Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7723
  • Last Modified:

Using Richcopy to copy shares and permissions.

Hi,

Can someone outline a tried and proven method for copying shares from one server to another keeping all security permissions in tact. I really want to keep using Richcopy (robocopy GUI) but the last time i used it, it did not copy permissions right).

I am mainly concerned with moving financial folders and User's home folders which have various security restrictions applied via NTFS permissions.

I am looking for TRIED and tested methods on this one and am hoping someone who has done Home Folder / User folders moves regularly will answer this one for me... Have read too many articles which have not given simple tried and tested method.

P.
0
Itomicltd
Asked:
Itomicltd
  • 10
  • 9
2 Solutions
 
LLMorrissonCommented:
I've never used the Richcopy GUI, but I've used RoboCopy plenty of times on the command line to do exactly this and it has always worked fine for me.

Use the /SEC flag to copy across the relevant NTFS ACLs with the data.

0
 
ItomicltdAuthor Commented:
I have tried Robocopy once but started using the GUIs after for ease of use, maybe i'll give the command line another shot. So if i want to move the following share to a new server what exact command would you recommend..

Share to move \\alpha02\users

The actual folder sits on the D drive of the alpha02 server and i want to move it to the E drive of alpha03 server. I want it to be shared out the same way and i want it to retain all attributes, especially security from old share. I will then change all batch files and VBS scripts to reflect new share location.... Just need to nail the command...

Can you advise what exact command you would use for this since you do it regularly...

Thanks
0
 
LLMorrissonCommented:
Well I don't do it *regularly* but I've done it this way before.

I'd probabaly go with this;

robocopy <source> <destination> /E /COPYALL /R:1 /LOG:<logfile> /V /TEE

/E = copy all foldes inc. empty ones
/COPYALL = copy all (data, security, attributes, owner info, audit info and timestamps)
/R:1 = retry each file only one (default is 1 million. If it doesn't work first time its unlikely to next times)
/LOG: = outpt log to file so you have a saved note of any failures etc
/V = make log verbose, showing skipped files etc
/TEE = output to console as well as log (so you can see its doing stuf as it runs)
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LLMorrissonCommented:
Oh, additionally I'd probabaly log in as a domain admin and copy it using the admin shares rather than any shares you set up. Dunno if that is important really but just my personal preference. So from alpha03 I'd run....

robocopy \\alpha02\d$\users e:\users /E /COPYALL /R:1 /LOG:e:\robocopy.log /V /TEE

Make sure you set your share level permissions the same on \\alpha03\users as on \\alpha02\users too of course.
0
 
Gavincr001Commented:
Robocopy will copy security and shares, once you finished copying iether restart 'server' service or restart then all the shares will also appear.
0
 
ItomicltdAuthor Commented:
Hi Gavin,

Not sure what your saying there, can you elaborate ?

P
0
 
ItomicltdAuthor Commented:
LL,

Do i use the share name as in \\alpha02\users or do i use the share location as in \\alpha02\d:\data\users ?

p
0
 
LLMorrissonCommented:
Personally I would use \\alpha02\d$\data\users as the source running the command from alpha03, but you probably could also just use \\alpha02\users since they point to the same place. It is just my personal preference of how I would do it.

So to put the real path you have provided into the command, run it from alpha03 and use the command like this;

robocopy \\alpha02\d$\data\users e:\data\users /E /COPYALL /R:1 /LOG:e:\robocopy.log /V /TEE
0
 
ItomicltdAuthor Commented:
Hi Guys,

I have moved all the shares, but  the logon script changes i have made don't appear to be taking effect. The old script appears to run even after restart? i can only deduce that its not using the bat file that i changed, can anyone suggest why this might be happening ? I have checked GP for overriding VBS scripts but there is nothing there i can see....
0
 
LLMorrissonCommented:
where are the scripts being run from, and how are they picked up. Is it a group policy? Have the changes made/replicated to all DCs?
0
 
ItomicltdAuthor Commented:
I made the script changes on the current DC , its a SBS2003 server. I found the script in the following path .. \\SERVERNAME\SYSVOL\DOMAIN\SCRIPTS\"batch file name" I have used the DC as the servername, in this case "sbs2003" . Can you advise on how to be 100% that this is the correct location, because if its not i need to know for the future.
0
 
LLMorrissonCommented:
That location should be fine, although you could check the NETLOGON share too just in case. Technically I think it is the same place.

Is the script being run from a GPO or just attached to the user account object in AD. We need to figure that out to know how the script is being picked up.

If you run the script manually from that location I assume it works?

0
 
ItomicltdAuthor Commented:
To answer all 3 questions LL........

Netlogon share is in the same place. And same batch file there, so not location issue.

Script is attached to AD account currently and i do not see any GP scripts defined at all.

When i run script manually, it will not map drives. This is the key i imagine, but as to how to ascertain how the old mappings stilll run every morning is still a mystery to me....any ideas ?
0
 
LLMorrissonCommented:
Does the login script delete the existing mappings before it tries to remap them? Usually behavior is for Windows to remember the mappings between logins unless you set them to be non-persistent.

So you either need to ensure the mapping command has a /PERSISTENT:NO at the end.

Or, you need a NET USE <driveletter>: /DELETE just before the new mapping. Otherwise is the old mapping still exists on the client then the new one won't automatically overwrite it.
0
 
ItomicltdAuthor Commented:
Figured out the scripting issue, whoever created the batch files did not leave a space between the <driveletter>: and the /delete and it did not run the delete! , amended and now it runs....thanks for pointing me in the right direction on it. I am awarding LL the points for help on point issues....cheers mate.
0
 
ItomicltdAuthor Commented:
Hi,

After copying a 100gb folder called SHARED, i have gone through the log and see "access denied" errors (there are 8,700 files which have not been copied out of 60,000 files). The issue on them appears to be that i don't have permission to move (when i go to security tab of folders in question either there are no permissions or it says i can't view permissions)

How do i get around this. I am logged on as domain admin. Access Denied
0
 
ItomicltdAuthor Commented:
Also, is there an easy way to copy these missed files rather than run the whole copy again ?
0
 
LLMorrissonCommented:
Try running again and add the /B option to use backup mode. This will try to give you permission to back up files you don't specifically have permission to access9 (using the built-in backup administrative privilege) but if this doesn't work you'll probabaly have to go and "take ownership" of the files you don't have permission to and give yourself permission. Obviously check with an appropriate person to check taking ownership of the files meets with any company policies if you have to take that route.

Just run the command again; Robocopy will automatically skip files it's already copied so long as they haven't changed since.


0
 
ItomicltdAuthor Commented:
That last bit did it LL, thanks for your help, does backup mode make any difference to the file as if not i might use it as default from now on.
0
 
LLMorrissonCommented:
AFAIK, backup mode and restartable mode cannot be used together. "Restartable" means Robocopy should write a recovery record inside an incomplete file so if the operation is interrupted or aborted, a future run of Robocopy can resume copying where the previous one left off, instead of starting over at the beginning. This is useful for reliably copying large files or many files over an unreliable network such as a VPN or the Internet.

In your case backup mode is probably more suitable.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 10
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now