Solved

NET USE copy no longer works, but mapped drive to same Share and copy/paste does work?!?

Posted on 2013-05-14
26
739 Views
Last Modified: 2013-05-16
I have a Shared folder named "SourceCode" on a Windows Server 2008 R2 server.  I have a bat file that runs on a Windows Server 2003 server once a night to copy any changed or new files from the 2008 server Share.  This bat file ran fine when the source server was running Windows 2003.  Now that the source server is 2008 the bat file fails.  I created a user account on the 2008 server named "Backup" with Read/Execute/List permissions.  The Shared folder has "Include inheritable permissions from this object's parent" checked.  The NET USE command "Completes Successfully", but the XCOPY command fails with "Access denied".  If on the destination server (2003), I map a drive to the Shared Source Code folder on the 2008 server, I can copy/paste the file that failed with the NET USE connection just fine.

Any ideas why that is and how I can fix it?

This is the contents of the bat file I'm using:

NET USE X: \\155.138.213.111\Sourcecode password /USER:Backup
XCOPY X:*.* E:\SourceCode\ /D /E /Y
NET USE X: /DELETE
0
Comment
Question by:sqdperu
  • 10
  • 6
  • 5
  • +1
26 Comments
 
LVL 39

Expert Comment

by:Kyle Abrahams
Comment Utility
try the full domain for the user:

eg:

NET USE X: \\155.138.213.111\Sourcecode password /USER:<MACHINENAME>\Backup

Also check the SHARE permissions (different than the file permissions).
0
 
LVL 5

Expert Comment

by:JHalliday
Comment Utility
you could also use a robocopy script its a bit more resilient than xcopy.  The robocopy command line would be as follows

robocopy \\155.138.213.111\sourcecode e:\sourcecode /mir /e /v

this would create a mirrored copy of the source directory in the destination directory and also remove any files from the destination directory that had been removed from the source.  You can substitute /mir for /m to copy all files with archive bit set and reset it ready for the next run of the script.

Create a batch file with the robocopy script as above in and then set a scheduled task to run as the user with Read access to the source and Read Write access to the destination.

As @ged325 says make sure that the user has at least Read access to the Share on the source and also read permissions on the entire directory tree underneath the source share.

On the destination make sure the user has RW to the entire share and directory structure.

If you do get an error when running the script the chances are it is permission related

Hope this helps

Regards

Jon
0
 

Author Comment

by:sqdperu
Comment Utility
ged325,  I tried adding the MachineName, and as before, it connects just fine, but the copy still fails.

I'm no Windows security expert, but everywhere I look by right-clicking the shared folder / properties,  it looks like everything for my "Backup" user has Read (and related) permissions.

Jon,  I've heard of robocopy and always presumed it was a purchased product.  I see it comes from MS.  It is not on my Windows Server 2003 (unrecognized in Cmd).  I don't need anything real-time and fancy.   I simply want to copy once a day the files/folders from the share that are new or have been changed (from a bat file).  I wonder if I can download it from MS.  Will have to look - would prefer my simple XCOPY to work though.

Thanks
0
 
LVL 39

Expert Comment

by:Kyle Abrahams
Comment Utility
Right click on the folder -> properties -> sharing -> permissions
and also
Security Permissions

There's a seperate set of permissions for people who can access the share, and those who can access the directory itself.  

So the folder itself could have read/write for everyone
but the share could have read for everyone, everyone would still only have read (taking microsofts approst of most restrictive / deny first).

Other than that anything in the event viewer?  (start -> eventvwr) for the windows security logs on either the source machine or the machine that you're running the bat?

How are you running the bat file on the 2008 machine?

If it's a scheduled task are you running it as backup or local/network service?

Can you repost your infrastructure just with what you have?

EG:

Source Server
Windows 2008 Machine, hostname =


Destination server??

And the bat file exists on the source server correct?
0
 
LVL 27

Expert Comment

by:serialband
Comment Utility
Prior to Windows 2008, robocopy was available as a free download with the resource kit.  It has been free since its inception.

I usually add the copyall option to copy permissions.  I also set warnings to one and retries to one, otherwise errors and retries would severely slow down the copies with the default settings.  You can always rerun robocopy to quickly copy over the changes.  It's much quicker after the initial copy, assuming most of your data is static.

Here's a typical command line I run.

robocopy \\155.138.213.111\sourcecode e:\sourcecode /mir /e /v /copyall /w:1 /r:1

There are options to write log files too.  It's more robust than xcopy.

Starting with Windows 7, robocopy can also multi-thread with the /mt: option to speed up your small files copies.
0
 
LVL 5

Expert Comment

by:JHalliday
Comment Utility
xcopy is a throw over from the pre windows XP days and even goes back to MS-DOS I think.  Robocopy is more robust in the way it handles files and is therefore more efficient.  You can do a google search for Robocopy and download it free from Microsoft.

I have used Robocopy for a  variety of solutions including backing up files on a nightly basis.

@serialband the parameter you want is /log:<logfilename> also your use of /w:1 and /r:1 is a good point as well /copyall is a good option for user files but can cause problems for files that are updated by the system as you can sometimes end up with a file that has an obscure permission from a local account etc so something to bear in mind but this is more to do with Windows permissions and the way they work than a problem with Robocopy.

Just to explain the parameters that @serialband uses

/mir - creates a complete mirror copy of the files in the source at the destination
/e - copies everything including empty directories
/v - shows verbose messages good for debugging etc
/copyall - copies all security permissions
/w:1 - waits 1 second before retrying a problematic file good for is you occasionally get locked files
/r:1 - the number of times to retry a locked file

You can also use /eta to give a rough estimate of the time the file will finish copying but its not much use for directories with lots of small files.

/log:<filename> - write a log of the messages to the filename
/log+:<filename> - append a log of messages to the filename.

Hope this makes sense
0
 

Author Comment

by:sqdperu
Comment Utility
Windows Server 2008 R2 is the "Source" of the data.  Server Name PSQLDEV1 and shared folder is "SourceCode".  The server has a user account "Backup" with Read/List/execute permissions to SourceCode. The destination server is Windows server 2003.  It runs the bat file once a night via a cheap scheduler program running on it.  I only need/want to copy the files that are new or have change, NOT everything every night.  The new/changed items will be a small amount of data so I'm not all that concerned about the speed.  

The perplexing thing is it all worked fine until the source server changed to Windows 2008.  As near as I can tell, the "Backup" user has all the necessary permissions to the Shared SourceCode folder.  I'd really like to avoid the whole robocopy route if possible, as the XCOPY worked before 2008.

One thing I did notice (and maybe this in normal), in Explorer on 2003 the shared folder had a picture of a hand on the folder.  On 2008, the shared folder looks the same as all the others.

thanks
0
 
LVL 39

Expert Comment

by:Kyle Abrahams
Comment Utility
A couple of things:

You said you're using a cheap scheduler to run the bat.  What context is that running under?  Would it be possible to change it to either backup or your own and see if that worked?

If not could you try it via a normal scheduled task?  You can set yourself as the person who runs the execute.  Set it for a different time of day so there are no conflicts.

if you run the bat file manually, are there any issues?
0
 
LVL 27

Expert Comment

by:serialband
Comment Utility
Just FYI.  Robocopy will only copy new or changed files.

It's also interesting that you don't use the built-in scheduler to run the tasks.
0
 

Author Comment

by:sqdperu
Comment Utility
I have been test running the bat file manually in cmd, so it is not a scheduler issue.

I was not aware of a built-in GUI interface scheduler in Windows Server 2003.  I work at a manufacturing plant.  I have multiple jobs that run throughout the day.  It is very easy to use this GUI based scheduler to modify and create jobs for various intervals, on workdays, ignoring holidays, inside of specific time frames, etc.

Would I be able to install robocopy on the Windows 2003 machine and pull the data from the 2008 machine?  I don't want to install anything on the 2008 machine.

(serialband - thanks for explaining that robocopy only does the new/changed files.  I didn't realize that and that was one of my concerns.)

thanks
0
 
LVL 39

Expert Comment

by:Kyle Abrahams
Comment Utility
you should be able to pull the data the same way, installing it just on the 2003 server.
0
 
LVL 5

Assisted Solution

by:JHalliday
JHalliday earned 166 total points
Comment Utility
@serialband that isn't correct there are certain options you can pass to robocopy that will copy files regardless of the archive bit being set or not.  Robocopy is intelligent enough to know if a file has remained unchanged and will not copy it if the file already exists in the destination.

@sqdperu Robocopy has been around since the Windows 2003 and XP days and is a simple command that can be copied to the System32 directory and be called from anywhere there is no restriction on the version of windows (though I've never used it on anything below Windows 2003 or XP).

There is a good article on Microsoft TechNet that explains all the options you can use and can be found here http://technet.microsoft.com/en-us/library/cc733145(v=ws.10).aspx

To get the actual robocopy command tool follow this link http://www.microsoft.com/en-gb/download/details.aspx?id=17657 as part of the Windows 2003 Resource Kit Tools.  Robocopy is also bundled with all version of windows from Windows Vista upwards and Windows 2008 Server upwards.

In regards of where you can run the command it doesn't really matter as long as you set the correct source and destination paths.

Regards

Jon
0
 

Author Comment

by:sqdperu
Comment Utility
Ok.  So I installed robocopy on my 2003 machine, used @serialband's string and added the "/log:".    When I run it I get a bunch of "same"  and multiple:

"2013/05/15 10:39:32 ERROR 1314 (0x00000522) Copying NTFS Security to Destination Directory \\155.138.213.111\SourceCode\
A required privilege is not held by the client."

Which is my client - where robocopy is running (2003) or source (2008)?

thanks.

FYI - the end results were:

                Total    Copied   Skipped  Mismatch    FAILED    Extras
     Dirs :      3928        25      3903         0         0       351
    Files :    122078         0    118033         0      4045     15166
    Bytes :  13.804 g         0  13.491 g         0  320.73 m   2.692 g
    Times :   0:00:42   0:00:00                       0:00:00   0:00:42
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 39

Assisted Solution

by:Kyle Abrahams
Kyle Abrahams earned 167 total points
Comment Utility
0
 
LVL 5

Expert Comment

by:JHalliday
Comment Utility
@sqdperu the client is the machine you are running the command on.  It sounds like you have a directory or file somewhere on your source with some different security permissions.  You could try and reset the permissions or run as domain admin (assuming both the source and destination are in the same active directory) or run the command on the source server as the local admin.

Regards

Jon
0
 

Author Comment

by:sqdperu
Comment Utility
These are all standalone servers.  No domain.  I am logged into the destination server where I run the command from as Admin.  I guess I don't understand the "file premissions" copying with the file.  I don't know that I even care about that.  No one logs into these servers - they run scheduled jobs and FTP.  The user of these files are myself and another developer.  So as far as we are concerned "we don't care about no stinking permissions" on files.  I just copy them nightly to an extra set of them on disk in case the other server goes down.  (We have backup tapes, but that is more of a hassle.)

So I wonder if I can copy without any regards to file permissions.
0
 
LVL 27

Expert Comment

by:serialband
Comment Utility
You could also use the Windows 2008 server to run robocopy too.  If you don't care to copy the file permissions, remove the /copyall option

@JHalliday
The default behavior of robocopy with /mir is to copy the changes.  That's the behavior sqdperu wants anyway.
0
 

Author Comment

by:sqdperu
Comment Utility
Good News!!!

               Total    Copied   Skipped  Mismatch    FAILED    Extras
     Dirs :      3928         0      3928         0            0         0
    Files :    122078      4045    118033         0         0         0
    Bytes :  13.804 g  320.73 m  13.491 g         0         0         0
    Times :   0:02:37   0:02:05                       0:00:00   0:00:31

    Speed :             2672503 Bytes/sec.
    Speed :             152.921 MegaBytes/min.

---------------------------------------------------------------------------------------------------------------

I ended up using the link from ged325 and changed the "/COPYALL" to "/COPY:DATSO".

Thanks to all who helped me.

So for future reference, this is what my batch file looks like that is now functioning:

NET USE X: \\155.138.213.111\Sourcecode password /USER:PSQLDEV1\Backup
robocopy \\155.138.213.111\SourceCode E:\SourceCode /mir /e /v /COPY:DATSO /w:1 /r:1 /log:D:\SourceCopyLog.txt
NET USE X: /DELETE
0
 
LVL 27

Accepted Solution

by:
serialband earned 167 total points
Comment Utility
You actually don't need the NET USE command with robocopy, since it's connecting to the remote share.

If you really want to mount the drive and copy the files from the mounted partition, then you can shorten the robocopy command

NET USE X: \\155.138.213.111\Sourcecode password /USER:PSQLDEV1\Backup
robocopy X:\ E:\SourceCode /mir /e /v /COPY:DATSO /w:1 /r:1 /log:D:\SourceCopyLog.txt
NET USE X: /DELETE
0
 

Author Comment

by:sqdperu
Comment Utility
Should I be using "/mir" instead of "/COPY:DATSO" with what I'm wanting or does it matter?

thanks
0
 

Author Comment

by:sqdperu
Comment Utility
@serialband.   I don't actually have the "X:" drive mapped in explorer permanently.  I just Net Use connect it, copy, and disconnect.  I have no need to have it mapped permanently.  So in that case I have to use Net Use right?  Otherwise, how would it know my login info?
0
 
LVL 27

Expert Comment

by:serialband
Comment Utility
Robocopy would use the cached credential of the logged in user.  This assumes that you have a domain user, used for logging into both systems, or you use the local admin account.  With the built-in scheduler, you can set it to run as a specific user with the password saved in an encrypted format.  That's actually better than keeping your password in a plain text batch file with the NET USE command.

You'll only need NET USE if you've created independent local user accounts on the 2 systems.  Since you're mapping the drive to X: with the NET USE command, you could just shorten the command within the script.  If you're not using NET USE, then you'll need the full path when you call robocopy.


The /MIR and /COPY are independent.

/MIR -- mirrors the directory structure
/COPY:DAT -- copies the time stamps, file attributes and permissions.  Since you don't care about the permissions, you can remove the S & O.

/E -- is redundant.  It's already included in /MIR  my first answer was a cut & paste of a previous answer with my suggested additions to the options and I did it from memory so I didn't catch that immediately.
0
 

Author Comment

by:sqdperu
Comment Utility
Thanks.  It's working great.  I shortened it a bit like you said so now looks like this:

     NET USE X: \\155.138.213.111\SourceCode password /USER:PSQLDEV1\Backup
     ROBOCOPY X:\ E:\SourceCode /mir /v /COPY:DAT /w:1 /r:1 /log:D:\SourceCopyLog.txt
     NET USE X: /DELETE
0
 
LVL 39

Expert Comment

by:Kyle Abrahams
Comment Utility
glad you got it working.
0
 
LVL 5

Expert Comment

by:JHalliday
Comment Utility
Good work sqdperu rather than use a clear text password in your script you can set-up a scheduled task in Windows to run the following script

ROBOCOPY \\155.138.213.111\SourceCode e:\SourceCode /mir /v /COPY:DAT /w:1 /r:1 /log:D:\SourceCopyLog.txt

Open in new window


In the options for your scheduled task you can set it to run as a specific user and you can specify your PSQLDEV1\Backup user there.  The password will be hashed so will be unreadable and more secure.

Regards

Jon
0
 

Author Closing Comment

by:sqdperu
Comment Utility
Thanks!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now