Link to home
Start Free TrialLog in
Avatar of Itomicltd
ItomicltdFlag for Ireland

asked on

Using Richcopy to copy shares and permissions.


Can someone outline a tried and proven method for copying shares from one server to another keeping all security permissions in tact. I really want to keep using Richcopy (robocopy GUI) but the last time i used it, it did not copy permissions right).

I am mainly concerned with moving financial folders and User's home folders which have various security restrictions applied via NTFS permissions.

I am looking for TRIED and tested methods on this one and am hoping someone who has done Home Folder / User folders moves regularly will answer this one for me... Have read too many articles which have not given simple tried and tested method.

Avatar of LLMorrisson
Flag of United States of America image

I've never used the Richcopy GUI, but I've used RoboCopy plenty of times on the command line to do exactly this and it has always worked fine for me.

Use the /SEC flag to copy across the relevant NTFS ACLs with the data.

Avatar of Itomicltd


I have tried Robocopy once but started using the GUIs after for ease of use, maybe i'll give the command line another shot. So if i want to move the following share to a new server what exact command would you recommend..

Share to move \\alpha02\users

The actual folder sits on the D drive of the alpha02 server and i want to move it to the E drive of alpha03 server. I want it to be shared out the same way and i want it to retain all attributes, especially security from old share. I will then change all batch files and VBS scripts to reflect new share location.... Just need to nail the command...

Can you advise what exact command you would use for this since you do it regularly...

Avatar of LLMorrisson
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Oh, additionally I'd probabaly log in as a domain admin and copy it using the admin shares rather than any shares you set up. Dunno if that is important really but just my personal preference. So from alpha03 I'd run....

robocopy \\alpha02\d$\users e:\users /E /COPYALL /R:1 /LOG:e:\robocopy.log /V /TEE

Make sure you set your share level permissions the same on \\alpha03\users as on \\alpha02\users too of course.
Robocopy will copy security and shares, once you finished copying iether restart 'server' service or restart then all the shares will also appear.
Hi Gavin,

Not sure what your saying there, can you elaborate ?


Do i use the share name as in \\alpha02\users or do i use the share location as in \\alpha02\d:\data\users ?

Personally I would use \\alpha02\d$\data\users as the source running the command from alpha03, but you probably could also just use \\alpha02\users since they point to the same place. It is just my personal preference of how I would do it.

So to put the real path you have provided into the command, run it from alpha03 and use the command like this;

robocopy \\alpha02\d$\data\users e:\data\users /E /COPYALL /R:1 /LOG:e:\robocopy.log /V /TEE
Hi Guys,

I have moved all the shares, but  the logon script changes i have made don't appear to be taking effect. The old script appears to run even after restart? i can only deduce that its not using the bat file that i changed, can anyone suggest why this might be happening ? I have checked GP for overriding VBS scripts but there is nothing there i can see....
where are the scripts being run from, and how are they picked up. Is it a group policy? Have the changes made/replicated to all DCs?
I made the script changes on the current DC , its a SBS2003 server. I found the script in the following path .. \\SERVERNAME\SYSVOL\DOMAIN\SCRIPTS\"batch file name" I have used the DC as the servername, in this case "sbs2003" . Can you advise on how to be 100% that this is the correct location, because if its not i need to know for the future.
That location should be fine, although you could check the NETLOGON share too just in case. Technically I think it is the same place.

Is the script being run from a GPO or just attached to the user account object in AD. We need to figure that out to know how the script is being picked up.

If you run the script manually from that location I assume it works?

To answer all 3 questions LL........

Netlogon share is in the same place. And same batch file there, so not location issue.

Script is attached to AD account currently and i do not see any GP scripts defined at all.

When i run script manually, it will not map drives. This is the key i imagine, but as to how to ascertain how the old mappings stilll run every morning is still a mystery to me....any ideas ?
Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Figured out the scripting issue, whoever created the batch files did not leave a space between the <driveletter>: and the /delete and it did not run the delete! , amended and now it runs....thanks for pointing me in the right direction on it. I am awarding LL the points for help on point issues....cheers mate.

After copying a 100gb folder called SHARED, i have gone through the log and see "access denied" errors (there are 8,700 files which have not been copied out of 60,000 files). The issue on them appears to be that i don't have permission to move (when i go to security tab of folders in question either there are no permissions or it says i can't view permissions)

How do i get around this. I am logged on as domain admin. User generated image
Also, is there an easy way to copy these missed files rather than run the whole copy again ?
Try running again and add the /B option to use backup mode. This will try to give you permission to back up files you don't specifically have permission to access9 (using the built-in backup administrative privilege) but if this doesn't work you'll probabaly have to go and "take ownership" of the files you don't have permission to and give yourself permission. Obviously check with an appropriate person to check taking ownership of the files meets with any company policies if you have to take that route.

Just run the command again; Robocopy will automatically skip files it's already copied so long as they haven't changed since.

That last bit did it LL, thanks for your help, does backup mode make any difference to the file as if not i might use it as default from now on.
AFAIK, backup mode and restartable mode cannot be used together. "Restartable" means Robocopy should write a recovery record inside an incomplete file so if the operation is interrupted or aborted, a future run of Robocopy can resume copying where the previous one left off, instead of starting over at the beginning. This is useful for reliably copying large files or many files over an unreliable network such as a VPN or the Internet.

In your case backup mode is probably more suitable.