Fog Creek Software
Discussion Board

How to save & restore NTFS permissions?

Pretty self explanatory...

I am considering development of a special purpose file backup utility. I am interested in knowing how tape backup programs save and restore the list of users and groups, and the set of read/write permissions for each class of user. I am also concerned about the saved and restored permission data being portable between same-named users and groups between different NT/2000/XP installations (if possible).

To avoid flames ;-) I want to state that I am not looking for a detailed step by step tutorial here. All I am really in search of is are online FAQs or code examples that demonstrate how the security API is called for an application of this type. The security API is very broad and covers a lot of stuff. This is a 'point me in the proper direction' inquiry. My keyword searches on search engines haven't yielded anything useful.

Delphi is the language, in case there's a VCL wrapper laying around out there, but I can handle examples in any language.


Bored Bystander
Wednesday, November 26, 2003

Google for ACE's (access control entries), which are the components of each ACL.  ACE's are categorized as "Allow' or "Deny" entries and each contains a SID, I believe.

For each folder and file in the tree...  open the ACL, rip through each ACE, save all relevent info, map the SID to a user or group (and handle multiple domains and ADSI lookup issues... so I'd use an associative array to cache these objects).

When restoring folders and files, create an ACL, add ACE's to it with SID's that you've generated using a reverse of the lookup above (domain user or group ==> SID).

D Ross - BadBlue com
Wednesday, November 26, 2003

D Ross, thanks for the quick overview. That helps tremendously.

Bored Bystander
Wednesday, November 26, 2003

Hello Sir

I would like to know if there is any solution for the question above.

Thank you very much


Mike Bawer
Monday, July 26, 2004

*  Recent Topics

*  Fog Creek Home