Read-only flag on robocopy

Alex
Alex used Ask the Experts™
on
Morning all,

So a really odd issue has happened, I've migrated a file server using robocopy which was fine. The users could access the files but not modify them. So I checked the security which is also fine, but what I found is the folder has a "Read-only" flag set.

I checked the source and it was set there on a 2003 server, does this change on a 2012 box?

Thanks
Alex
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
AlexSenior Infrastructure Analyst

Author

Commented:
Right, so on 2003 that's by design, I assume it screws up on 2012 when you robocopy to it.
Distinguished Expert 2018

Commented:
This is still by design on modern OS'.
What "screws up"? I don't understand.
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Distinguished Expert 2018

Commented:
If users cannot write, the question is: did you verify permissions?
AlexSenior Infrastructure Analyst

Author

Commented:
Yep,

I checked permissions, they have modify rights on the folder, I used the following robocopy command

“robocopy  \\Server1\s$ \\server2\S$ /E /ZB /DCOPY:T /COPYALL /R:0 /W:0 /V /TEE /LOG:RobocopyS.log”

so when the user tries to modify a file, they get access denied, so the NTFS level is fine but it still doesn't work.
Most Valuable Expert 2018
Distinguished Expert 2018

Commented:
Check the share permissions through which the users access the files. Default is "Read" for the group Everyone  ...
AlexSenior Infrastructure Analyst

Author

Commented:
I used authenticated users and Read instead of everyone.

Should achieve the same goal right?
Olivier MARCHETTACitrix Support and Infrastructure Engineer

Commented:
You should give authenticated users Full Control in the share permission.
AlexSenior Infrastructure Analyst

Author

Commented:
..... really? So everyone only needs read, authenticated users are full control?
Olivier MARCHETTACitrix Support and Infrastructure Engineer

Commented:
You should always define the share permissions to Full Control for Everyone.  (unless if you want to restrict your share to read only)
Then you set your NTFS permissions (ACL) on your directories and files.
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
If the share restricts the permissions to Read for your users, then it doesn't matter what the NTFS permissions say. The users need at least Modify on the share. If you want to prevent them from changing NTFS permissions even for files/folders they own, leave it at Modify, and add an entry with Full Control for Administrators. If you want your users to be able to change NTFS, you'll need Full Control for your users as well.
You can remove Everyone and just Authenticated Users.
Distinguished Expert 2018

Commented:
Never full control on the share permissions!
Everyone:modify.

If you set share perms to full control, then no matter how the NTFS permissions are, the owner of a folder (=the user himself) will ALWAYS be able to change permissions on his folders which is (usually) not what admins want.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial