2-10: Avoid the ACL Inheritance Propagation Danger of File and Folder Movement
Solution overview
Type of solution | Guidance |
Features and tools | Robocopy.exe |
Solution summary | Never use Windows Explorer to move files or folders between two locations in the same namespace with different permissions. Instead, use Robocopy or an alternative. |
Benefits | Correct application of permissions |
Important
This solution addresses what many (including all of my customers) consider to be a bug or design flaw in the security of files on Windows systems. Microsoft has documented the problem as the result of a known feature of the NTFS file system, but it has changed it nonetheless in Windows Server 2008. Whether you call it a "feature" or a "bug," you must educate your administrators ...
Get Windows® Administration Resource Kit: Productivity Solutions for IT Professionals now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
