?
Solved

calling  security permission experts

Posted on 2011-04-28
15
Medium Priority
?
259 Views
Last Modified: 2012-05-11
I am trying to copy a share called Public from windows 2000 sever to another Windows 2003 server. I do think directly from the server with administrator login. During the copy it failed, when i check the security permission, it does not have anyone on the allow  and allow colume is grayed out. I think this is why I am having problem copy to remote location. I can go to each subfolders or file to allow access or take ownership. There are too many files and subfolders within Public. is there a another way? I have also try to uncheck and recheck allow inheritance to child...

what am i missing?

thanks
0
Comment
Question by:officertango
  • 7
  • 7
15 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35486103
Share permissions and NTFS permissions are two seperate things.
You would be far better logging into one of the computers, mapping a drive onto the other computer and doing a windows XCOPY or ROBOCOPY between the two drives NOT shares.
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35486132
So you are initiating this copy from your Windows 2000 server or your Windows 2003 server?  What methodology are you using (command line "copy", UNC GUI drag and drop, robocopy, etc.)?
0
 

Author Comment

by:officertango
ID: 35486165
I think i need clarify, I am actually talking about ntfs permission not share permission. The folder Public is share with everyone full access while it is the ntfs permission that is not inheritance within public subfolder and files within public. Does that make sense. I do not think by login to a client and copy will be successful since the ntfs permission does not have anyone or even administrator permission on the ALLOW column.

hope this explain things
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:officertango
ID: 35486183
I tried both from windows 2000 and 2003 machine with cut and paste and also xcopy. i even try to copy to a usb drive but still not sucessful. I want to reset all ntfs permission from Public to all subfolders and files.
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35486311
From the Windows Server 2000 machine, you need to modify the ACLs to make sure EVERYTHING under Public allows System as well as the User doing the move.  You can use CACLS on a Windows 2000 server to add these two users, traversing subfiles and subfolders.  Once you have verified the ACLs are correct, you can use ROBOCOPY to move the data, stripping the ACLs out, and placing in your new location.  

You can also create a DFS share on the Server 2000 and replicate it to your 2003 server, but that will keep the current security settings and it will also cause errors if System or Administrators has been removed from the source file ACLs.

DrUltima
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35486333
BTW, whether a UNC share or a mapped drive, ROBOCOPY treats those two location types the same.  There is no need to map a drive if using ROBOCOPY.

DrUltima
0
 

Author Comment

by:officertango
ID: 35486373
Can you tell me more about ACL and CACL, where is it located? I think I just want to reset ntfs permission so I can copy over to new server. I do not like dfs but thanks for mention.
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35486462
ACLs are Access Control Lists, and they are what tell the system who can do what to a directory or file.  For more information on them, you can see this article:

http://en.wikipedia.org/wiki/Access_control_list

CACLS is a command line utility included in Windows 2000 to allow you to modify one or more directories' or files' ACLs.  Though written for Windows XP, this is applicable to Server 2000 as well:

http://technet.microsoft.com/en-us/library/bb490872.aspx

Alternately on a Windows 2000 server, you can use XCACLS, which is a little more user friendly (IMHO) and more robust:

http://support.microsoft.com/kb/318754

If you have specific questions about usage, please let me know.

DrUltima
0
 

Author Comment

by:officertango
ID: 35496215
after reading the options, i l want to  use CACLS, I want to apply full control for everyone for the folder PUBLIC, and all the subfolders and files within public. Can you confirm the command for this.


thanks
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35498302
Against my better judgement, yes.  I highly discourage full control to everyone, but that is your decision, not mine.  From inside the Public folder:

cacls *.* /t /e /c /g Everyone:f

cacls is the command
*.* tells it all files at this location
/t (this traverses subfiles and folders)
/e (this edits rather than replaces)
/c (this ignores errors)
/g (this grants additional permissions)
Everyone:f (this is the group : permission, in this case, f for Full)

DrUltima
0
 

Author Comment

by:officertango
ID: 35504507
I ran the command (cacls *.* /t /e /c /g Everyone:f) from a subfolder within public, I can see access denied message but i finished. After command, i tried copy and paste, still error out. When i went into the ntfs permission of the the file, i get "you do not have permission to  view or edit current permission settings.." i had to go to the ADVANCED and take ownership of the file than i can access the file.
What else can i do so i do not have to go to each file or folders.


thanks
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35512576
Take Ownership of the root of Public and propagate that down through the structure.  Do you know how to do that, or do you need assistance?

DrUltima
0
 

Author Comment

by:officertango
ID: 35513694
I think I tried all the options that I know how but still no luck. I want to hear from you about take ownership at the public folder. Please let me know you steps.

Thanks
0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 2000 total points
ID: 35514070
Find the folder Root.  Right click on it and select Properties.  Go to the Security tab.  Click the Advanced button.  Go to the Owner tab.  You should see a white box labeled "Change owner to:".  One of the choices should be "Administrators".  Select it.  Check the box labeled "Replace owner on subcontainer and objects".  Click OK or Apply.

This are the exact steps on a Windows 2003 server.  Windows 2000 may be slightly differently labeled, but it should still be the right path to take.

DrUltima
0
 

Author Closing Comment

by:officertango
ID: 35876620
na
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question