I'm betting that on the target that at the root of the drive on which the share resides the permissions are the install defaults, and that probably includes Everyone:Full Control.
Check and compare the NTFS permissions at the root of both the source and target disks. If the NTFS permissions at the root of both the source and target disks both contain the Everyone:Full Control permission, then examine the NTFS permissions on the source disk at the point where the share exists. You'll likely find that inheritance blocking has been implemented there. IMHO, that's a sin. Since your migrating, this is your opportunity to mend your ways, and just remove the Everyone:Full Control ACE from the root of the partition where the new share resides - assuming that it isn't also where the OS resides. Kurt On Thu, Sep 8, 2011 at 22:21, Lists - Level Five <[email protected]> wrote: > Well, I am just copying over the users folder share. We have 30 users, and in > each folder the Domain Admin is set to full, and the user is set to > Change/Owner. However, in the copy it’s the system default, with Domain > Admins Full and Everyone Full .. so obviously perms are not being copied over > or are being overwritten, which Im testing now by disabling the propagation > on the parent folder > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Friday, September 09, 2011 12:26 AM > To: NT System Admin Issues > Subject: Re: Copying w/ Robocopy > > On Thu, Sep 8, 2011 at 21:04, Lists - Level Five <[email protected]> wrote: >> Im migrating via robocopy and using the /SEC but noticing the >> permissions aren’t coming over .. >> >> I have a \\server\users folder share that i am copying to >> \\server2\c$\users . The copy is going fine using the /MIR option as >> we prep for migration. I started poking around and noticed that all >> the perms are security default from the top folder. Do I need to shut >> that off in order for perms to come over correctly? >> >> The actual command: robocopy \\server\users\ \\server2\users\ /MIR >> /SEC /R:5 >> /W:3 >> >> Im going to run it with the /SECFIX or maybe use the /COPY:DATSOU >> flags instead? > > o- What are the NTFS permissions on the root of the drive containing the > target share vs. the permissions on the root of the drive containing the > source share? Probably best if you match them. > > o- Do the NTFS permissions on the the source share directory contain any > blocked inheritances? > > Personally, I start off with the root of any given data drive (not the OS > partition) having only System and the local Administrators group listed, and > give them Full Control permissions. Then, at any given share point on the > drive I start adding in NTFS permissions as needed, and never block > inheritance. Then, I enforce that no permissions get applied more then two > levels below a share. Keeps things neat and simple, and tends to flatten the > directory structure, which IME makes things easier to find. > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
