I've noticed that since Windows 8, CopyFileEx is documented as copying DACLS along with the file itself; this was not the case in Windows 7. The Microsoft documentation I found for CopyFileEx notes that , "Security resource properties for the existing file are not copied to the new file until Windows 8 and Windows Server 2012."
What I cannot find is any way to disable this behavior. No flags or settings in CopyFileEx. This is problematic because:
I'm running in a Workgroup environment, not Domain
ACLs for files have both Well-Known (WKS) and Machine-Specific SIDS (MSS). The WSS are not a problem, but the MSS won't translate across the network.
The "old behavior" was for a file to take its ACLs from the folder into which it was copied, which is the behavior I'd like to restore!
I've written code to accomplish translating MSS between machines, so I can copy ACLs when I need to.
Perhaps I misunderstand what it means to copy the ATTRIBUTE_SECURITY_INFORMATION for a file. The only documentation I've found is for SECURITY_INFORMATION, which talks about ATTRIBUTE_SECURITY_INFORMATION as a value to set when reading or writing SACL ACE entries. If the ACLS are actually not copied, then my code will work. If the are copied, then I'd appreciate any documented or verified ways to keep CopyFileEx from copying the ACLS with the file.
Thanks!