As anyone that has dealt with file server permissions is aware, NTFS has an interesting design feature/flaw known as the Move/Copy problem. Show
As explained in this MS KB article, the permissions for a folder or file do not automatically inherit from the parent if the folder is moved and the source and destination are on the same NTFS volume. The permissions are inherited if the folder is copied or if the source and destination are on different volumes. Here is a quick example: You have two shared folders on the same NTFS volume called "Technicians" and "Managers". The Technicians group has RW access to the Technicians folder and the Managers group has RW access to the "Managers" folder. If someone has access to both and they move a subfolder from the "Managers" folder to the "Technicians" folder, the folder that is moved is still only accessible to users in the "Managers" group. The "Technicians" group cannot access the subfolder even though it is under the "Technicians" folder and should be inheriting permissions from the top. As you can imagine, this causes support calls, tickets, and wasted cycles on resolving these end user issues, not to mention the rats nest of permissions that you can end up with if users are often moving folders between different secured folders/area on the same volume. The questions are: What is the best way to workaround this NTFS design flaw and how are you handling it in your environment? I know the linked KB article talks about some registry keys to change the default behavior of Windows Explorer but they are client-side and requires the users to have the ability to change permissions which I would think in most environments is a non-starter if you want to keep control over your file server permissions (and your sanity as a sysadmin). What happens to NTFS permissions if you copy or move the files or folders? The answer is: it depends. Read more to learn what happens! To give you a clearer explanation, consider the following three scenarios. Let’s assume that you are going to copy “D:MyFolder” and let’s assume that “D:” has an NTFS format. Copying Files between NTFS PartitionsMove D:MyFolder to D:MyFiles Results:
 Moving Files between NTFS PartitionsCopy D:MyFolder to F:MyFolder Results:
Copying Files What permissions do you need to move a file?Moving a file within a single filesystem is the same as renaming it. You need write permission to both the old and the new directory, and if moving a directory, write permission to the directory itself.
What permissions are needed to move a file in Windows?The file or folder retains its original NTFS permissions. You must have the “Write” permission set up for the destination folder to move files and folders into that folder. You must have the “Modify” permission set up for the source file or folder.
What are two types of permissions that you can assign to files and folders on an NTFS file system?There are three types of share permissions: Full Control, Change, and Read. Full Control: Enables users to “read,” “change,” as well as edit permissions and take ownership of files. Change: Change means that user can read/execute/write/delete folders/files within share.
What are the two levels of permissions for shared files and folders?Windows provides two sets of permissions to restrict access to files and folders: NTFS permissions and share permissions.
|
