Backing Up Data -- Permissions Intact
Using NTBACKUP to copy data to an alternate location and preserve NTFS permissionsJason Zandri's latest tutorial discusses how to use NTBACKUP to copy data to an alternate location and preserve NTFS permissions. The article explains how to back up data with all of the permissions intact and how to perform a restore.
[NOTES FROM THE FIELD] - Before we begin, the key thing that I want to stress on this HOW TO tutorial is that while it will explain how to back up data with all of the permissions intact and how to perform a restore, the one thing to remember is that in the situation where you restore to another system, only the domain accounts are going to hold their permissions and rights to the data entirely intact. The local accounts, if any, that were assigned rights to the data on the original domain member are going to be unknown to another domain member and those local accounts from the original system will not be able to access the data properly, if at all.
NTFS is the preferred file system for all computers running Windows 2000 and XP Professional. This version of NTFS is called NTFS 5.
If you are running Windows NT 4.0 Service Pack 4 or later, you can read basic volumes formatted by using NTFS 5 locally on dual boot systems. Windows 2000 and Windows XP Professional can read NTFS 5 on both basic and dynamic volumes.
[NOTES FROM THE FIELD] - Computers systems accessing either version of NTFS across networks are not affected. Version differences are usually only considered in local or dual boot situations.
The following NTFS features are available in version 5;
- File and Folder Permissions
- Disk Quotas
- File Compression
- Mounted Drives
- Hard Links
- Distributed Link Tracking
- Sparse Files
- Multiple Data Streams
- POSIX Compliance
- NTFS Change Journal
- Indexing Service
File and Folder Permissions Under NTFS
In short, File and Folder Permissions under NTFS are designed to allow administrators and data owners to set a level of access (or prevent one) to the data in question.
The Principal of Least Privilege is where users are given only the minimum level of permissions to the network resources needed to perform their given job function and nothing higher.
Using NTFS you can set permissions down to the file level, where under FAT16 or FAT32 this security is limited to shares only and has no effect when logging on interactively (locally on the system).
Some key points to remember are:
- Creator Owners are assigned the Full Control permission to the data and objects that they create.
- Partitions and volumes originally formatted with NTFS are automatically configured to assign the Full Control permission to the Everyone group at the root of the drive by default.
- FAT16 and/or FAT32 partitions that are converted to NTFS are designed to assign the Full Control permissions to the Everyone group on all resources on that volume by default.
There are two types of permissions within the NT file system: Explicit permissions are the type specifically set on a given object; and inherited permissions are those gained from a parent container, such as a parent folder or organizational unit. The default behavior of the NT file system is to allow inheritance to child objects (folder, file or active directory object), from the parent folder or container.