Solved

How do I copy file shares between windows servers and retain ACLs including AD users and groups

Posted on 2010-09-21
12
1,430 Views
Last Modified: 2012-05-10
I've tried Robocopy with the /E and /COPYALL switches and it just copied the data between servers with the files inheriting the ACL of the destination folder.

I've also tried RichCopy with the same results.

Do I really have to manually re-create all the permissions and groups?
0
Comment
Question by:tferro999
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 3

Expert Comment

by:celdridgeMadman
ID: 33730890
Have you tried robocopy with the /SECFIX option?

This is assuming that the source and destination servers are located within the same AD forest?
0
 
LVL 5

Accepted Solution

by:
sosinc3 earned 500 total points
ID: 33730914
What do you use as a backup tool? I find that when I have to do this, the best thing that works for me is either my CA Brightstore (Arcserve) backup software or my BackupExec software (we run both depending on the site). They have the ability to restore all the security information along with the file/folders. The shares are actually in the registry. Take a look at [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
Listed under this key are all the shares Windows has stored for the current user, simply delete the entries you don't want to store or add new ones by adding a new string value, and name it by incrementing the alpha values already in the list. Set the data to equal the drive share you wish to add. You an export this key and import it to the new server assuming the folder structure and the drive letters stay the same.
0
 

Author Comment

by:tferro999
ID: 33730958
The users guide says that /SECFIX is no longer supported and has been replaced by /COPY:S and /COPYALL should get the security settings, timestamps, ownership etc.  For some reason when I run that command, the copied files just inherited the permissions of the new share and wiped out all the old ACL info.

I'll try to restore the data from my backup tonight and see how that goes, i'm running MS DPM 2007.
0
 
LVL 3

Expert Comment

by:celdridgeMadman
ID: 33730970
Is it share or NTFS permissions your wanting to set here?
0
 

Author Comment

by:tferro999
ID: 33731013
NTFS
0
 
LVL 3

Expert Comment

by:celdridgeMadman
ID: 33731040
Is the user account you're running robocopy under the owner of the destination folders (or at least have permissions to change folder and file permissions)?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:tferro999
ID: 33731048
So the backup solution worked, sorta.  I'm able to restore the files to the new share and retain the old ACLs.  However, it also includes the old and slightly different directory structure.  So I still have to copy/paste them to the correct folder which of course resets the permissions again.  I tried disabling "inlude inheritable permissions from the object's parent" on that folder and it STILL applies the new permissions.  What am I missing here?
0
 

Author Comment

by:tferro999
ID: 33731057
Ya, the account I ran robocopy under had full control over the new destination.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33731609
The backup suggestion I gave you works great if you are using the same folder structure. You did not indicate earlier that you were also changing your file structure so sorry if I did not give you correct report. You could use the XCOPY /O to copy files from one folder to another and copy the ACL and file ownerships.
0
 
LVL 4

Expert Comment

by:ChandarS
ID: 33733562
You can also take the ntbackup

Take backup of the folder and restore the same to the destination server.

It will retain the ACL as well as the folder structure.

Only Domain ACL remains, local ACL will be removed.
0
 
LVL 6

Expert Comment

by:Porka
ID: 33734007
hello, I do this all the time with robocopy worked fine for 2003, but 2008 and above there is a slight problem and i had to use additional command options, basically i use

robocopy sourceunc destination unc /e /sec /copyall /mir /log:c:\mylog.txt /r:1 /w:1

where:

/e = all folder as well as empty
/sec = original security option
/copyall / mir = for 2008 transfers needed this to take security
/log = log file of transer
/r:1 /w:1 = max retries is 1 and wait is 1 second

Works everytime now, Hope this helps
0
 

Author Closing Comment

by:tferro999
ID: 33782005
restored from a backup and it worked
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now