Geeks With Blogs
René Wieldraaijer's blog Microsoft IT Professional

Concerning the NTFS permissions issue that I described in this blog item, I have done some further investigation. In my preceding blog item I explained about the issues that Windows 7 and 2008 R2 have with move operations in NTFS where, while performing the same operation, one time the permissions are inherited from the destination and the other time the permissions are retained from the source location.

What better to use for this than Sysinternals process monitor. So I have made a trace of both behaviors.

First I moved test file 1.txt from 'Folder A' to 'Folder B' by Windows Explorer, which retained the permissions from 'Folder A' and what should not be happening. Then I moved test file 2.txt also from 'Folder A' to 'Folder B' by Windows Explorer, which inherited the permissions from 'Folder B' and what should be happening.

 

Afterwards I made a filter on all read operations, query operations, basically anything that could not change anything. This way the trace only showed create and set operations, for example 'SetSecurityFile'. This filtered trace is shown below.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As you can see, the move operation on test file 2.txt has some additional operations, compared to the move operation on test file 1.txt. Most importantly, the move operation on test file 2.txt has a 'SetSecurityFile' record, which the move operation on 'test file 1.txt' does not have. Basically Windows Explorer just 'forgets' to set the permissions on test file 1.txt.

 

To do some more investigation, I made a new filter, to only display the DACL operations on the files. The results of this are shown below. Als you can see, the move of test file 2 resulted in different file operations, where also Owner and Group are read, and off course, the SetSecurityFile is performed. So again, it seems like Windows Explorer just does not perform these operations. But why?

 

 

 

 

 

 

 

 

 

 

 

In the meanwhile, Microsoft support is still working on an explanation for this symptom. For now, I would advise to double check what's going on at your fileservers if you use Windows 7 of 2008 R2. Be sure who has access to your confidential data! To my opinion this is very likely a bug. The only thing that tells me otherwise is the fact that it is so simple to reproduce, you would think thousands of Windows 7 / 2008 R2 users would have run in to it before.

Posted on Wednesday, March 9, 2011 10:57 PM | Back to top


Comments on this post: NTFS Issues in Windows 7 and 2008 R2 – 'Likely a bug'

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © renewieldraaijer | Powered by: GeeksWithBlogs.net