folder are added to the security descriptor of this object. MORE INFORMATION ================ Files and folders are security objects. Every security object has a security descriptor attached to it. The Master File Table (MFT) record that defines the contents of the file or folder has a pointer to a $Security_Descriptor attribute. A security descriptor contains a Discretionary Access Control List (DACL), consisting of a list of access control entries (ACE). Each ACE consists of a Security Identification Number (SID), together with a list of accesses that the security principal, referred to by the SID, has to the resource. Additional query words: ====================================================================== Keywords : w2000acl kbACL Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT351search kbWinNT400search kbWinNTW351search kbWinNTW351 kbwin2000Serv kbWinNTSsearch kbWinNTS400search kbWinNTS400 kbWinNTS351 kbwin2000ServSearch kbwin2000Search kbwin2000ProSearch kbwin2000Pro kbWinNTS351search Version : :2000,3.51,4.0 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.