Windows ACL during explorer copy
The behavior you describe as the desired one is in fact the default with all versions of Windows. Copied files and directories are re-created at the destination inheriting the permissions of the destination folder.
There are mainly two conditions where this might not be the case:
your users are not copying but moving the files and directories within the same file system. In this case, filesystem ACLs are not changed as a "move" operation is simply re-writing the pointers to the destination in the file system and does not do anything to ACLs (which are stored in a different attribute). This behavior can be changed by setting the
MoveSecurityAttributes
(DWORD) value in theHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
key to0
on all your client machines. Note that for MoveSecurityAttributes to work on newer versions of Windows (on from Vista / Server 2008) you need to install a hotfix as described in MS KB 2617058: "MoveSecurityAttributes" registry subkey does not work in Windows 7, in Windows Vista, in Windows Server 2008 or in Windows Server 2008 R2.you have changed your Windows users' Explorer default behavior to copy permissions with the file by setting
ForceCopyAclwithFile
in theHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
key to1
.
Suggested reading: MSKB 310316: How permissions are handled when you copy and move files and folders