BUG: The BackupWrite() Function Does Not Restore Security Descriptor Control Bits (259393)
The information in this article applies to:
- Microsoft Win32 Application Programming Interface (API), when used with:
- the operating system: Microsoft Windows 2000
This article was previously published under Q259393 SYMPTOMS
When a back-up application uses the BackupRead and BackupWrite functions to back up and restore BACKUP_SECURITY_DATA stream, the Windows 2000 SE_DACL_AUTO_INHERITED and SE_SACL_AUTO_INHERITED bits in the security descriptor control are not restored.
STATUSMicrosoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article. MORE INFORMATION
When a back-up application calls BackupRead to back up standard streams such as security data, the system internally reads the security descriptor information of the file or folder and returns as BACKUP_SECURITY_DATA stream. The BACKUP_SECURITY_DATA stream returned by BackupRead contains information about security descriptor control flags that are set on a file or folder, respectively. When the BACKUP_SECURITY_DATA stream that is returned by BackupRead is then restored by using BackupWrite, the SE_DACL_AUTO_INHERITED and SE_SACL_AUTO_INHERITED control bit flags are not set in the security descriptor control.
BackupWrite internally does not request for the SE_DACL_AUTO_INHERIT_REQ or SE_SACL_AUTO_INHERIT_REQ control bit when setting the security descriptor on an object. So, when the application calls BackupWrite to restore the BACKUP_SECURITY_DATA stream, the SE_DACL_AUTO_INHERITED and SE_SACL_AUTO_INHERITED control bits are not set.
REFERENCESFor additional information, click the article number below
to view the article in the Microsoft Knowledge Base:
240184 Reading/Modifying DACL of a File or Folder with Backup and Restore Privileges
| Modification Type: | Major | Last Reviewed: | 2/25/2004 |
|---|
| Keywords: | kbACL kbAPI kbbug kbKernBase kbSecurity KB259393 |
|---|
|