As I noted before in this blog item, I have come across a problem with Windows 7 and Windows 2008 R2 in regards to the processing of permissions in move operations with Windows Explorer. Seeing there's some additional information on this that was brought to my attention, I decided to share it in this article.
If you move an item between two folders on the same NTFS volume, the permissions of the moved item would not change. Since Windows Vista and 2008 this is no longer the case. Windows Explorer changes the permissions of the moved item, so the permissions will be inherited from the target location (a move operation by something else than Windows Explorer, still retains the original permissions). A special situation arises with Windows 7 and Windows 2008 R2. In these cases, the permissions are sometimes inherited from the target location, and sometimes aren't. Not really consistent and this could pose a big risk when using these Operating Systems in move operations on your fileserver. It is completely random what will happen to the NTFS permissions of moved files…. Or is it not…,?
It seems there is a relationship between the number of items in the 'Access Control list' (ACL) of folders, and the resulting permissions of the moved item. Basically this means that if the number of items in the ACL of the source location and target location are equal, the permissions of the moved item are retained. If the number of items in the ACL is not equal, the permissions are inherited from the target location.
The image below illustrates this. You can clearly see that when the source folder and target folder both contain 2 or 3 items, the permissions are retained. If there is a difference in the number of items in the ACL, the permissions are inherited from the target location.
At the moment Microsoft is investigating this issue, but for now it does seem like a really serious 'Bug'. Tests also show that this behavior is no different in Windows 2008 R2 SP1 and Windows 7 SP1.
This article is also available in Dutch.