Using NTBACKUP to copy data to an alternate location and preserve
Jason Zandri’s latest tutorial discusses how to use NTBACKUP to copy data to an alternate location and preserve NTFS permissions. The article explains how to back up data with all of the permissions intact and how to perform a restore.
[NOTES FROM THE FIELD] – Before we begin, the key thing that I
want to stress on this HOW TO tutorial is that while it will explain how to back up data with all of the permissions intact and how to perform a restore, the
one thing to remember is that in the situation where you restore to another
system, only the domain accounts are going to hold their permissions and rights
to the data entirely intact. The local accounts, if any, that were assigned
rights to the data on the original domain member are going to be unknown
to another domain member and those local accounts from the original system will
not be able to access the data properly, if at all.
NTFS is the preferred file system for all computers running Windows 2000 and XP
Professional. This version of NTFS is called NTFS 5.
If you are running Windows NT 4.0 Service Pack 4 or later, you can read basic volumes
formatted by using NTFS 5 locally on dual boot systems. Windows 2000 and Windows
XP Professional can read NTFS 5 on both basic and dynamic volumes.
[NOTES FROM THE FIELD] – Computers systems accessing either version of NTFS across networks are not
affected. Version differences are usually only considered in local or dual boot
The following NTFS features are available in version 5;
- File and Folder Permissions
- Disk Quotas
- File Compression
- Mounted Drives
- Hard Links
- Distributed Link Tracking
- Sparse Files
- Multiple Data Streams
- POSIX Compliance
- NTFS Change Journal
- Indexing Service
File and Folder Permissions Under NTFS
In short, File and Folder Permissions under NTFS are designed to allow
administrators and data owners to set a level of access (or prevent one) to
the data in question.
The Principal of Least Privilege is where users are given only the minimum level
of permissions to the network resources needed to perform their given job
function and nothing higher.
Using NTFS you can set permissions down to the file level, where under FAT16 or
FAT32 this security is limited to shares only and has no effect when logging on
interactively (locally on the system).
Some key points to remember are:
- Creator Owners are assigned the Full Control permission
to the data and objects that they create.
- Partitions and volumes originally formatted with
NTFS are automatically configured to assign the Full Control permission to the
Everyone group at the root of the drive by default.
- FAT16 and/or FAT32 partitions that are converted to NTFS
are designed to assign the Full Control permissions to the Everyone group on
all resources on that volume by default.
There are two types of permissions within the NT file system: Explicit permissions are the type specifically set on a given
object; and inherited permissions are those gained from a parent container,
such as a parent folder or organizational unit. The default behavior of the NT
file system is to allow inheritance to child objects (folder, file or active
directory object), from the parent folder or container.