Solved

Copy share with heavily customised permissions

Posted on 2011-02-17
6
1,103 Views
Last Modified: 2012-05-11
Hi there, just wondered if anyone had some suggestions for this: I'd like to move a share to a new sever but this share is enormous with about 50 users that's been using it heavily and NTFS permissions on sub-folders have been modified a lot over the last 5 years.  Consequently the domain admin account I'm using doesn't have permissions on all the sub-folders.

I usually use robocopy but I can foresee running the script only to find multiple folders that I don't have permission to read, then having to go to each one individually and changing owner to myself, then adding in permissions for this account, only to kick off the robocopy script again and find sub-folders deeper in the hierarchy that I still can't read, and so on.

Anyone aware of a way that I can change owner of all the files to myself, then append a permission without replacing permissions completely?

Thanks!
0
Comment
Question by:ebooyens
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 7

Accepted Solution

by:
_Tyrant earned 250 total points
ID: 34914715

Hi ebooyens,

Glad to see you're using robocopy for this. I've run into similar scenarios in the past, and it was a real life saver. I've also had to work with odd one-off permissions issues like this before. Typically, I would run the following command from the command prompt:

# cacls FOLDER_NAME /T /C /E /G USERNAME:F

This will change the ACLs for the folder, all sub-folder, and all sub-files. Essentially, it will recursively (/T) edit the ACLs (/E), regardless of access denied (/C) errors, to grant (/G) the given user full (:F) permissions.

However, I fear that you could run into another issue here just based on what you have described. If the owner of the sub-folders is not a group which your domain admin account lives in (provided that the account also does not have any permissions) you will not be able to modify the ACLs.

To correct this issue, simply do the following from the Windows Explorer:

# Right click on the parent folder
# Select 'Properties'
# Select the 'Security' tab
# Click the 'Advanced' button
# Select the 'Owner' tab
# In the 'Change owner to' field, select Administrators, Domain Admins, or your active user account
# Select the 'Replace owner on subcontainers and object' checkbox
# Click 'OK'
# Click 'OK'

This will likely take some time, however, once the process is completed, the owner of all sub folders and files will be set to the account you referenced above. You will now be able to run the cacls command from the command prompt, allowing you to grant full permission to a domain admin account, thereby allowing you to copy all of the files and folders with robocopy.

I hope this is the information you're looking for.

Good luck!
0
 
LVL 4

Expert Comment

by:h3nnys
ID: 34914769
Right click folder and go to sharing and security

click on Security TAB and then click advanced

select admin account and give it permission to that folder

once you have done that select the tickbox that says "Apply these settings to all sub folders and containers..." click ok

then select the tickbox that says " replace permissions on all child objects...." click apply and then ok

This should effectively give your Domain Admin account permissions to ALL folders and subfolders

0
 
LVL 4

Author Comment

by:ebooyens
ID: 34914936
Thanks Tyrant, that sounds exactly like what I'm after, we'll try it and award points if it works

h3nnys, that's exactly what I don't what to do that as that will get rid of all the custom security that's been done on sub-folders and replace it with parent permissions.  Thanks anyway.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 7

Expert Comment

by:David_Hagerman
ID: 34914992
You can also use the xcopy command with the /o option.

Map a network drive the new server and use this command
xcopy (folder you want to move) (destination folder) followed by /o swtich

xcopy test v:test /o

ACL's are copied to the new machine
0
 
LVL 5

Assisted Solution

by:chqshaitan
chqshaitan earned 250 total points
ID: 34915356
You can use robocopy with the /zb option, this way if it fails to access a directory it will fallback into backup copy mode. Ideal for this situation.

http://en.wikipedia.org/wiki/Robocopy
0
 
LVL 4

Author Closing Comment

by:ebooyens
ID: 34938351
Apologies for not accepting a solution sooner, I haven't been able to test these but from what I've read both these solutions will work, Tyrant's solution was what I what was looking for but if chqshaitan's works it will be simpler and faster.  I'll report back when I eventually get round to testing.  Thanks again!
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question