Windows 2000 security in a NT network

0 pts.
Tags:
Microsoft Windows
Servers
I have one Windows 2000 server in an NT network. The engineering dept has a directory with several subdirectories. The directories all have different secutiy levels. One directory is open to all for modification. They drop their files in there and then an admin reviews and moves the files to a read only directory. The problem is if you cut and paste the file it does not pick up the security of the new subdirectory. However, if you copy the file it does pick up the new security. Is this normal or is there something I am overlooking?
ASKED: November 5, 2004  2:40 PM
UPDATED: November 9, 2004  10:28 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Cut and Paste is dealing with the file data at an entirely different level than copying. It all takes place INSIDE an application, and has NO connection to the file system itself.

If you have any concerns with security, stop all “cut&paste” right now, and stick with file copies.

You didn’t ask, but I’m going to make a presumption based on experience. If this sort of activity is going on, then you (or engineering, actually) is going to have some VERY serious problems with version control integrity and the like. I suggest that you point the people responsible to some material on Release Engineering/Administration, and proper Version Control Systems. This smells like a disaster in the making.

Bob

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Sonotsky
    Caveat emptor - I have no NT machines to test on, but the theory I am about to present should be sound. What we're dealing with, here, is not application-level problems, but is at the filesystem level (please correct if this is not the case!). WinNT, Win2k, WinXP, Win2k3 - should *not* matter what version of the server you are using, the key is that you have to have the disk formatted with NTFS, in order to use NT-based security. Now.... There are a number of quirks about security properties, ownerships, and ACLs on NTFS volumes. The general rules-of-thumb are as follows: 1) if you are moving files from one folder to another on the same physical NTFS volume, you will retain the file(s) original security info; 2) if you copy the file(s) within the same volume, you will inherit the security properties of the destination directory and the original properties are lost; 3) if you move or copy files between two physical volumes, you will inherit. You can use XCOPY (see all switches with /?) to transfer the various bits of security info if you want to copy on the same/different volume; SCOPY from the Resource Kit will also allow you to do the same, IIRC. So, now that the lecure is over: the short answer is yes, this is normal NTFS behaviour. Your admins will have to copy the files into the restricted subdirectory, then delete from the higher-level folder, if you want to inherit. Cut/paste in Explorer is essentially moving.
    695 pointsBadges:
    report
  • Sonotsky
    Caveat emptor - I have no NT machines to test on, but the theory I am about to present should be sound. What we're dealing with, here, is not application-level problems, but is at the filesystem level (please correct if this is not the case!). WinNT, Win2k, WinXP, Win2k3 - should *not* matter what version of the server you are using, the key is that you have to have the disk formatted with NTFS, in order to use NT-based security. Now.... There are a number of quirks about security properties, ownerships, and ACLs on NTFS volumes. The general rules-of-thumb are as follows: 1) if you are moving files from one folder to another on the same physical NTFS volume, you will retain the file(s) original security info; 2) if you copy the file(s) within the same volume, you will inherit the security properties of the destination directory and the original properties are lost; 3) if you move or copy files between two physical volumes, you will inherit. You can use XCOPY (see all switches with /?) to transfer the various bits of security info if you want to copy on the same/different volume; SCOPY from the Resource Kit will also allow you to do the same, IIRC. So, now that the lecture is over: the short answer to your question is yes, this is normal NTFS behaviour. Your admins will have to copy the files into the restricted subdirectory, then delete from the higher-level folder, if you want to inherit. Cut/paste in Explorer is essentially moving.
    695 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following