We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

calling  security permission experts

Medium Priority
299 Views
Last Modified: 2012-05-11
I am trying to copy a share called Public from windows 2000 sever to another Windows 2003 server. I do think directly from the server with administrator login. During the copy it failed, when i check the security permission, it does not have anyone on the allow  and allow colume is grayed out. I think this is why I am having problem copy to remote location. I can go to each subfolders or file to allow access or take ownership. There are too many files and subfolders within Public. is there a another way? I have also try to uncheck and recheck allow inheritance to child...

what am i missing?

thanks
Comment
Watch Question

Neil RussellTechnical Development Lead

Commented:
Share permissions and NTFS permissions are two seperate things.
You would be far better logging into one of the computers, mapping a drive onto the other computer and doing a windows XCOPY or ROBOCOPY between the two drives NOT shares.
Justin OwensITIL Problem Manager

Commented:
So you are initiating this copy from your Windows 2000 server or your Windows 2003 server?  What methodology are you using (command line "copy", UNC GUI drag and drop, robocopy, etc.)?

Author

Commented:
I think i need clarify, I am actually talking about ntfs permission not share permission. The folder Public is share with everyone full access while it is the ntfs permission that is not inheritance within public subfolder and files within public. Does that make sense. I do not think by login to a client and copy will be successful since the ntfs permission does not have anyone or even administrator permission on the ALLOW column.

hope this explain things

Author

Commented:
I tried both from windows 2000 and 2003 machine with cut and paste and also xcopy. i even try to copy to a usb drive but still not sucessful. I want to reset all ntfs permission from Public to all subfolders and files.
Justin OwensITIL Problem Manager

Commented:
From the Windows Server 2000 machine, you need to modify the ACLs to make sure EVERYTHING under Public allows System as well as the User doing the move.  You can use CACLS on a Windows 2000 server to add these two users, traversing subfiles and subfolders.  Once you have verified the ACLs are correct, you can use ROBOCOPY to move the data, stripping the ACLs out, and placing in your new location.  

You can also create a DFS share on the Server 2000 and replicate it to your 2003 server, but that will keep the current security settings and it will also cause errors if System or Administrators has been removed from the source file ACLs.

DrUltima
Justin OwensITIL Problem Manager

Commented:
BTW, whether a UNC share or a mapped drive, ROBOCOPY treats those two location types the same.  There is no need to map a drive if using ROBOCOPY.

DrUltima

Author

Commented:
Can you tell me more about ACL and CACL, where is it located? I think I just want to reset ntfs permission so I can copy over to new server. I do not like dfs but thanks for mention.
Justin OwensITIL Problem Manager

Commented:
ACLs are Access Control Lists, and they are what tell the system who can do what to a directory or file.  For more information on them, you can see this article:

http://en.wikipedia.org/wiki/Access_control_list

CACLS is a command line utility included in Windows 2000 to allow you to modify one or more directories' or files' ACLs.  Though written for Windows XP, this is applicable to Server 2000 as well:

http://technet.microsoft.com/en-us/library/bb490872.aspx

Alternately on a Windows 2000 server, you can use XCACLS, which is a little more user friendly (IMHO) and more robust:

http://support.microsoft.com/kb/318754

If you have specific questions about usage, please let me know.

DrUltima

Author

Commented:
after reading the options, i l want to  use CACLS, I want to apply full control for everyone for the folder PUBLIC, and all the subfolders and files within public. Can you confirm the command for this.


thanks
Justin OwensITIL Problem Manager

Commented:
Against my better judgement, yes.  I highly discourage full control to everyone, but that is your decision, not mine.  From inside the Public folder:

cacls *.* /t /e /c /g Everyone:f

cacls is the command
*.* tells it all files at this location
/t (this traverses subfiles and folders)
/e (this edits rather than replaces)
/c (this ignores errors)
/g (this grants additional permissions)
Everyone:f (this is the group : permission, in this case, f for Full)

DrUltima

Author

Commented:
I ran the command (cacls *.* /t /e /c /g Everyone:f) from a subfolder within public, I can see access denied message but i finished. After command, i tried copy and paste, still error out. When i went into the ntfs permission of the the file, i get "you do not have permission to  view or edit current permission settings.." i had to go to the ADVANCED and take ownership of the file than i can access the file.
What else can i do so i do not have to go to each file or folders.


thanks
Justin OwensITIL Problem Manager

Commented:
Take Ownership of the root of Public and propagate that down through the structure.  Do you know how to do that, or do you need assistance?

DrUltima

Author

Commented:
I think I tried all the options that I know how but still no luck. I want to hear from you about take ownership at the public folder. Please let me know you steps.

Thanks
ITIL Problem Manager
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
na
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.