asked on Is there a way to view rights to all the folders on a drive
I am preparing to migrate data from a couple of Windows Server 2003 servers to a Server 2008 R2 server.
We have a lot of differing rights all over the 2003 server that will need to be recreated on the 2008R2 one and am looking at the best way to see what those rights are.
About 250GB of data, made up of maybe 5000 folders.
Thanks in advance
We have a lot of differing rights all over the 2003 server that will need to be recreated on the 2008R2 one and am looking at the best way to see what those rights are.
About 250GB of data, made up of maybe 5000 folders.
Thanks in advance
Windows Server 2003
Last Comment
bosshognz
ASKER
I've just had a look but that software seems to only talk about singular objects - at least on the page you linked. I don't really want to look through each of the 5000 folders
There is a command named cacls which comes shipped in the the Microsoft resource kit.
It will display NTFS permissions on a directory tree.
http://technet.microsoft.com/en-us/library/bb490872.aspx
It will display NTFS permissions on a directory tree.
http://technet.microsoft.com/en-us/library/bb490872.aspx
And it comes already shipped in windows too
ASKER
Hi mkrohn,
Once again this seems to only work on one folder at a time. Our folders within the drive do have differing rights, but I don't know which folders have which rights. This is what I'm trying to discover.
Once again this seems to only work on one folder at a time. Our folders within the drive do have differing rights, but I don't know which folders have which rights. This is what I'm trying to discover.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Hi, if you use cacls *.* it will show you all the folders
My favorite tool for this is the free DumpSec (http://www.systemtools.com/somarsoft/index.html)
Set the Permissions Report Options to not show the owner, and to "Show directories (not files) whose permissions differ ..." to create the most concise report possible.
Then there's also the (not free) Security Explorer from ScriptLogic (http://www.scriptlogic.com/products/security-explorer/)
But why recreate the permissions when you can just copy the files including security, for example with robocopy? I've used it without any problems for several migrations.
Some hints:
- robocopy will *by* *default* only copy files that aren't in the target already.
- If you want to do several sync runs, you can use /mir to delete files in the target that aren't in the source anymore.
- You might want to set /r (retry) and /w (wait) to something more useful in a LAN, like /r:2 /w:1.
- use /copyall to copy NTFS permissions as well.
- Check robocopy.doc in the ResKit installation folder (to run it, you actually only need robocopy.exe), it's a very useful documentation.
- You can safely use /nfl (no file list) and /ndl (no directory list) to reduce the log file size; errors will still be logged.
- Use /np if you're logging to a text file, otherwise the log will be filled with control characters.
- On W2k8, robocopy's already included.
Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
Set the Permissions Report Options to not show the owner, and to "Show directories (not files) whose permissions differ ..." to create the most concise report possible.
Then there's also the (not free) Security Explorer from ScriptLogic (http://www.scriptlogic.com/products/security-explorer/)
But why recreate the permissions when you can just copy the files including security, for example with robocopy? I've used it without any problems for several migrations.
Some hints:
- robocopy will *by* *default* only copy files that aren't in the target already.
- If you want to do several sync runs, you can use /mir to delete files in the target that aren't in the source anymore.
- You might want to set /r (retry) and /w (wait) to something more useful in a LAN, like /r:2 /w:1.
- use /copyall to copy NTFS permissions as well.
- Check robocopy.doc in the ResKit installation folder (to run it, you actually only need robocopy.exe), it's a very useful documentation.
- You can safely use /nfl (no file list) and /ndl (no directory list) to reduce the log file size; errors will still be logged.
- Use /np if you're logging to a text file, otherwise the log will be filled with control characters.
- On W2k8, robocopy's already included.
Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
ASKER
Got to love Sysinternals! oBdA, yours looks like it might do the job as well, but Sysinternals doesn't require an installation nor any filters added. It just does it, which is what I'm after.
Copy and paste may work and we may well do it for some folders, but we're looking at a fresh clean start here. Trying to copy and paste as little legacy data over as possible. And it its always good to make sure theres no leftover SIDs hanging around in security.
Copy and paste may work and we may well do it for some folders, but we're looking at a fresh clean start here. Trying to copy and paste as little legacy data over as possible. And it its always good to make sure theres no leftover SIDs hanging around in security.
The info on the command is here
http://www.mkssoftware.com/docs/man1/lsacl.1.asp
You can download the toolkit from here:
http://www.mkssoftware.com/