3

I'm trying to copy a folder from one harddrive to another using the folowing robocopy options:

robocopy "H:\Source" "T:\target" /E /COPY:DATSO /R:1 /W:1 /DCOPY:T /Z /LOG:T:\Belfirst_copy.log /NP

For files where the owner is not the Administrator, but some specific domain user, i get the following error:

ERROR 1307 (0x0000051B) Copying NTFS Security to Destination Directory T:\target\...(a lot of files/dirs)
This security ID may not be assigned as the owner of this object.

I have tried all the proposed solutions i could find:

  • Give the Domain user i'm logged in with, and running the script as, full access to the source, and target directory.
  • Give the Domain user i'm logged in with, and running the script as, the "Restore files and directories" priviledge.
  • Run as administrator
  • Run as a bat file
  • Log off and log on again and retry
  • use the /B option
  • Try without the /COPY:S option

For obvious reasons copying without the /COPY:O option solves the problem. But that beats the purpose of course.

What am i missing?

Platform: Windows Server 2008 R2

(This is highly related to "Robocopy failure with Windows Server 2008 Scheduled Task", but i don't have enough reputation yet to add a comment there.)

Community
  • 1
Wouter
  • 285
  • 1
  • 3
  • 11
  • I tried it again today, and it worked. Not sure if i made a mistake last time, of if there's something else that's different. I'll leave this post in case anyone else comes accros this. – Wouter Dec 09 '13 at 14:19

2 Answers2

2

Normally, you can only acquire NTFS ownership of filesystem objects for yourself. You cannot set the ownership to a third person. (This prevents users from e.g. storing compromising or incriminating data under the ownership of another, unsuspecting person.)

There is a "restore files and directories" privilege in the security policy. Microsoft states:

This security setting [...] determines which users can set valid security principals as the owner of an object.

Apparently, you need this privilege to copy ownership. Robocopy must run in a security context that allows setting ownership to arbitrary principals.

By default, local administrators have this privilege:

By default, this right is granted to the Administrators, Backup Operators, and Server Operators groups on domain controllers, and to the Administrators and Backup Operators groups on stand-alone servers.

(The "restore files and directories" privilege is part of the policy. You may need to log off and on again for it to become effective.)

ManuelAtWork
  • 191
  • 1
  • 4
1

I also had this trouble. I wrote a batch file to robocopy the current logged in user and copy all his profile folder to a network shared location. Using variables and this combination of switches every folder copied without an errors. A command has to be created for each individual folder, but it works. You may have to give the user permission to create a folder in the network share, or create it prior to first time backup.

robocopy "%HOMEPATH%\FOLDER" "\SERVER\NETWORK_SHARE\%USERNAME%\FOLDER" /s /mir /zb /b /copy:dat

Admin_Retro_Ray
  • 11
  • 1