2

I just built a server 2003 based domain to replace an old, broken server 2000 domain that I "inherited". Now that I'm trying to migrate my users data from the old file server to the new one, I'm running into a severe problem. Let me preface this by saying the main reason we're replacing the old server is due to random permission wipes on users directories. There are files buried inside users documents that have quirky permissions, but of course the users need their data. Furthermore, I've migrated the old file server onto the new domain, thinking it would make it easier to move the files from the 2000 box to the 2003 box.

I have tried several different methods to move the folders, from simple copy/pasting, to running MS FSMT. I've even booted into Knoppix, hoping to scp the files. The issue there was Knoppix wouldn't see the partition.

Now, what I want to know, is there a way I can brute force wipe destroy obliterate etc etc any permissions on a directory, and then assume ownership domain admin.

Thanks for the help!

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
Brendan Sherwin
  • 53
  • 1
  • 6

3 Answers3

8

Use the TAKEOWN and ICACLS utilities (both available on Windows Server 2003 but will run under W2K fine):

TAKEOWN /f "X:\path" /r /d y
ICACLS "X:\path" /reset /T

That will reset all permissions below that path.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • Thanks Evan, I'll give it a shot tomorrow when I'm on location. – Brendan Sherwin Sep 02 '09 at 17:34
  • I had to go find and download takeown. For some reason, it's not on Microsoft's KB page for the Server 2000 Resource Kit. I did find it here http://www.petri.co.il/download_free_reskit_tools.htm though. Again, icacls wasn't available, but xcacls was, so I downloaded it from the same site. I ran the TAKEOWN command listed in Evan's post, and followed it with cacls "x:\broken\directory" /e /g administrator:f which is directly from MS' KB site on takeown. I was met with a "Permission Denied" error when running the last command. – Brendan Sherwin Sep 03 '09 at 15:06
  • I can't tell you why you're seeing what you're seeing re: "Permission Denied". I just staged a mock scenario w/ a directory owned by a standard user, naming only that user with "Full Control" in the ACL, and I was able to take ownership and reset permissions with the commands above. (I use the TAKEOWN that comes from Windows Server 2003-- not that it should make a difference.) – Evan Anderson Sep 03 '09 at 23:00
1

You can also copy the files with robocopy using the /B option. Make sure that the user running the copy is in the "backup operator" group. This option run the copy as backup so it can ignore permissions.

Igal Serban
  • 1,575
  • 10
  • 6
1

I would backup and restore (using your favourite backup program), choosing the option to NOT restore security. That way you get to retain a record for however long you want of what the old permissions were in case you ever need to refer to it.

Maximus Minimus
  • 8,987
  • 2
  • 23
  • 36