calling security permission experts

I am trying to copy a share called Public from windows 2000 sever to another Windows 2003 server. I do think directly from the server with administrator login. During the copy it failed, when i check the security permission, it does not have anyone on the allow  and allow colume is grayed out. I think this is why I am having problem copy to remote location. I can go to each subfolders or file to allow access or take ownership. There are too many files and subfolders within Public. is there a another way? I have also try to uncheck and recheck allow inheritance to child...

what am i missing?

thanks
officertangoAsked:
Who is Participating?
 
Justin OwensITIL Problem ManagerCommented:
Find the folder Root.  Right click on it and select Properties.  Go to the Security tab.  Click the Advanced button.  Go to the Owner tab.  You should see a white box labeled "Change owner to:".  One of the choices should be "Administrators".  Select it.  Check the box labeled "Replace owner on subcontainer and objects".  Click OK or Apply.

This are the exact steps on a Windows 2003 server.  Windows 2000 may be slightly differently labeled, but it should still be the right path to take.

DrUltima
0
 
Neil RussellTechnical Development LeadCommented:
Share permissions and NTFS permissions are two seperate things.
You would be far better logging into one of the computers, mapping a drive onto the other computer and doing a windows XCOPY or ROBOCOPY between the two drives NOT shares.
0
 
Justin OwensITIL Problem ManagerCommented:
So you are initiating this copy from your Windows 2000 server or your Windows 2003 server?  What methodology are you using (command line "copy", UNC GUI drag and drop, robocopy, etc.)?
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
officertangoAuthor Commented:
I think i need clarify, I am actually talking about ntfs permission not share permission. The folder Public is share with everyone full access while it is the ntfs permission that is not inheritance within public subfolder and files within public. Does that make sense. I do not think by login to a client and copy will be successful since the ntfs permission does not have anyone or even administrator permission on the ALLOW column.

hope this explain things
0
 
officertangoAuthor Commented:
I tried both from windows 2000 and 2003 machine with cut and paste and also xcopy. i even try to copy to a usb drive but still not sucessful. I want to reset all ntfs permission from Public to all subfolders and files.
0
 
Justin OwensITIL Problem ManagerCommented:
From the Windows Server 2000 machine, you need to modify the ACLs to make sure EVERYTHING under Public allows System as well as the User doing the move.  You can use CACLS on a Windows 2000 server to add these two users, traversing subfiles and subfolders.  Once you have verified the ACLs are correct, you can use ROBOCOPY to move the data, stripping the ACLs out, and placing in your new location.  

You can also create a DFS share on the Server 2000 and replicate it to your 2003 server, but that will keep the current security settings and it will also cause errors if System or Administrators has been removed from the source file ACLs.

DrUltima
0
 
Justin OwensITIL Problem ManagerCommented:
BTW, whether a UNC share or a mapped drive, ROBOCOPY treats those two location types the same.  There is no need to map a drive if using ROBOCOPY.

DrUltima
0
 
officertangoAuthor Commented:
Can you tell me more about ACL and CACL, where is it located? I think I just want to reset ntfs permission so I can copy over to new server. I do not like dfs but thanks for mention.
0
 
Justin OwensITIL Problem ManagerCommented:
ACLs are Access Control Lists, and they are what tell the system who can do what to a directory or file.  For more information on them, you can see this article:

http://en.wikipedia.org/wiki/Access_control_list

CACLS is a command line utility included in Windows 2000 to allow you to modify one or more directories' or files' ACLs.  Though written for Windows XP, this is applicable to Server 2000 as well:

http://technet.microsoft.com/en-us/library/bb490872.aspx

Alternately on a Windows 2000 server, you can use XCACLS, which is a little more user friendly (IMHO) and more robust:

http://support.microsoft.com/kb/318754

If you have specific questions about usage, please let me know.

DrUltima
0
 
officertangoAuthor Commented:
after reading the options, i l want to  use CACLS, I want to apply full control for everyone for the folder PUBLIC, and all the subfolders and files within public. Can you confirm the command for this.


thanks
0
 
Justin OwensITIL Problem ManagerCommented:
Against my better judgement, yes.  I highly discourage full control to everyone, but that is your decision, not mine.  From inside the Public folder:

cacls *.* /t /e /c /g Everyone:f

cacls is the command
*.* tells it all files at this location
/t (this traverses subfiles and folders)
/e (this edits rather than replaces)
/c (this ignores errors)
/g (this grants additional permissions)
Everyone:f (this is the group : permission, in this case, f for Full)

DrUltima
0
 
officertangoAuthor Commented:
I ran the command (cacls *.* /t /e /c /g Everyone:f) from a subfolder within public, I can see access denied message but i finished. After command, i tried copy and paste, still error out. When i went into the ntfs permission of the the file, i get "you do not have permission to  view or edit current permission settings.." i had to go to the ADVANCED and take ownership of the file than i can access the file.
What else can i do so i do not have to go to each file or folders.


thanks
0
 
Justin OwensITIL Problem ManagerCommented:
Take Ownership of the root of Public and propagate that down through the structure.  Do you know how to do that, or do you need assistance?

DrUltima
0
 
officertangoAuthor Commented:
I think I tried all the options that I know how but still no luck. I want to hear from you about take ownership at the public folder. Please let me know you steps.

Thanks
0
 
officertangoAuthor Commented:
na
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.