In the domain, I have a file server which is a blade server. The blade server is working with LUN from storage. it is NTFS format. We support that one day the server is down. I add the Lun to another server in the domain. Is the file security still the same in the LUN?

Hi Jacky,The NTFS security settings are along with the disk (LUN). In case of server crash, you can attach the LUN to another server in the same domain. The file security that is associated with domain users should be there. However, the security setting that is associated with local user account maynot be enumerated on another server.Thanks and Regards,ScorprioMCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin

Scorprio,How about the this case? The Server in the domain has two partition. One is C, the other is D. OS is in the C. File security is in the D.One day, the OS is crashed.I rebuilt the system or reinstall the system. and join this server to the same domain again? Will the File security be there?Sincerely!Jacky

Hi Jacky,As I mentioned, the File security (ACE and ACL) is with the disk on the file system level. If the OS on C drive is crash and then you re-install it, at the same time you won't change anything on D drive. Afterwards, you join this computer to domain again... The file security should be there without problem.Thanks and Regards,ScorprioMCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin

Scorprio,How about the this case? The Server in the domain has two partition. One is C, the other is D. OS is in the C. File security is in the D.One day, the OS is crashed.I rebuilt the system or reinstall the system. and join this server to the same domain again? Will the File security be there?Sincerely!Jacky @ Scorprio,When you create a file along with file permissions , corresponding directory object or file object secruity descriptor will be defined. So when a user tries to access the file or the folder on another drive or shared folder , his access token would be verified against the directory object secruity , if the file / folder object security has the relevant permission to access the file , the file would be opened. And i agree to your point that authorization for above files or folders are managed by the ACL's but this acl is again a part of Security descriptor. So when Jacky reformats his OS from C drive and install back , and join back to the domain , the user will have new Security descriptor and the access token for each of the thread access / file or folder access.So what i believe is jacky has to create same domain user name with appropriate permissions what he used for previous user if not he might not be able to access the file or folders.

Thanks. Sainath, I agree with your point.MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin