Link to home
Start Free TrialLog in
Avatar of Pete
PeteFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Robocopy ERROR 1307 (File ownership error)

I am copying from C:\Folder to \\backup\folder$

My Command:
ROBOCOPY C:\Folder \\backup\folder$ /E /MIR /copy:datso

Error:
Robocopy ERROR 1307 (0x0000051B) Copying NTFS Security to Destination Directory ...This security ID may not be assigned as the owner of this object


If I change the cxommand to /copy:dats (without the o) it works OK, but I need the ownership!

C:\Folder has ownership of "domain\domain admins"
C:\Folder has a few user folders in it with ownerships of "domain\username"

any ideas?
Avatar of oBdA
oBdA

There's a difference between taking ownership (granted by the "Take ownership of files or other objects" user right or the "Take Ownership" NTFS permission) and assigning ownership.
For the latter (which is what you're trying to do), the account you're using will need the "Restore files and directories" user right on the target server. I suspect this one is missing in your case.
How Permissions Work
https://technet.microsoft.com/en-us/library/cc783530(v=ws.10).aspx
SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pete

ASKER

Thanks for replies, there's a few parts to the setup, maybe u can advise who needs access to what.

- at startup on the client win10 machine a script creates a c:\folder. Admins FC permissions.
- at user login a subfolder called the users name is created in this with permissions modify.
- a powershell script exists on netlogon that backs up c:\folder to a backup share
- a scheduled task is created on the client machine using GPO, that runs the backup script at startup. The scheduled task runs under the SYSTEM account. This could change I guess.

There are many client machine and many users on each machine (School).

So...what to do?
Avatar of Pete

ASKER

By the way as a test we have already set EVERYONE full control permissions on the destination backup share...
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
for schedule task use account with domain admins right or account having admin rights on source and destination directories

System account is good for local machine operations but not good for network operations as far as I can think
Avatar of Pete

ASKER

We need to backup ownership as the users will have quotas set on their local folders, this relies on ownership, so if we need to restore from backup we need to also restore this ownership.

One problem we've already gone through is the ONLY way we could get a scheduled task to appear on the local machine using group policy is to have it configured to run using the system account.

Thanks
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You have been given options.

Still I don't understand why you let the script run as user. Why not simply take an account that is administrator on both source and target?
Avatar of Pete

ASKER

Thanks, we need to have this script run at startup. To prevent flooding the network with every machine starting and backing up at the same time there's a random delay in the script, up to 10 mins. Do u have an idea to run this other than in a scheduled task? A GPO startup script will prevent the machine being used until the script has completed....

A scheduled task from GPO only works if you configure it to use the system account, we can't just use an admin account.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You had been told to assign that privilege to the group domain computers (wouldn't "gve me the creeps") - a simple solution.
running schedule task is different operation and creating schedule task is different operations

U can specify domain account under which security context schedule task can be run, however when you use GP preference, the task will be created on clients through security context of system account as GP preferences by default would run through system account
If u could explain how could you resolved issue ?
Avatar of Pete

ASKER

I didn't resolve it, i ended up not backing up permissions or ownership, and not using a scheduled task to run the script. The project now runs the script at startup but hidden in the background and the restore script will sort out ownership etc when required....not the best.
You could have used the solution - why don't you?
Avatar of Pete

ASKER

I couldn't get the startup script, even when created manully for testing to run unless it was created to run with the SYSTEM account. Adding the Domain Computers group to the "Restore files and directories" user right on the backup server also made no difference to backing up security or ownership of the files.
That made no difference? That would surpise me. Will try to reproduce on monday.