Copying and Moving Files and Folders

Article translations Article translations
Article ID: 266627 - View products that this article applies to.
This article was previously published under Q266627
Expand all | Collapse all

SYMPTOMS

The procedures for copying and moving files are the same for Microsoft Windows 2000 Server and Microsoft Windows 2000 Professional as they are for Microsoft Windows NT 4.0 and earlier versions. The main difference is the automatic inheritance of permissions in Microsoft Windows 2000.

When a file is copied from one location to another location, whether on the same or different volume, a new file is created in the destination location. The file inherits the permissions, the Access Control List (ACL), from its parent folder.

When a file is moved from one location to another on the same volume, the file retains its security descriptor. Only the pointer to the resource is modified.

When a file is moved from one location to another on a different volume, it acts similar to the copy, except the file is deleted from the source location. The moved file inherits the permission from the parent folder.

RESOLUTION

To move a file within the same volume and have it inherit from the parent folder, follow these steps:
  1. Prior to moving the file, clear the Allow inheritable permissions from the parent to propagate to this object check box.
  2. Click Copy to copy the current permissions to the object.
  3. Move the file or folder to a different location on the same volume.
  4. Click Allow inheritable permissions from the parent to propagate to this object.
  5. Click Apply.

    The permissions from the parent folder are added to the security descriptor of this object.

MORE INFORMATION

Files and folders are security objects. Every security object has a security descriptor attached to it. The Master File Table (MFT) record that defines the contents of the file or folder has a pointer to a $Security_Descriptor attribute.

A security descriptor contains a Discretionary Access Control List (DACL), consisting of a list of access control entries (ACE). Each ACE consists of a Security Identification Number (SID), together with a list of accesses that the security principal, referred to by the SID, has to the resource.

Properties

Article ID: 266627 - Last Review: November 1, 2006 - Revision: 2.1
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
Keywords: 
kbacl kbprb KB266627

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com