Server 2019: Files not inheriting permissions after move

cKoppen 11 Reputation points
2020-09-21T12:09:04.26+00:00

By design, when a user moves a file within a volume, the NTFS permissions (ACL) moves with the file. This is different from a copy operation where the destination file will inherit permissions that are set by the target folder.
In my case, the volume is held by a Server 2019, and has several shares on it. A user maps the shares as drive letters on his/her computer, and then moves a file from one share to another.

In this scenario, the file that was moved retains the permissions that were set in the source folder. Because of this, users who have permissions for the destination folder but not the source folder will not be able to read the file.
I need to change this behavior so that the file will inherit all the permissions that are set on the destination folder instead.

There are some resources, including official Microsoft pages, detailing this behaviour, and the possibility of changing it using a registry value named "MoveSecurityAttributes". When set to zero, it is supposed to disable the moving of ACLs when moving a file.

There are no records that I can find regarding this value in relation to Server 2019, only older operating systems. Is this still a valid registry setting in Server 2019?
Nonetheless, I have set this key in the registry of my Server 2019, but it did not seem to change the behavior.
Does this key need to be set on clients as well?

Is "MoveSecurityAttributes" still usable in Server 2019, or is there another way of changing this behavior?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,809 questions
Windows Server Storage
Windows Server Storage
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Storage: The hardware and software system used to retain data for subsequent retrieval.
656 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. cKoppen 11 Reputation points
    2020-09-21T13:33:03.09+00:00

    Hello @Leon Laude ,
    Thanks for your reply!

    Yes, I have performed the steps detailed via the link a few months back.

    After additional testing, it seems to work the way I want using the domain administrator account, but not an end user account. I'm now inclined to think that the missing detail is the "change permissions" permission.
    The user performing the move must have that permission, it says in the original support article (https://support.microsoft.com/en-ph/help/310316/how-permissions-are-handled-when-you-copy-and-move-files-and-folders)

    Does this mean the user needs that permission is on the source, target or both folders, or on the file itself in its original location?

    2 people found this answer helpful.

  2. Leon Laude 85,821 Reputation points
    2020-09-21T12:23:49.697+00:00

    Hi anonymous user,

    Found a similar thread here, it appears to be working for Windows Server 2016 / Windows 10, which means it should most likely work for Windows Server 2019 as well.
    MoveSecurityAttributes for Server 2016 with Windows 10 users

    ----------

    (If the reply was helpful please don't forget to upvote or accept as answer, thank you)

    Best regards,
    Leon

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.