Article ID: 320246 - View products that this article applies to.
This article was previously published under Q320246
An Access Control List (ACL) may show permissions that are marked as having been inherited from the parent, but the parent itself may not have these permissions configured in its ACL. Note that this symptom may occur even though inheritance is still enabled. Any subsequent change to the parent folder's ACL causes the child's ACL to receive the inherited permissions. Also, any attempt to change the ACL of the child causes the inheritance to be applied (unless the change marks the ACL as being protected from inheritance). This behavior may be surprising if the inheritance state had not been noted before you start to edit the ACL.
Note This behavior cannot be caused by moving a folder when you are running a Windows Vista based computer. The move operation now works because the folder or the file can inherit ACL of the target folder or file. The folder or file also has permissions that are marked as having been inherited from the parent. This is a change by design from Windows XP to Windows Vista and Windows Server 2008.
This behavior may be caused by moving a folder. When you move a folder, the ACL is not changed, and the inherited permissions are not updated. Note that "move" in the context of this article always means to move within the same volume.
When you move a file or folder, the ACL is also moved and is not changed in any way. Even when inheritance is enabled for this folder, the inherited permissions are not automatically updated. The ACL will be updated the next time you change permissions, and this forces the parent to propagate its permissions.
This behavior can also be caused by:
To avoid unexpected permission changes, set the ACL of the file/folder to "protected" before moving when you want to keep the settings. Otherwise, manually update the ACL of the moved file/folder by using the explorer ACL editor. Disable and than enable inheritance again to force the ACL to be updated with the right inherited permissions. You may also use a VBScript to automate this process. For additional information about how to do so, click the article number below to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/279682/EN-US/ )HOWTO: Use ADsSecurity.dll to Add an ACE to an NTFS Folder
This behavior is by design. This behavior does not occur due to the design modification in Windows Vista.
Steps to Reproduce the Behavior
Article ID: 320246 - Last Review: March 2, 2007 - Revision: 3.7