Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/102888

From BetaArchive Wiki
Knowledge Base

Saving from PowerPoint, Word, or Excel resets NTFS security settings

Article ID: 102888

Article Last Modified on 1/18/2007


  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows XP Professional
  • Microsoft Office 2000 Standard Edition
  • Microsoft Office XP Standard Edition
  • Microsoft Office Professional Edition 2003

This article was previously published under Q102888


When you save a file in Microsoft Word, in Microsoft PowerPoint, or in Microsoft Excel, the NFTS file system security settings are reset. These security settings are reset in the discretionary access control list (DACL) and in the system access control list (SACL) of the NTFS file system security descriptor.


When PowerPoint, Word, or Excel has a file open for editing, and the user saves the file, a copy of the original file is created as a temporary file. This temporary file stores changes that are made to the original file.

By default, this temporary file is created in the same directory as the original file. When you save the file, the original file is deleted, and the temporary file is renamed to the original file name. Because newly created files in a directory inherit the security permissions of that directory, the security permissions on the file are be reset to those of the directory.

Starting with the Office XP releases of the applications, the applications try to copy the custom file security information to the new file. However, users do not typically have permissions to write the security information.


To work around this problem, use one of the following methods:

  • Put all affected files in the same directory. Assign the security settings to the directory. You may have a separate directory for each group of files, adn each directory may have different permissions or auditing settings.
  • Change the permissions for the directory and for the file to prevent the user from overwriting the original file. Change the permissions to disallow file deletions.
  • Use Sharepoint Portal Server to store the files. The Sharepoint site will enforce its own security scheme to the data that is stored on the site.
  • Grant "Change Permissions" permissions to the directory. Then, users can change file security. However, you may not want to do this.


These Office programs use this method of saving files to prevent data loss. If the connection to the server is lost during the save operation, and the file is directly saved to the original file name, the file data would be lost.

This method could cause the latest changes to be lost. However, the old version of the file would still be present on the server.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

211632 Description of how Word creates temporary files

Additional query words: prodnt prodoffice prodexcel prodword prodpowerpoint

Keywords: kbtshoot kbinterop KB102888