Link to home
Start Free TrialLog in
Avatar of Jason Paradis
Jason ParadisFlag for United States of America

asked on

Need review of batch file for backing up User folder to server, please.

I posted something about this the other day and the responses told me that I need to use GPO instead of a batch file. I tried going the GPO route to create offline files and synchronize the User profile folder but it never worked. No matter who I added to security settings, or forced gpupdate, etc. It refused to synchronize.

So in the interim of getting that fixed, I need something ASAP that will do the same job but as a batch file. Here is what I created:

@echo off
cls
REM This script only backs up the folders under the user profile
REM i.e. C:\User\username\*.* It does not back up anything else.
echo This batch process will backup the User profile folders for "%USERNAME%", is this username correct? (y/n)
set RINPUT=
set /P RINPUT=Type input: %=%
If /I "%RINPUT%"=="y" goto yes
If /I "%RINPUT%"=="n" goto end
:yes
net use \\destinationserver\Users domainadminpassword /USER:DOMAIN\Administrator
pause
md \\destinationserver\Users\%USERNAME%
pause
icacls \\destinationserver\Users\%USERNAME%\ /grant DOMAIN\%USERNAME%:F
pause
robocopy "%USERPROFILE%\Desktop" \\destinationserver\Users\%USERNAME%\Desktop /MIR /SEC
pause
robocopy "%USERPROFILE%\Documents" \\destinationserver\Users\%USERNAME%\Documents /MIR /SEC
pause
robocopy "%USERPROFILE%\Downloads" \\destinationserver\Users\%USERNAME%\Downloads /MIR /SEC
pause
robocopy "%USERPROFILE%\Favorites" \\destinationserver\Users\%USERNAME%\Favorites /MIR /SEC
pause
robocopy "%USERPROFILE%\Contacts" \\destinationserver\Users\%USERNAME%\Contacts /MIR /SEC
pause
robocopy "%USERPROFILE%\Pictures" \\destinationserver\Users\%USERNAME%\Pictures /MIR /SEC
pause
robocopy "%USERPROFILE%\Videos" \\destinationserver\Users\%USERNAME%\Videos /MIR /SEC
pause
echo Copying User profile folders
:end
echo Ending script
timeout /t 3 /nobreak

Open in new window


Please ignore the pauses, they are in there for debug purposes.

There are three problems I have with this script that I have been unable to resolve.

  1. The icacls command does not grant full access to the created folder from line 13. It adds %USERNAME% to the list but only gives it "Special Permissions" not Full Access to the folder.
  2. Robocopy asks if the first item is a directory or file each time it is run. I have to type D 7 times after each command is executed. Is there a way to avoid this interaction?
  3. When the folders/files are copied it retains the origination computer's security settings for each. However, I want it to just copy over the security settings while retaining the inherited permissions from the destination server's parent folder. In other words if the destination server has Domain Admins, Administrators as Full Access and I run the batch it copies over those settings and applies the copied folders/files original security settings.
ASKER CERTIFIED SOLUTION
Avatar of NVIT
NVIT
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jason Paradis

ASKER

So I made all of the changes based on the comments here.

I moved the switches to the front. Removed MIR. Made a backslash at the destination.

Results:

The batch file worked. However, the "Special Permissions" on the parent folder was still in place. I can access the share with the user profile on the original machine so maybe it worked successfully but in a different way? The permissions from the original location did not copy over and I need them to. All it did was copy the folders/files and retain inherited permissions from the destination parent folder.

I suppose I could put in an icacls for each destination folder, but there has to be an easier way to transfer security settings without overriding.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Let's say that's Jon's profile. Can a different user Jane access that Jon's profile?

I tested this with a different account and they could not access the newly created folder while the original user could.
However, I'm still having issues with the security settings not copying to the destination folder on the server. After the script completes, the user can view the tree of the parent folder, but they cannot access any of their user folders (Desktop, Favorites, etc.). The error keeps saying that they don't have access. I check the Security settings and the settings from the source folders aren't being applied.

I removed /MIR and /SEC and used /COPYALL instead and that didn't work. I even tried it coupled with /SECFIX with no success.
The way you have it, unless the user running the batch is admin, icacls will not give Full rights

Icacls \\destinationserver\Users\%USERNAME%\ /grant DOMAIN\%USERNAME%:F
I am running the batch as admin. The batch file also explicitly has domain administrator rights given on line 11. The icacls command isn't the problem.

It's the security settings for the individual sub-folders, not the parent.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial