I apologize to the many knowledgeable Forum members,
I am no expert. My setting is: UNTICKED for "Copy NTFS Permissions" but I am concerned this is not the wisest setting.
My User Account is "ADMINISTRATOR"
I barely understand NTFS permissions so please bare with me. Am I correct in saying with option unticked that if a file backed up by FFS:
1) had attributes of read only and hidden that if I copied back the FFS backup to its original location the new file would not longer have read only and hidden attributes.
2) Does it also mean if there are certain permissions granted (what I can see in each file's property>Security tab (e.g entries like SYSTEM, USERS, ADMINISTRATOR Authenticated Users or whatever) that those permissions and rights/restrictions would also be lost if the file needed to be recovered form a FFS backup.
3) If answers to 1) & 2) are "YES" does this mean restored FFS backup files stripped of all these may stop the using app(s) or whatever from working?
Final 2 questions:
4) Are there any downsides to TICKING "Copy NTFS Permissions" should I sub-sequentially need to recover files from a FFS backup location to their original location(s)
5) What do experts here consider the setting should be TICKED or UNTICKED.
(I don't know if my set-up is relevant to this question, so I advise I have a Home PC and my son has his PC using the same Router modem both use wired LAN cables. I have set both PCs not to share or be able to see anything on each others PC).
Essentially they are independent PCs using the same ADSL Router Modem. Only my PC uses FFS
I do not ask for in-depth answers, merely enough for me to know what is best and any ramification that may influence me to best (correct) decision for my set-up.
Many thanks all
Please advise preferrable setting for the Global Setting "Copy NTFS Permissions"
- Posts: 55
- Joined: 5 Aug 2006
-
- Site Admin
- Posts: 7210
- Joined: 9 Dec 2007
NTFS Permissions means specifically that: DACL, SACL, owner, group. If you don't know what these are, then you don't need to copy them, which is the default behavior for Windows file copy.
In general, this setting seems to do more harm than good and adds significant user confusion.
I wonder how I could effectively make it scarier to click for the average user, so that only admins would use it. Ideas?
In general, this setting seems to do more harm than good and adds significant user confusion.
I wonder how I could effectively make it scarier to click for the average user, so that only admins would use it. Ideas?
-
- Site Admin
- Posts: 7210
- Joined: 9 Dec 2007
Maybe I should call it directly that:
"Copy DACL, SACL, owner, group". If you don't know what these are, you wouldn't want to click there, right?
"Copy DACL, SACL, owner, group". If you don't know what these are, you wouldn't want to click there, right?
- Posts: 18
- Joined: 7 Dec 2001
Maybe have an option that hides advanced settings by default.
- Posts: 55
- Joined: 5 Aug 2006
I regret you felt the need for apparent sarcasm in your 2 replies to me Zenju.
I apologize that I, an ordinary 63 year old retired Home User who loves FFS, sort advice from more knowledgable Forum members rather than take a risk and guess.
"..If you don't know what these are, then you don't need to copy them..",
So you are suggesting a user's ignorance should be the basis of his/her decision making? I'm disappointed with that response to be honest (even if unticked is default behaviour of Windows -- which I also did not know).
I also apologize for my next two questions but I prefer to be safe and not ignorant.
1) If a file has permissions and copied via FFS for possible restoration in the future, then I do not understand why a User would not want the file back with identical "permissions" it had before being backed up.
I am assuming the permissions were there for a good reason and I ask "If a restored FFS backup of the file no longer has them are there not likely to be issues/risks in future?.
2) IF the "Copy NTFS Permissions" option is as you say "in general, this setting seems to do more harm than good and adds significant user confusion". Then is it a "non-expert" fault when we ARE confused when the option is clearly there, the tip box only says "transfer file and folder permissions" and explanation of ramifications and the risks in ticking/Not ticking are NON-EXISTENT in the FFS minimalist Help file?
Please don't misunderstand me Zenju. I think FFS is a WONDERFUL Application, which I have VERY HAPPILY used for many years and would/will not consider an alternative. I believe a brilliant app like FFS, deserves and should have a decent Help or User Manual (the two go hand in hand).
I would, respectfully, suggest if that was the case then lesser mortals, like me, would not need to ask whether to use a feature or not. Maybe your intention all along was that FFS was/is only for professionals and Experts (which, by the way, I do NOT believe to be the case)
Regards
Dave
I apologize that I, an ordinary 63 year old retired Home User who loves FFS, sort advice from more knowledgable Forum members rather than take a risk and guess.
"..If you don't know what these are, then you don't need to copy them..",
So you are suggesting a user's ignorance should be the basis of his/her decision making? I'm disappointed with that response to be honest (even if unticked is default behaviour of Windows -- which I also did not know).
I also apologize for my next two questions but I prefer to be safe and not ignorant.
1) If a file has permissions and copied via FFS for possible restoration in the future, then I do not understand why a User would not want the file back with identical "permissions" it had before being backed up.
I am assuming the permissions were there for a good reason and I ask "If a restored FFS backup of the file no longer has them are there not likely to be issues/risks in future?.
2) IF the "Copy NTFS Permissions" option is as you say "in general, this setting seems to do more harm than good and adds significant user confusion". Then is it a "non-expert" fault when we ARE confused when the option is clearly there, the tip box only says "transfer file and folder permissions" and explanation of ramifications and the risks in ticking/Not ticking are NON-EXISTENT in the FFS minimalist Help file?
Please don't misunderstand me Zenju. I think FFS is a WONDERFUL Application, which I have VERY HAPPILY used for many years and would/will not consider an alternative. I believe a brilliant app like FFS, deserves and should have a decent Help or User Manual (the two go hand in hand).
I would, respectfully, suggest if that was the case then lesser mortals, like me, would not need to ask whether to use a feature or not. Maybe your intention all along was that FFS was/is only for professionals and Experts (which, by the way, I do NOT believe to be the case)
Regards
Dave
-
- Site Admin
- Posts: 7210
- Joined: 9 Dec 2007
> I regret you felt the need for apparent sarcasm in your 2 replies to me Zenju.
Simple misunderstanding, there is no sarcasm, there. I will name it "Copy DACL, SACL, owner, group" for the next translation update and see if this works better with regards to user feedback.
Your misunderstanding of "copy NTFS permissions" hints at a documentation problem, you're by far not the first user who doesn't know what is meant exactly, and wants to check it in order ot have a "complete" backup.
What happens next however is that users will be even more confused when they get error messages like viewtopic.php?t=435
and don't know where it's coming from.
Maybe a better description can avoid this issue while still offering the functionality for admin users.
Simple misunderstanding, there is no sarcasm, there. I will name it "Copy DACL, SACL, owner, group" for the next translation update and see if this works better with regards to user feedback.
Your misunderstanding of "copy NTFS permissions" hints at a documentation problem, you're by far not the first user who doesn't know what is meant exactly, and wants to check it in order ot have a "complete" backup.
What happens next however is that users will be even more confused when they get error messages like viewtopic.php?t=435
and don't know where it's coming from.
Maybe a better description can avoid this issue while still offering the functionality for admin users.
- Posts: 55
- Joined: 5 Aug 2006
:) Hi Zenju,
I am happy its a "simple misunderstanding" (probably due to cultural and translation). You have always been helpful and pleasant to me in the past.
I looked at your link and :LOL: I agree I would have been confused if I (who uses an Administrator account) got such a message and I WILL take your advice and leave unticked and leave well alone. Thanks for the clarification.
---
About once a week I use Acronis True Image Home, for backing up the whole (partition) of My C: System and Programs Drive & for my D: (partition) which contains MOST of my Data about once a week I use FFS every day (occasionally more often if I have made a lot of data changes etc.).
My instinct based on what you have said is that I perfectly safe to recover individual/groups of folders and files from FFS for MOST things (music, videos, source set-up apps etc) and DATA (which I have always found effective and without issues) as usually more up to date and usually without special or restricted permissions
BUT
maybe I would be wiser to restore Windows SYSTEM Files and the like on my C: Drive from the weekly Acronis True Image Home backup as I believe System files often do not change regularly, are much more likely to have differing or restricted permissions and I ASSUME Acronis backups of a whole Partition retain all permissions etc.(essentially an identical copy of every file be default.
Based on you knowledge Zenju of security matters and FFS what is your opinion on my instinct. Is it flawed? or over/under cautious in anyway?
For Information UAC is disabled on my System. I love Windows 7 (x64) but my switching from XP to Win 7 was initially plagued by Win 7 keep challenging me on almost everything I tried/wished to open or run (that I had been running for years on XP. With my VERY limited knowledge File Permissions I was totally confused with what to do/accept/disallow in many cases.
I DO accept and understand UAC is an important extra security level but controlling it correctly was beyond me (and I assume many as I am not a novice).
Kind Regards
Dave
I am happy its a "simple misunderstanding" (probably due to cultural and translation). You have always been helpful and pleasant to me in the past.
I looked at your link and :LOL: I agree I would have been confused if I (who uses an Administrator account) got such a message and I WILL take your advice and leave unticked and leave well alone. Thanks for the clarification.
---
About once a week I use Acronis True Image Home, for backing up the whole (partition) of My C: System and Programs Drive & for my D: (partition) which contains MOST of my Data about once a week I use FFS every day (occasionally more often if I have made a lot of data changes etc.).
My instinct based on what you have said is that I perfectly safe to recover individual/groups of folders and files from FFS for MOST things (music, videos, source set-up apps etc) and DATA (which I have always found effective and without issues) as usually more up to date and usually without special or restricted permissions
BUT
maybe I would be wiser to restore Windows SYSTEM Files and the like on my C: Drive from the weekly Acronis True Image Home backup as I believe System files often do not change regularly, are much more likely to have differing or restricted permissions and I ASSUME Acronis backups of a whole Partition retain all permissions etc.(essentially an identical copy of every file be default.
Based on you knowledge Zenju of security matters and FFS what is your opinion on my instinct. Is it flawed? or over/under cautious in anyway?
For Information UAC is disabled on my System. I love Windows 7 (x64) but my switching from XP to Win 7 was initially plagued by Win 7 keep challenging me on almost everything I tried/wished to open or run (that I had been running for years on XP. With my VERY limited knowledge File Permissions I was totally confused with what to do/accept/disallow in many cases.
I DO accept and understand UAC is an important extra security level but controlling it correctly was beyond me (and I assume many as I am not a novice).
Kind Regards
Dave
-
- Site Admin
- Posts: 7210
- Joined: 9 Dec 2007
I wouldn't turn off UAC, which has far-reaching system-wide consequences. Most importantly, you're working outside of the new Windows standard scenario, which, as always in computing, is the path of least resistance.
If entering a password is annoying, I would disable that instead, so elevation becomes only a matter of confirming a dialog with a single click.
As for the matter of system-wide backups, I don't think this is useful in general. Operating systems are not constant anymore and receive patches every few days, so a system backup will become obsolete fast. On the other hand, what's really important are personal and work-related files, everything else can be retrieved from installation disks etc. This takes longer than restoring a backup, OTOH a fatal system failure is rare. Doing backup operations consumes a lot of time, while optimizing for a rare event, so this is not efficient. Further negative consequences are that system backups are not made as often as they should because it is a time-consuming effort.
So the most efficient backup strategy from a high level is to only backup personal files and do so via synchronization. This is very fast so that it can be executed often, and thereby opens up completely new possibilities for example to save versions of files. So backup is not only a matter of disaster recovery anymore, but allows to revert mistakes made in personal files by going back to older versions selectively.
Naturally, NTFS permissions are not relevant for personal files. (*ususally*, if they are, you will know.)
If entering a password is annoying, I would disable that instead, so elevation becomes only a matter of confirming a dialog with a single click.
As for the matter of system-wide backups, I don't think this is useful in general. Operating systems are not constant anymore and receive patches every few days, so a system backup will become obsolete fast. On the other hand, what's really important are personal and work-related files, everything else can be retrieved from installation disks etc. This takes longer than restoring a backup, OTOH a fatal system failure is rare. Doing backup operations consumes a lot of time, while optimizing for a rare event, so this is not efficient. Further negative consequences are that system backups are not made as often as they should because it is a time-consuming effort.
So the most efficient backup strategy from a high level is to only backup personal files and do so via synchronization. This is very fast so that it can be executed often, and thereby opens up completely new possibilities for example to save versions of files. So backup is not only a matter of disaster recovery anymore, but allows to revert mistakes made in personal files by going back to older versions selectively.
Naturally, NTFS permissions are not relevant for personal files. (*ususally*, if they are, you will know.)
- Posts: 27
- Joined: 31 Jan 2010
gdhm: I agree with Zenju on both points (i) I would not turn off UAC - I only see it about twice per week, and I have c 100 programs installed under 8.1 and (ii) system backup every week seems like overkill.
I take an image of any new computer that I buy before and after killing crapware, then take images when I have got my key software installed, then maybe every six months as long as the computer is running well. I use Microsoft's RecImg, storing each image. Then if you get a virus or hard drive crash, you can go back to your last image. I use FFS to back up my working folders every evening and my whole data partition twice per week (once external), which it does with great efficiency.
Jon
I take an image of any new computer that I buy before and after killing crapware, then take images when I have got my key software installed, then maybe every six months as long as the computer is running well. I use Microsoft's RecImg, storing each image. Then if you get a virus or hard drive crash, you can go back to your last image. I use FFS to back up my working folders every evening and my whole data partition twice per week (once external), which it does with great efficiency.
Jon
- Posts: 55
- Joined: 5 Aug 2006
Thank you Zenju and jonrichco for your input and advice :)gdhm: I agree with Zenju on both points (i) I would not turn off UAC - I only see it about twice per week, and I have c 100 programs installed under 8.1 and (ii) system backup every week seems like overkill.
I take an image of any new computer that I buy before and after killing crapware, then take images when I have got my key software installed, then maybe every six months as long as the computer is running well. I use Microsoft's RecImg, storing each image. Then if you get a virus or hard drive crash, you can go back to your last image. I use FFS to back up my working folders every evening and my whole data partition twice per week (once external), which it does with great efficiency.
Jonjonrichco
I have many games and apps on my PC. I update all as updates appear in FileHippo & SUmo Lite. I was seeing much more UAC messages than 2 a day (nearly everything I did) when I first installed Win7 (x64) with UAC. Maybe I should try it again. I can always go back to latest my Acronis TI Home Backup (LOL). I am not sure How MS expects novices and lesser users, to now what to do when challenged UAC frequently. (I found some decisions did not work afterwards or I did not know what the problem was.
With all respect to you and Zenju,I disagree about the degree of value of Image backups. I update daily and "dabble" sometimes correct issues sometimes, and I try out Betas of firefox. Image Backups once a week or 2 weeks, seem like a good balance bearing in mind I can do it whilst away from PC so it is no hardship.
Zenju actually hit the nail on the head when he said "Operating systems are not constant anymore and receive patches every few days, so a system backup will become obsolete fast..." I would go further than that, as Applications Update frequently too and many store setting files in Appdata or Progdata or registry and other places on the System Drive and those TOO change often.
I keep a record of ALL changes between my Image backups. The value of weekly or so backup is that It is much quicker to update again based on my records from the last backup (when I have had a "dabble to far"or something unexpected has occurred ) when the last working backup is only 7-10 days old. Otherwise it can take ages. JMHO
The value of FFS date backups is unquestionable as has saved my bacon many occasions and avoided the need of a full image restore. That certainly is very much quicker and FFS has never let me down.
JMHO
UPDATE (30 mins later):
OK I have just enabled UAC to warn me (do not dim) setting
just a thought? Wouldn't Comodo Firewall (and Avast to a lesser degree) pick up most System change and app change attempts that UAC protects against /warns about, anyway? One area I could see a possible big issue is with Games in Full screen mode, if they trigger UAC. Then you would be in a PC hard reboot situation as you could not see/get to the UAC popup(this sometimes happens with Comodo firewall, but I have worked out a sequence to (Usually-not always) avoid it.
Regards
- Posts: 27
- Joined: 31 Jan 2010
This probably not the place to go into the details of backing up, but 3 points: (i) it is worth keeping all or most of your system back ups, so you can go back to any particular version - if you update your backup, and there is a problem with the system, you will not be able to correct it, (ii) there is no problem going back to a six month old or older backup - you just have to update Windows and reinstall any recent programs, and (iii) system restore in System Properties is ideal for recovering from a minor error or mistake - much quicker than reinstalling the OS from a backup - I seem to have to use it every couple of months.
I also back up my active data folders every day, and my full data partition twice per week of course using FFS. Touch wood I have never yet lost anything in 35 years using notebook computers. The only time I use a system backup is if I am replacing a hard drive.
I also back up my active data folders every day, and my full data partition twice per week of course using FFS. Touch wood I have never yet lost anything in 35 years using notebook computers. The only time I use a system backup is if I am replacing a hard drive.
- Posts: 55
- Joined: 5 Aug 2006
My Apologies jonrichco for not responding faster. I have just lived through an extremely uncomfortable day. I live in NE Thailand and in a Monsoon storm yesterday a large tree fell about 200 metres down my small road completely blocking it and taking out the electricity for the whole road for 26 hours.
Not the end of the World one would think, BUT Thailand is one of the hottest countries in the World so the whole road had to endure no air cons or fans with average temperatures in my location of 38C by day and 27c night during the last few days until yesterday's storm lowered these a just a few degrees but also increased humidity from around 45% to around 83% Humidity. Being extremely obese I really suffered. Anyway I'm Back now :).
Thanks for you input jonrichco. I do in fact keep many previous backup on a 1 GB USB external drive which allows me to retain about 2 months of Acronis TIH backups so IF very recent backups ALSO had an undesirable issue (I had not detected) I can go back further and I have all my changes, fixes solutions on record going back 2 years.
Having a Home PC I do not make massive complete System changes and am not on a server or network (my Son's PC DOES share my ADLS Router Modem but nothing else is shared between the PCs and I have not set up a Home Group/Network)
++ I appreciate off topic (but as discussed earlier) ++
My UAC is OFF again (permanently).
I NOW remember exactly why I hates first time it and switched it off I could not control sufficiently whilst it was protecting me.
1) 2 years ago when I first encountered UAC I could not resolve the unhelpful UAC triggered messages LIKE: "Cannot set directory lock for "F:\". Cannot write file "F:\sync.ffs_lock". Error Code 5: Access is denied. (CreateFile." errors which appeared for FFS and other other apps (especially games apps in abundance).
This time however, I made more progress when I found a VERY HELPFUL post on FFS Forum by ariensf on 2015-02-19 which told me exactly how to resolve the FFS issue (namely).
"For those the beginners, here is are more details on the very correct solution of Zenju and steve-p.
If you run the synchronization using the batch file created by FFS, then you can't "Run as Admin" because this option is not available in the right-click menu.
What you need to do in that case is to set the FreeFileSync program itself to run as Admin, not the batch. To do so:
- Go in the folder where FFS is installed (on my computer it's C:\Program Files\FreeFileSync)
- Right click on the FreeFileSync.exe file (the one with the two green arrows)
- Properties
- Compatibility tab
- Check the box "Run this program as an administrator"
- Click Apply
- Click Ok
Now you should be able to double-click the batch file without having the error you mentioned.
Regards"
which brings me to the 2nd reason I do not like UAC.
2) UAC it has no Trusted "white" list so when I boot up it needs my confirmation for two utilities to run every time I boot up and wants me to confirm FFS every time. I consider this ridiculous as UAC has all the info and to identify the file I gave UAC permission to before is the same one and confirming every time is a real pain.
I love my Comodo Firewall which ALSO watches programs trying to change system settings/files and it has been highly effective for me. IT ALLOWS me to say TRUST this App/ file from now on completely OR I selectively tell it to accept specific things Apps try to do on an action by action basis.
I feel my Comodo Firewall catches most of what UAC would have (if not as much) and is not anything like as intrusive.
I have read that you can set up UAC schedules or whatever to avoid the challenges for games and specific apps (not looked into further). IF that is necessary then UAC requires advanced user knowledge to control it (which Users most do not have). I know UAC is there to protect Users, but to control and dictate to us is another matter.
If MS introduces a TRUST white list for UAC then I would happily use it, but not without such a feature.
MAYBE I'M MISSING SOMETHING fundamental due to my lack of knowledge in the workings of UAC. IF SO, I have to say Microsoft is not exactly making it easy to find by "Googling/Binging or whatever"
Kind regards, Dave
*OH. that Air con now on for 40 mins (since electric came back) FEELS SOOOOooo GOOOOOD LOL LOL
Not the end of the World one would think, BUT Thailand is one of the hottest countries in the World so the whole road had to endure no air cons or fans with average temperatures in my location of 38C by day and 27c night during the last few days until yesterday's storm lowered these a just a few degrees but also increased humidity from around 45% to around 83% Humidity. Being extremely obese I really suffered. Anyway I'm Back now :).
Thanks for you input jonrichco. I do in fact keep many previous backup on a 1 GB USB external drive which allows me to retain about 2 months of Acronis TIH backups so IF very recent backups ALSO had an undesirable issue (I had not detected) I can go back further and I have all my changes, fixes solutions on record going back 2 years.
Having a Home PC I do not make massive complete System changes and am not on a server or network (my Son's PC DOES share my ADLS Router Modem but nothing else is shared between the PCs and I have not set up a Home Group/Network)
++ I appreciate off topic (but as discussed earlier) ++
My UAC is OFF again (permanently).
I NOW remember exactly why I hates first time it and switched it off I could not control sufficiently whilst it was protecting me.
1) 2 years ago when I first encountered UAC I could not resolve the unhelpful UAC triggered messages LIKE: "Cannot set directory lock for "F:\". Cannot write file "F:\sync.ffs_lock". Error Code 5: Access is denied. (CreateFile." errors which appeared for FFS and other other apps (especially games apps in abundance).
This time however, I made more progress when I found a VERY HELPFUL post on FFS Forum by ariensf on 2015-02-19 which told me exactly how to resolve the FFS issue (namely).
"For those the beginners, here is are more details on the very correct solution of Zenju and steve-p.
If you run the synchronization using the batch file created by FFS, then you can't "Run as Admin" because this option is not available in the right-click menu.
What you need to do in that case is to set the FreeFileSync program itself to run as Admin, not the batch. To do so:
- Go in the folder where FFS is installed (on my computer it's C:\Program Files\FreeFileSync)
- Right click on the FreeFileSync.exe file (the one with the two green arrows)
- Properties
- Compatibility tab
- Check the box "Run this program as an administrator"
- Click Apply
- Click Ok
Now you should be able to double-click the batch file without having the error you mentioned.
Regards"
which brings me to the 2nd reason I do not like UAC.
2) UAC it has no Trusted "white" list so when I boot up it needs my confirmation for two utilities to run every time I boot up and wants me to confirm FFS every time. I consider this ridiculous as UAC has all the info and to identify the file I gave UAC permission to before is the same one and confirming every time is a real pain.
I love my Comodo Firewall which ALSO watches programs trying to change system settings/files and it has been highly effective for me. IT ALLOWS me to say TRUST this App/ file from now on completely OR I selectively tell it to accept specific things Apps try to do on an action by action basis.
I feel my Comodo Firewall catches most of what UAC would have (if not as much) and is not anything like as intrusive.
I have read that you can set up UAC schedules or whatever to avoid the challenges for games and specific apps (not looked into further). IF that is necessary then UAC requires advanced user knowledge to control it (which Users most do not have). I know UAC is there to protect Users, but to control and dictate to us is another matter.
If MS introduces a TRUST white list for UAC then I would happily use it, but not without such a feature.
MAYBE I'M MISSING SOMETHING fundamental due to my lack of knowledge in the workings of UAC. IF SO, I have to say Microsoft is not exactly making it easy to find by "Googling/Binging or whatever"
Kind regards, Dave
*OH. that Air con now on for 40 mins (since electric came back) FEELS SOOOOooo GOOOOOD LOL LOL
