officertango
asked on
calling security permission experts
I am trying to copy a share called Public from windows 2000 sever to another Windows 2003 server. I do think directly from the server with administrator login. During the copy it failed, when i check the security permission, it does not have anyone on the allow and allow colume is grayed out. I think this is why I am having problem copy to remote location. I can go to each subfolders or file to allow access or take ownership. There are too many files and subfolders within Public. is there a another way? I have also try to uncheck and recheck allow inheritance to child...
what am i missing?
thanks
what am i missing?
thanks
So you are initiating this copy from your Windows 2000 server or your Windows 2003 server? What methodology are you using (command line "copy", UNC GUI drag and drop, robocopy, etc.)?
ASKER
I think i need clarify, I am actually talking about ntfs permission not share permission. The folder Public is share with everyone full access while it is the ntfs permission that is not inheritance within public subfolder and files within public. Does that make sense. I do not think by login to a client and copy will be successful since the ntfs permission does not have anyone or even administrator permission on the ALLOW column.
hope this explain things
hope this explain things
ASKER
I tried both from windows 2000 and 2003 machine with cut and paste and also xcopy. i even try to copy to a usb drive but still not sucessful. I want to reset all ntfs permission from Public to all subfolders and files.
From the Windows Server 2000 machine, you need to modify the ACLs to make sure EVERYTHING under Public allows System as well as the User doing the move. You can use CACLS on a Windows 2000 server to add these two users, traversing subfiles and subfolders. Once you have verified the ACLs are correct, you can use ROBOCOPY to move the data, stripping the ACLs out, and placing in your new location.
You can also create a DFS share on the Server 2000 and replicate it to your 2003 server, but that will keep the current security settings and it will also cause errors if System or Administrators has been removed from the source file ACLs.
DrUltima
You can also create a DFS share on the Server 2000 and replicate it to your 2003 server, but that will keep the current security settings and it will also cause errors if System or Administrators has been removed from the source file ACLs.
DrUltima
BTW, whether a UNC share or a mapped drive, ROBOCOPY treats those two location types the same. There is no need to map a drive if using ROBOCOPY.
DrUltima
DrUltima
ASKER
Can you tell me more about ACL and CACL, where is it located? I think I just want to reset ntfs permission so I can copy over to new server. I do not like dfs but thanks for mention.
ACLs are Access Control Lists, and they are what tell the system who can do what to a directory or file. For more information on them, you can see this article:
http://en.wikipedia.org/wiki/Access_control_list
CACLS is a command line utility included in Windows 2000 to allow you to modify one or more directories' or files' ACLs. Though written for Windows XP, this is applicable to Server 2000 as well:
http://technet.microsoft.com/en-us/library/bb490872.aspx
Alternately on a Windows 2000 server, you can use XCACLS, which is a little more user friendly (IMHO) and more robust:
http://support.microsoft.com/kb/318754
If you have specific questions about usage, please let me know.
DrUltima
http://en.wikipedia.org/wiki/Access_control_list
CACLS is a command line utility included in Windows 2000 to allow you to modify one or more directories' or files' ACLs. Though written for Windows XP, this is applicable to Server 2000 as well:
http://technet.microsoft.com/en-us/library/bb490872.aspx
Alternately on a Windows 2000 server, you can use XCACLS, which is a little more user friendly (IMHO) and more robust:
http://support.microsoft.com/kb/318754
If you have specific questions about usage, please let me know.
DrUltima
ASKER
after reading the options, i l want to use CACLS, I want to apply full control for everyone for the folder PUBLIC, and all the subfolders and files within public. Can you confirm the command for this.
thanks
thanks
Against my better judgement, yes. I highly discourage full control to everyone, but that is your decision, not mine. From inside the Public folder:
cacls *.* /t /e /c /g Everyone:f
cacls is the command
*.* tells it all files at this location
/t (this traverses subfiles and folders)
/e (this edits rather than replaces)
/c (this ignores errors)
/g (this grants additional permissions)
Everyone:f (this is the group : permission, in this case, f for Full)
DrUltima
cacls *.* /t /e /c /g Everyone:f
cacls is the command
*.* tells it all files at this location
/t (this traverses subfiles and folders)
/e (this edits rather than replaces)
/c (this ignores errors)
/g (this grants additional permissions)
Everyone:f (this is the group : permission, in this case, f for Full)
DrUltima
ASKER
I ran the command (cacls *.* /t /e /c /g Everyone:f) from a subfolder within public, I can see access denied message but i finished. After command, i tried copy and paste, still error out. When i went into the ntfs permission of the the file, i get "you do not have permission to view or edit current permission settings.." i had to go to the ADVANCED and take ownership of the file than i can access the file.
What else can i do so i do not have to go to each file or folders.
thanks
What else can i do so i do not have to go to each file or folders.
thanks
Take Ownership of the root of Public and propagate that down through the structure. Do you know how to do that, or do you need assistance?
DrUltima
DrUltima
ASKER
I think I tried all the options that I know how but still no luck. I want to hear from you about take ownership at the public folder. Please let me know you steps.
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
na
You would be far better logging into one of the computers, mapping a drive onto the other computer and doing a windows XCOPY or ROBOCOPY between the two drives NOT shares.