3.2.7.10 File Classification Security Propagation

If an I/O operation that happens on the server modifies a file's FCI Alternate Data Stream, the server MUST perform the following steps in sequence:<85>

1. The FCI Alternate Data Stream is read and parsed into a List of Property Definition Instances. See [MS-FCIADS] section 2 for details.

2. Any Property Definition Instances in the List of Property Definition Instances that do not have FsrmPropertyFlags_Secure as part of their Property Definition Instance.Flags are removed from the List of Property Definition Instances stored in the file security descriptor of the file.

3. For each Property Definition Instance in the List of Property Definition Instances, the server MUST store each Property Definition Instance.Name and Property Definition Instance.value within the file security descriptor of the file.