Pete
asked on
Robocopy ERROR 1307 (File ownership error)
I am copying from C:\Folder to \\backup\folder$
My Command:
ROBOCOPY C:\Folder \\backup\folder$ /E /MIR /copy:datso
Error:
Robocopy ERROR 1307 (0x0000051B) Copying NTFS Security to Destination Directory ...This security ID may not be assigned as the owner of this object
If I change the cxommand to /copy:dats (without the o) it works OK, but I need the ownership!
C:\Folder has ownership of "domain\domain admins"
C:\Folder has a few user folders in it with ownerships of "domain\username"
any ideas?
My Command:
ROBOCOPY C:\Folder \\backup\folder$ /E /MIR /copy:datso
Error:
Robocopy ERROR 1307 (0x0000051B) Copying NTFS Security to Destination Directory ...This security ID may not be assigned as the owner of this object
If I change the cxommand to /copy:dats (without the o) it works OK, but I need the ownership!
C:\Folder has ownership of "domain\domain admins"
C:\Folder has a few user folders in it with ownerships of "domain\username"
any ideas?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for replies, there's a few parts to the setup, maybe u can advise who needs access to what.
- at startup on the client win10 machine a script creates a c:\folder. Admins FC permissions.
- at user login a subfolder called the users name is created in this with permissions modify.
- a powershell script exists on netlogon that backs up c:\folder to a backup share
- a scheduled task is created on the client machine using GPO, that runs the backup script at startup. The scheduled task runs under the SYSTEM account. This could change I guess.
There are many client machine and many users on each machine (School).
So...what to do?
- at startup on the client win10 machine a script creates a c:\folder. Admins FC permissions.
- at user login a subfolder called the users name is created in this with permissions modify.
- a powershell script exists on netlogon that backs up c:\folder to a backup share
- a scheduled task is created on the client machine using GPO, that runs the backup script at startup. The scheduled task runs under the SYSTEM account. This could change I guess.
There are many client machine and many users on each machine (School).
So...what to do?
ASKER
By the way as a test we have already set EVERYONE full control permissions on the destination backup share...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
for schedule task use account with domain admins right or account having admin rights on source and destination directories
System account is good for local machine operations but not good for network operations as far as I can think
System account is good for local machine operations but not good for network operations as far as I can think
ASKER
We need to backup ownership as the users will have quotas set on their local folders, this relies on ownership, so if we need to restore from backup we need to also restore this ownership.
One problem we've already gone through is the ONLY way we could get a scheduled task to appear on the local machine using group policy is to have it configured to run using the system account.
Thanks
One problem we've already gone through is the ONLY way we could get a scheduled task to appear on the local machine using group policy is to have it configured to run using the system account.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have been given options.
Still I don't understand why you let the script run as user. Why not simply take an account that is administrator on both source and target?
Still I don't understand why you let the script run as user. Why not simply take an account that is administrator on both source and target?
ASKER
Thanks, we need to have this script run at startup. To prevent flooding the network with every machine starting and backing up at the same time there's a random delay in the script, up to 10 mins. Do u have an idea to run this other than in a scheduled task? A GPO startup script will prevent the machine being used until the script has completed....
A scheduled task from GPO only works if you configure it to use the system account, we can't just use an admin account.
A scheduled task from GPO only works if you configure it to use the system account, we can't just use an admin account.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You had been told to assign that privilege to the group domain computers (wouldn't "gve me the creeps") - a simple solution.
running schedule task is different operation and creating schedule task is different operations
U can specify domain account under which security context schedule task can be run, however when you use GP preference, the task will be created on clients through security context of system account as GP preferences by default would run through system account
U can specify domain account under which security context schedule task can be run, however when you use GP preference, the task will be created on clients through security context of system account as GP preferences by default would run through system account
If u could explain how could you resolved issue ?
ASKER
I didn't resolve it, i ended up not backing up permissions or ownership, and not using a scheduled task to run the script. The project now runs the script at startup but hidden in the background and the restore script will sort out ownership etc when required....not the best.
You could have used the solution - why don't you?
ASKER
I couldn't get the startup script, even when created manully for testing to run unless it was created to run with the SYSTEM account. Adding the Domain Computers group to the "Restore files and directories" user right on the backup server also made no difference to backing up security or ownership of the files.
That made no difference? That would surpise me. Will try to reproduce on monday.
For the latter (which is what you're trying to do), the account you're using will need the "Restore files and directories" user right on the target server. I suspect this one is missing in your case.
How Permissions Work
https://technet.microsoft.com/en-us/library/cc783530(v=ws.10).aspx