Microsoft KB Archive/259393

{|
 * width="100%"|

BUG: The BackupWrite Function Does Not Restore Security Descriptor Control Bits

 * }

Q259393

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), included with:
 * the operating system: Microsoft Windows 2000

-

SYMPTOMS
When a back-up application uses the BackupRead and BackupWrite functions to back up and restore BACKUP_SECURITY_DATA stream, the Windows 2000 SE_DACL_AUTO_INHERITED and SE_SACL_AUTO_INHERITED bits in the security descriptor control are not restored.

STATUS
Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article.

MORE INFORMATION
When a back-up application calls BackupRead to back up standard streams such as security data, the system internally reads the security descriptor information of the file or folder and returns as BACKUP_SECURITY_DATA stream. The BACKUP_SECURITY_DATA stream returned by BackupRead contains information about security descriptor control flags that are set on a file or folder, respectively. When the BACKUP_SECURITY_DATA stream that is returned by BackupRead is then restored by using BackupWrite, the SE_DACL_AUTO_INHERITED and SE_SACL_AUTO_INHERITED control bit flags are not set in the security descriptor control.

BackupWrite internally does not request for the SE_DACL_AUTO_INHERIT_REQ or SE_SACL_AUTO_INHERIT_REQ control bit when setting the security descriptor on an object. So, when the application calls BackupWrite to restore the BACKUP_SECURITY_DATA stream, the SE_DACL_AUTO_INHERITED and SE_SACL_AUTO_INHERITED control bits are not set.