NTFS Security Not Transferred When Copying Files

When copying files from one server to another, the NTFS security ACLs on them are not transferred, and the files inherit the permissions of the destination folder.  If the permissions are simple, and set at just one level at the top of the folder hierarchy, it’s not a big deal to just set them again manually.  But if you have multiple folder levels of settings that may or may not be the same, or if you have particularly sensitive data and you want to be sure the security of that data is maintained, here is what you can do.

1.        Transfer the files over using whatever file copy utility you like.  I like RichCopy, which is just a nice, GUI front-end to robocopy.

2.       Even though you have avoided using the command-line for the transfer itself, you are still going to have to use it now to get the file/folder security settings moved over.  For each folder that you transferred using Richcopy, run the following command from the source server:

robocopy "X:\sharedfolder" "\\servername\newshare"  /E /COPYALL /SEC /XC /XN /XO /R:1 /W:0

The "/xc /xn /xo" part of the command excludes files from being copied over again.  The “/E /COPYALL /SEC” switches actually re-sync all the security settings for all the files/folders, so they end up matching the security that is set on the source.

(Robocopy is part of the Server 2003 Resource Kit)

Posted via email from Aaron Johnstone