Restoring Lost Access Control Lists (ACLs)

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In planning user state migration, it is best to assume that access control lists will not migrate during your user state migration. Several factors affect the migration of ACLs:

• The USMT tool and the Files and Settings Transfer Wizard do not migrate ACLs — instead, default ACLs are assigned to each folder that is created on the destination computer.

• If users are changing domains during a migration, there is a good chance that the original ACLs will not work unless you use a tool such as SIDHistory as part of the user state migration process. For information about managing access control lists during a domain migration, see "Designing the Active Directory Logical Structure" in Designing and Deploying Directory and Security Services of this kit.

• When you migrate a Windows NT workstation that uses an NTFS file system drive, ACLs for individual files often do not migrate with the files. Instead, the files inherit the default ACLs of the folder into which they are copied.