{"id":91361,"date":"2015-10-14T07:00:00","date_gmt":"2015-10-14T21:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/20151014-00\/?p=91361\/"},"modified":"2019-03-13T12:20:35","modified_gmt":"2019-03-13T19:20:35","slug":"20151014-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20151014-00\/?p=91361","title":{"rendered":"The MoveSecurityAttributes policy affects only how Explorer recalculates ACLs when a file is moved; everybody else is on their own"},"content":{"rendered":"<p>A customer reported that even though they were deploying <a HREF=\"http:\/\/support.microsoft.com\/kb\/310316\"><code>Move&shy;Security&shy;Attributes<\/code> policy<\/a> to all their machines, it wasn&#8217;t working everywhere. &#8220;It works fine with the GUI but does not work (i.e., has no effect) when using the Move command at the command prompt.&#8221; <\/p>\n<p>That&#8217;s right. <\/p>\n<p>The <code>Move&shy;Security&shy;Attributes<\/code> policy <a HREF=\"http:\/\/blogs.msdn.com\/b\/oldnewthing\/archive\/2006\/08\/24\/717181.aspx\">applies to Explorer&#8217;s file copy engine<\/a>, the thing that kicks in when you call <code>SHFile&shy;Operation<\/code> or use the <code>IFile&shy;Operation<\/code> interface. <\/p>\n<p>The command prompt doesn&#8217;t use either of those functions. It just calls the <code>Move&shy;File&shy;Ex<\/code> function directly. And that function doesn&#8217;t respect UI policy because it&#8217;s not a UI function. <\/p>\n<p>The KB article does say this when it finishes talking about the default behavior and starts talking about the policy: <\/p>\n<blockquote CLASS=\"q\">\n<p>By default&hellip; <\/p>\n<p>You can modify <u>how Windows Explorer<\/u> handles permissions when objects are copied or moved&hellip; <\/p>\n<\/blockquote>\n<p>(Emphasis mine.) <\/p>\n<p>The article points out that the technique applies only to Windows Explorer. Mind you, it&#8217;s not underlined or anything, so somebody in a hurry is like to miss out on that detail. <\/p>\n<p>So here&#8217;s a blog entry to make it more clear. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>GUI policies tend not to apply to command line tools.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[104],"class_list":["post-91361","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-tipssupport"],"acf":[],"blog_post_summary":"<p>GUI policies tend not to apply to command line tools.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/91361","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=91361"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/91361\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=91361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=91361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=91361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}