2

I have a shared folder that I am moving to a new server with Robocopy. However, I do not have FULL permissions to all of the source files.

I am planning on taking ownership of all files and folders with takeown, and then adding NTFS permission, then repeating the Robocopy.

takeown /f "D:\Data" /r /a /d y
icacls "D:\Data" /grant "administrator:F" /T

My questions are:

  1. Does taking ownership as shown above affect file permissions at all? I would like to start this ahead of time (during the day) since it will take a while. But if it will cause people to lose access to their files, then it will have to wait until after hours.
  2. Will the icacls command add Full Control for Administrator, without affecting any other permissions? Again, my goal is for this to not affect end users.
TheCleaner
  • 32,627
  • 26
  • 132
  • 191
user1594322
  • 229
  • 1
  • 4
  • 10

3 Answers3

3

Taking ownership does not change permissions. That command looks like it will grant the Administrator account Full control and leave the other ACLs (but you should always test this on a small sample of data).

You should note that a Folder Redirection GPO checks to see if the user account being redirected owns the folders in question. If it doesn't redirection will fail. If you're trying to do this on a share that hosts redirected folders, I wouldn't do it this way.

Also note that by changing the owner, any Creator Owner ACEs will now apply to Administrator instead of the previous owner. The use of Creator Owner in ACLs outside of folder redirection is somewhat rare, so this may not affect you.

Glenn Slayden
  • 105
  • 4
MDMarra
  • 100,734
  • 32
  • 197
  • 329
2

Taking ownership actually DOES reset the perm on the target folder. It just replaces with admin group.

Trev
  • 21
  • 1
1

"... looks like it will grant the Administrator account Full control and leave the other ACLs" - this is NOT true, and I learned it the hard way...

The switch /d y is in fact answering Yes to this question: "All permissions will be replaced if you press Yes."

Instead, you can use Subinacl – a free utility available from Microsoft. https://www.experts-exchange.com/articles/17526/Windows-File-Server-Folder-ownership-problems-and-resolution.html

Karl
  • 11
  • 1