Inherited permissions are not automatically updated when you move folders
Note This behavior cannot be caused by moving a folder when you are running a Windows Vista based computer. The move operation now works because the folder or the file can inherit ACL of the target folder or file. The folder or file also has permissions that are marked as having been inherited from the parent. This is a change by design from Windows XP to Windows Vista and Windows Server 2008.
When you move a file or folder, the ACL is also moved and is not changed in any way. Even when inheritance is enabled for this folder, the inherited permissions are not automatically updated. The ACL will be updated the next time you change permissions, and this forces the parent to propagate its permissions.
This behavior can also be caused by:
- Setting the permissions of a parent folder by using CACLS does not propagate to the subfolders. Note that the /T option does not mean to propagate the rights by using inheritance, but to overwrite all ACLs.
- Setting the permissions of a parent folder by using an API that does not automatically propagate inheritance (like Adssecurity.dll).For additional information, click the article number below to view the article in the Microsoft Knowledge Base:266461 HOWTO:Set Automatic Inheritance of File/Folder Permissions- ADSI
- Restoring from a backup to a different location.
Steps to Reproduce the Behavior
- Create a "test1" folder with "everyone:read" and "users:change" permissions.
- Create a "test1\sub" subfolder and enable the inheritance from parent (default). This folder should show "everyone:read" and "users:change" as inherited permissions.
- Create another folder "test2" with only "administrators:full control" permissions.
- Move the "sub" subfolder to "test2".
- View the permissions on "test2\sub" to see "everyone:read" and "users:change" as inherited permissions although the parents permission is "administrators:full control".
- Add another group/user (such as guest) to the ACL of "sub" granting, for example, Read access using the explorer ACL editor. After you click Apply, "everyone:read" and "users:change" is removed, and only "administrators:full control" is displayed as inherited permissions beside the one you just added.
Article ID: 320246 - Last Review: 03/02/2007 00:34:00 - Revision: 3.7
- kbenv kbui kbprb KB320246