This article was previously published under Q266627
The procedures for copying and moving files are the same for Microsoft Windows 2000 Server and Microsoft Windows 2000 Professional as they are for Microsoft Windows NT 4.0 and earlier versions. The main difference is the automatic inheritance of permissions in Microsoft Windows 2000.
When a file is copied from one location to another location, whether on the same or different volume, a new file is created in the destination location. The file inherits the permissions, the Access Control List (ACL), from its parent folder.
When a file is moved from one location to another on the same volume, the file retains its security descriptor. Only the pointer to the resource is modified.
When a file is moved from one location to another on a different volume, it acts similar to the copy, except the file is deleted from the source location. The moved file inherits the permission from the parent folder.
To move a file within the same volume and have it inherit from the parent folder, follow these steps:
Prior to moving the file, clear the Allow inheritable permissions from the parent to propagate to this object check box.
Click Copy to copy the current permissions to the object.
Move the file or folder to a different location on the same volume.
Click Allow inheritable permissions from the parent to propagate to this object.
The permissions from the parent folder are added to the security descriptor of this object.
Files and folders are security objects. Every security object has a security descriptor attached to it. The Master File Table (MFT) record that defines the contents of the file or folder has a pointer to a $Security_Descriptor attribute.
A security descriptor contains a Discretionary Access Control List (DACL), consisting of a list of access control entries (ACE). Each ACE consists of a Security Identification Number (SID), together with a list of accesses that the security principal, referred to by the SID, has to the resource.