How to Reset ACL Inheritance in the Windows 2000 File System

Article translations Article translations
Article ID: 223441 - View products that this article applies to.
This article was previously published under Q223441
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

Summary

Microsoft Windows 2000 has a significantly new access control paradigm that utilizes dynamic inheritance. This dynamic inheritance model provides users the ability to detach subordinate file system objects from access control inheritance; in fact, such detachment, (also known as Access Control List or ACL "protection"), is required if one wants to remove superior Access Control Entries (ACEs) from applying to the subordinate file system objects altogether.

However, administrators may need a way to blast through a file system and reset inheritance. This is provided through the "Reset permissions on all child objects and enable propagation of inheritable permissions" option so child objects will default back to inheriting permissions from their parent object.

More information

The "Reset permissions on all child objects and enable propagation of inheritable permissions" option is available for BOTH file system object permissions, as well as for auditing. To re-activate ACL inheritance and remove all custom assigned access control entries for a complete file system tree, perform the following tasks:
  1. Open the Properties dialog box for the top-most object of the file system tree you want to reset, and select the Security tab.
  2. Click Advanced to display the Access Control Settings dialog box.
  3. Check "Reset permissions on all child objects and enable propagation of inheritable permissions" to reset all subordinate file system objects. To reset audit permission, a "Reset auditing entries on all child objects and enable propagation of inheritable auditing entries" option exists under the Auditing tab.
  4. A confirmation dialog box will present itself upon application of the new Access Control setting, to ensure awareness that all subordinate, explicitly defined access control entries will be destroyed by this action. Only inherited access control entries, and legacy access control entries, (entries that left from a pre-upgrade installation of Microsoft Windows NT), will remain on subordinate objects.

Properties

Article ID: 223441 - Last Review: October 26, 2013 - Revision: 4.0
Applies to
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbnosurvey kbarchive kbhowto KB223441

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com