Knowledge Base

Saving from PowerPoint, Word, or Excel resets NTFS security settings

Article ID: 102888

Article Last Modified on 1/18/2007

Microsoft Windows 2000 Professional Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows XP Professional
Microsoft Office 2000 Standard Edition
Microsoft Office XP Standard Edition
Microsoft Office Professional Edition 2003

This article was previously published under Q102888

SYMPTOMS

When you save a file in Microsoft Word, in Microsoft PowerPoint, or in Microsoft Excel, the NFTS file system security settings are reset. These security settings are reset in the discretionary access control list (DACL) and in the system access control list (SACL) of the NTFS file system security descriptor.

CAUSE

When PowerPoint, Word, or Excel has a file open for editing, and the user saves the file, a copy of the original file is created as a temporary file. This temporary file stores changes that are made to the original file.

By default, this temporary file is created in the same directory as the original file. When you save the file, the original file is deleted, and the temporary file is renamed to the original file name. Because newly created files in a directory inherit the security permissions of that directory, the security permissions on the file are be reset to those of the directory.

Starting with the Office XP releases of the applications, the applications try to copy the custom file security information to the new file. However, users do not typically have permissions to write the security information.

WORKAROUND

To work around this problem, use one of the following methods:

Put all affected files in the same directory. Assign the security settings to the directory. You may have a separate directory for each group of files, adn each directory may have different permissions or auditing settings.
Change the permissions for the directory and for the file to prevent the user from overwriting the original file. Change the permissions to disallow file deletions.
Use Sharepoint Portal Server to store the files. The Sharepoint site will enforce its own security scheme to the data that is stored on the site.
Grant "Change Permissions" permissions to the directory. Then, users can change file security. However, you may not want to do this.

MORE INFORMATION

These Office programs use this method of saving files to prevent data loss. If the connection to the server is lost during the save operation, and the file is directly saved to the original file name, the file data would be lost.

This method could cause the latest changes to be lost. However, the old version of the file would still be present on the server.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

211632 Description of how Word creates temporary files

Additional query words: prodnt prodoffice prodexcel prodword prodpowerpoint

Keywords: kbtshoot kbinterop KB102888