Microsoft KB Archive/271830

= Security permissions are not maintained when making files available offline on a FAT or FAT32 drive =

Article ID: 271830

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1

-



This article was previously published under Q271830



SUMMARY
When you use Windows 2000, you can define access controls for a file on a network share, which make the file available for use on a client computer when the client is not connected to the local area network where the file is maintained.

If your network server has a drive that uses the NTFS file system, you can define special Access Control List (ACL) settings for a file on that drive. A copy of the file that is cached on a client computer retains these ACL settings only if the system drive of the client computer also uses NTFS.

If the system drive of the client computer is formatted using the FAT or FAT32 file system, the ACL settings are not maintained for the locally-cached copy of the file. This means that other users of the computer may be able to access the file. However, these users will not be able to synchronize changes to the network share version of the file if they do not have the appropriate access credentials.



MORE INFORMATION
If the file is changed by the user in the user's directory who has the appropriate access credentials, the changed file could be uploaded to the NTFS share directory in the next time when the user has the appropriate credentials to synchronize.

For example, suppose User1 and User2 share a computer called Machine1. User1 is the only user who has access to an offline file that is named FILE1 on a NTFS share. File1 is stored in the offline files store on a FAT32 drive on Machine1. If User2 makes a change to File1 on Machine1, File1 is changed on the NTFS share by using User1s credentials when User1 logs in and synchronizes offline content.

Because the FAT and FAT32 file systems lack the necessary structure to store file ACL settings, and the Offline Files feature is a per-computer setting, all users of a Windows 2000 client may be able to access the locally-cached copies of offline files.

To maintain a high level of network security, we recommend that you format or convert the drives of all the client computers that are running Windows 2000 Professional by using the NTFS file system.

Keywords: kbinfo kbenv KB271830

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.