Do I have to do anything for file ACLs to work both before and after I reformat a computer?

Let's say that I have a computer running Windows Vista with 2 users: Alice and Bob. Alice is the admin and Bob is a normal user. They each have files in their respective My Documents folders and Bob is not allowed to view Alice's files and Alice has to jump through a UAC elevation to view Bob's.

If Alice copies all the files on the computer to an external NTFS-formatted hard drive with the following 2 commands:

robocopy "E:\Bob's Files" "C:\Users\Bob\My Documents" /MIR
robocopy "E:\Alice's Files" "C:\Users\Alice\My Documents" /MIR

And then reformats the hard drive, installs a fresh copy of Windows, and creates 2 users named Alice and Bob on the computer, then will everything in the first paragraph be true after Alice copies the files back onto the internal hard drive? Assume that when the files are copied back over, she logs in as Bob and then copies Bob's files and likewise with her own files.

Possibly relevant: Alice and Bob also have passwords on their user accounts and they create new passwords after the computer is reformatted.

The main post has been tweaked slightly to make the question clearer. Answers that predate April 2011 are referring to an earlier version of this post.

Zian Choy

Posted 2011-03-25T04:44:30.807

Reputation: 1 394

Not sure if it applies but I found this: http://forums.techarena.in/windows-server-help/922342.htm ...it looks like an additional switch is needed to carry permissions. (copy-paste:) Create empty shared folders on the new machine. Turn off inheritance of permissions to contained folders and files.

Use ROBOCOPY with the option /COPY:DATSO to move all folders and files from the old shares to the new shares, preserving: Data content File Attributes Timestamps NTFS ACLs Ownership

– CreeDorofl – 2011-03-25T05:22:29.727

Answers

Turns out that you don't have to do anything special. Windows will automatically apply the correct permissions.

Zian Choy

Posted 2011-03-25T04:44:30.807

Reputation: 1 394

Any files you copy into a folder will inherit any inheritable file permissions. In this case, assuming nothing strange is done, any files you copy into new Alice's Documents will be treated like any other file or folder in that directory, and the same is true for Bob.

If we're talking about more specialized permissions (it's not completely clear to me) read this: /MIR doesn't copy security information. To do that you need the /SEC switch or /COPYALL switch or specify the security information with the /COPY switch. See the built in help for robocopy to see what you're copying (/?). However, robocopy very likely copies folders using the group or account SID. If we're talking about local user accounts, when you reformat you're generating completely new SIDs.

ROBOCOPY has a known issue copying and restoring file and folder permissions. The best description of the problem (and solution) has been here: http://blogs.technet.com/b/filecab/archive/2008/07/31/robocopy-mir-switch-mirroring-file-permissions.aspx

Bacon Bits

Posted 2011-03-25T04:44:30.807

Reputation: 6 125

I'm now in the awkward position of seeing a perfectly good answer that looks suspiciously like a xerox of my own. :) upvotes the answer – Zian Choy – 2011-04-10T01:25:12.590

I think I would've beaten you if I hadn't tracked down the file and folder permissions issue link. :D – Bacon Bits – 2011-04-10T01:33:45.237