calling security permission experts

Share permissions and NTFS permissions are two seperate things.
You would be far better logging into one of the computers, mapping a drive onto the other computer and doing a windows XCOPY or ROBOCOPY between the two drives NOT shares.

So you are initiating this copy from your Windows 2000 server or your Windows 2003 server?  What methodology are you using (command line "copy", UNC GUI drag and drop, robocopy, etc.)?

I think i need clarify, I am actually talking about ntfs permission not share permission. The folder Public is share with everyone full access while it is the ntfs permission that is not inheritance within public subfolder and files within public. Does that make sense. I do not think by login to a client and copy will be successful since the ntfs permission does not have anyone or even administrator permission on the ALLOW column.

hope this explain things

I tried both from windows 2000 and 2003 machine with cut and paste and also xcopy. i even try to copy to a usb drive but still not sucessful. I want to reset all ntfs permission from Public to all subfolders and files.

From the Windows Server 2000 machine, you need to modify the ACLs to make sure EVERYTHING under Public allows System as well as the User doing the move.  You can use CACLS on a Windows 2000 server to add these two users, traversing subfiles and subfolders.  Once you have verified the ACLs are correct, you can use ROBOCOPY to move the data, stripping the ACLs out, and placing in your new location.  

You can also create a DFS share on the Server 2000 and replicate it to your 2003 server, but that will keep the current security settings and it will also cause errors if System or Administrators has been removed from the source file ACLs.

DrUltima

BTW, whether a UNC share or a mapped drive, ROBOCOPY treats those two location types the same.  There is no need to map a drive if using ROBOCOPY.

DrUltima

Can you tell me more about ACL and CACL, where is it located? I think I just want to reset ntfs permission so I can copy over to new server. I do not like dfs but thanks for mention.

ACLs are Access Control Lists, and they are what tell the system who can do what to a directory or file.  For more information on them, you can see this article:

http://en.wikipedia.org/wiki/Access_control_list

CACLS is a command line utility included in Windows 2000 to allow you to modify one or more directories' or files' ACLs.  Though written for Windows XP, this is applicable to Server 2000 as well:

http://technet.microsoft.com/en-us/library/bb490872.aspx

Alternately on a Windows 2000 server, you can use XCACLS, which is a little more user friendly (IMHO) and more robust:

http://support.microsoft.com/kb/318754

If you have specific questions about usage, please let me know.

DrUltima

after reading the options, i l want to  use CACLS, I want to apply full control for everyone for the folder PUBLIC, and all the subfolders and files within public. Can you confirm the command for this.


thanks

Against my better judgement, yes.  I highly discourage full control to everyone, but that is your decision, not mine.  From inside the Public folder:

cacls *.* /t /e /c /g Everyone:f

cacls is the command
*.* tells it all files at this location
/t (this traverses subfiles and folders)
/e (this edits rather than replaces)
/c (this ignores errors)
/g (this grants additional permissions)
Everyone:f (this is the group : permission, in this case, f for Full)

DrUltima

I ran the command (cacls *.* /t /e /c /g Everyone:f) from a subfolder within public, I can see access denied message but i finished. After command, i tried copy and paste, still error out. When i went into the ntfs permission of the the file, i get "you do not have permission to  view or edit current permission settings.." i had to go to the ADVANCED and take ownership of the file than i can access the file.
What else can i do so i do not have to go to each file or folders.


thanks

Take Ownership of the root of Public and propagate that down through the structure.  Do you know how to do that, or do you need assistance?

DrUltima

I think I tried all the options that I know how but still no luck. I want to hear from you about take ownership at the public folder. Please let me know you steps.

Thanks

na