This properties panel handles options related to the copying of NTFS and Novell Netware permissions. This is a complex topic, please read these details carefully before enabling the copying of permissions.
Copy these security objects when copying files
Permissions: If you check this checkbox SureSync will copy file permissions (ACLs) for a file or a directory.
Auditing: If you check this checkbox SureSync will copy a file's auditing information.
Ownership: If you check this checkbox SureSync will copy the ownership properties of a file or directory.
You may choose any combination of security objects to copy. If you do not check these boxes to copy security information, the files will inherit the information from the parent folder on the destination unless you check 'preserve all security objects on replaced files'.
Preserve security objects on replaced files
This option can degrade the performance of your synchronization because SureSync must compare security on the source and destination. Use this option only when necessary.
If you check the box to preserve any security objects for replaced files, then any existing files will keep whatever security settings they already have on the destination regardless of the settings on the parent folder or the source. Any new files added will still inherit security information from the parent folder on the destination unless the information is set to be copied from the source. If you choose to preserve existing information it will degrade performance as SureSync must read security information from both sides and override the standard inheritance. For ease of system administration we recommend that you handle security on a folder rather than an individual file basis and let the files get their security settings from their parent folders.
Copy folder security objects to existing folders
This option can degrade the performance of your synchronization because SureSync must compare security on the source and destination. Use this option only when necessary.
Once a folder has been added, SureSync will not change any security properties on the folder during future synchronization jobs unless this checkbox is checked. This option will add to the synchronization time as SureSync must access every folder to verify that the security objects are correct. If you do not change your security settings often you should not normally need to check this box; you can turn this option on when you know that there have been changes.
Copy file security objects even if the file is not copied
This option can degrade the performance of your synchronization because SureSync must compare security on the source and destination. Use this option only when necessary.
If a file is not copied then SureSync will not change the permissions on the receiving end unless you check this option. If this checkbox is checked SureSync will copy the security objects whether or not the file itself needs to be synchronized. Again, this process is resource intensive as SureSync must access every file to verify that the security objects are correct. You should not normally need to run with this box checked; you can turn on this option when you know that there have been changes.
Copy Netware Security Trustees
This check box (when available) allows you to choose to copy the Netware security objects. If checked SureSync will copy Trustees. This choice is not displayed if there are no Netware paths.
Notes on copying security
If the option to copy security objects (see the topic on Path Options) is not enabled for the individual path the security information will not copy. When you are running a Rule that copies any security objects and one of the paths does not have compatible security, you must turn the option off for that path. If you are not running SureSync on the Windows NT, Windows 2000, Windows XP, Windws 2003, Windows Vista or Windows 2008 operating systems you will not be able to copy security.
When security values are copied, the destination must be able to recognize the security values. When you cross domains you may not get the values you expect. The values copied will exactly match the original values, ignoring identical user names or groups that may be present in the destination domain. The information copied includes the domains associated with the user IDs. Thus even if the user JohnDoe is in the domain for both source and destination ends and SureSync copies a file where Source\JohnDoe has permission, the file will only have Source\JohnDoe permissions on the receiving end not Destination\JohnDoe permissions.
Required rights to copy permissions
In order to copy security the user running SureSync must have appropriate file access to the destination files. If that user does not have the authorization to change the permissions manually then they can not do it with SureSync either. Also, in order to copy ownership, the user ID must have the advanced user right on the destination machine(s) to 'Take Ownership of files or other objects'. And finally, the user must also have the advanced user right 'Manage auditing and security log' on both source and destination machines in order to have authorization to copy Auditing.
SureSync copies security which is explicitly set on a file and the state of the inheritance flag. This can result in security copying being performed correctly but looking a little different then you might expect. For example, say you have a file named TestData.doc and it has the Administrators Group, a group named Sales, and a group named Marketing specified on the source via inheritance. That file also has domain\User1 and domain\User2 specified explicitly on that file. On the destination side the file has only the Administrators group applied from inheritance. When the file is copied with security to the destination machine the end result would be the Administrators group, domain\User1 and domain\User2 being set as the security on the destination file. The inheritance flag is copied as being on so the security is inherited down the tree on the destination to the file. The explicitly set permissions are also copied. In short, if most of your permissions are inherited from parent folders, you need to make the security on the source and destination root folders match to see the results you are expecting.
To insure that files are never lost during a copy process, SureSync always copies to a temporary file and then renames to the destination file name. Security values are set on the temporary file before the rename. If you set permissions that will deny the SureSync user the right to rename a file, you will get an error and will be unable to complete the copy operation. It is possible that the user ID used to copy the file has permission to create the temporary file, based on default permissions from the folder, but after security values are copied over the necessary permission to delete and rename is then removed.
Whenever ownership is successfully copied, an entry is automatically logged to the Windows Security Event Log.
Cancel & Apply
The 'Cancel' button will cancel any changes you made to this panel. The 'Apply' button will apply any changes you made to this panel.
This option can degrade the performance of your synchronization because SureSync must compare security on the source and destination. Use this option only when necessary.
When security values are copied, the destination must be able to recognize the security values. When you cross domains you may not get the values you expect. The values copied will exactly match the original values, ignoring identical user names or groups that may be present in the destination domain. The information copied includes the domains associated with the user IDs. Thus even if the user JohnDoe is in the domain for both source and destination ends and SureSync copies a file where Source\JohnDoe has permission, the file will only have Source\JohnDoe permissions on the receiving end not Destination\JohnDoe permissions.