Solved

Using Richcopy to copy shares and permissions.

Posted on 2011-02-12
20
7,057 Views
Last Modified: 2012-06-27
Hi,

Can someone outline a tried and proven method for copying shares from one server to another keeping all security permissions in tact. I really want to keep using Richcopy (robocopy GUI) but the last time i used it, it did not copy permissions right).

I am mainly concerned with moving financial folders and User's home folders which have various security restrictions applied via NTFS permissions.

I am looking for TRIED and tested methods on this one and am hoping someone who has done Home Folder / User folders moves regularly will answer this one for me... Have read too many articles which have not given simple tried and tested method.

P.
0
Comment
Question by:Itomicltd
  • 10
  • 9
20 Comments
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34879891
I've never used the Richcopy GUI, but I've used RoboCopy plenty of times on the command line to do exactly this and it has always worked fine for me.

Use the /SEC flag to copy across the relevant NTFS ACLs with the data.

0
 

Author Comment

by:Itomicltd
ID: 34880043
I have tried Robocopy once but started using the GUIs after for ease of use, maybe i'll give the command line another shot. So if i want to move the following share to a new server what exact command would you recommend..

Share to move \\alpha02\users

The actual folder sits on the D drive of the alpha02 server and i want to move it to the E drive of alpha03 server. I want it to be shared out the same way and i want it to retain all attributes, especially security from old share. I will then change all batch files and VBS scripts to reflect new share location.... Just need to nail the command...

Can you advise what exact command you would use for this since you do it regularly...

Thanks
0
 
LVL 5

Accepted Solution

by:
LLMorrisson earned 125 total points
ID: 34880385
Well I don't do it *regularly* but I've done it this way before.

I'd probabaly go with this;

robocopy <source> <destination> /E /COPYALL /R:1 /LOG:<logfile> /V /TEE

/E = copy all foldes inc. empty ones
/COPYALL = copy all (data, security, attributes, owner info, audit info and timestamps)
/R:1 = retry each file only one (default is 1 million. If it doesn't work first time its unlikely to next times)
/LOG: = outpt log to file so you have a saved note of any failures etc
/V = make log verbose, showing skipped files etc
/TEE = output to console as well as log (so you can see its doing stuf as it runs)
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34880391
Oh, additionally I'd probabaly log in as a domain admin and copy it using the admin shares rather than any shares you set up. Dunno if that is important really but just my personal preference. So from alpha03 I'd run....

robocopy \\alpha02\d$\users e:\users /E /COPYALL /R:1 /LOG:e:\robocopy.log /V /TEE

Make sure you set your share level permissions the same on \\alpha03\users as on \\alpha02\users too of course.
0
 
LVL 4

Expert Comment

by:Gavincr001
ID: 34880449
Robocopy will copy security and shares, once you finished copying iether restart 'server' service or restart then all the shares will also appear.
0
 

Author Comment

by:Itomicltd
ID: 34882310
Hi Gavin,

Not sure what your saying there, can you elaborate ?

P
0
 

Author Comment

by:Itomicltd
ID: 34882328
LL,

Do i use the share name as in \\alpha02\users or do i use the share location as in \\alpha02\d:\data\users ?

p
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34882541
Personally I would use \\alpha02\d$\data\users as the source running the command from alpha03, but you probably could also just use \\alpha02\users since they point to the same place. It is just my personal preference of how I would do it.

So to put the real path you have provided into the command, run it from alpha03 and use the command like this;

robocopy \\alpha02\d$\data\users e:\data\users /E /COPYALL /R:1 /LOG:e:\robocopy.log /V /TEE
0
 

Author Comment

by:Itomicltd
ID: 34888807
Hi Guys,

I have moved all the shares, but  the logon script changes i have made don't appear to be taking effect. The old script appears to run even after restart? i can only deduce that its not using the bat file that i changed, can anyone suggest why this might be happening ? I have checked GP for overriding VBS scripts but there is nothing there i can see....
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34888889
where are the scripts being run from, and how are they picked up. Is it a group policy? Have the changes made/replicated to all DCs?
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 

Author Comment

by:Itomicltd
ID: 34889000
I made the script changes on the current DC , its a SBS2003 server. I found the script in the following path .. \\SERVERNAME\SYSVOL\DOMAIN\SCRIPTS\"batch file name" I have used the DC as the servername, in this case "sbs2003" . Can you advise on how to be 100% that this is the correct location, because if its not i need to know for the future.
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34889762
That location should be fine, although you could check the NETLOGON share too just in case. Technically I think it is the same place.

Is the script being run from a GPO or just attached to the user account object in AD. We need to figure that out to know how the script is being picked up.

If you run the script manually from that location I assume it works?

0
 

Author Comment

by:Itomicltd
ID: 34902620
To answer all 3 questions LL........

Netlogon share is in the same place. And same batch file there, so not location issue.

Script is attached to AD account currently and i do not see any GP scripts defined at all.

When i run script manually, it will not map drives. This is the key i imagine, but as to how to ascertain how the old mappings stilll run every morning is still a mystery to me....any ideas ?
0
 
LVL 5

Assisted Solution

by:LLMorrisson
LLMorrisson earned 125 total points
ID: 34903073
Does the login script delete the existing mappings before it tries to remap them? Usually behavior is for Windows to remember the mappings between logins unless you set them to be non-persistent.

So you either need to ensure the mapping command has a /PERSISTENT:NO at the end.

Or, you need a NET USE <driveletter>: /DELETE just before the new mapping. Otherwise is the old mapping still exists on the client then the new one won't automatically overwrite it.
0
 

Author Comment

by:Itomicltd
ID: 34905056
Figured out the scripting issue, whoever created the batch files did not leave a space between the <driveletter>: and the /delete and it did not run the delete! , amended and now it runs....thanks for pointing me in the right direction on it. I am awarding LL the points for help on point issues....cheers mate.
0
 

Author Comment

by:Itomicltd
ID: 34936770
Hi,

After copying a 100gb folder called SHARED, i have gone through the log and see "access denied" errors (there are 8,700 files which have not been copied out of 60,000 files). The issue on them appears to be that i don't have permission to move (when i go to security tab of folders in question either there are no permissions or it says i can't view permissions)

How do i get around this. I am logged on as domain admin. Access Denied
0
 

Author Comment

by:Itomicltd
ID: 34936799
Also, is there an easy way to copy these missed files rather than run the whole copy again ?
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34942988
Try running again and add the /B option to use backup mode. This will try to give you permission to back up files you don't specifically have permission to access9 (using the built-in backup administrative privilege) but if this doesn't work you'll probabaly have to go and "take ownership" of the files you don't have permission to and give yourself permission. Obviously check with an appropriate person to check taking ownership of the files meets with any company policies if you have to take that route.

Just run the command again; Robocopy will automatically skip files it's already copied so long as they haven't changed since.


0
 

Author Comment

by:Itomicltd
ID: 35107969
That last bit did it LL, thanks for your help, does backup mode make any difference to the file as if not i might use it as default from now on.
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 35109194
AFAIK, backup mode and restartable mode cannot be used together. "Restartable" means Robocopy should write a recovery record inside an incomplete file so if the operation is interrupted or aborted, a future run of Robocopy can resume copying where the previous one left off, instead of starting over at the beginning. This is useful for reliably copying large files or many files over an unreliable network such as a VPN or the Internet.

In your case backup mode is probably more suitable.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Ever wondered why Windows 8 and 10 don't seem to accept your GPO-based software deployment while Windows 7 does? Read on.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now