14

I copied two trees, a source and a destination, that I copied with robocopy like this:

robocopy /MIR C:\Windows\System32\tasks\ C:\temp\robocopyTasks\out\

robocopy /E /Copy:S /IS /IT C:\Windows\System32\tasks\ C:\temp\robocopyTasks\out\

Then I compared the permission using icacls output the permissions on both, and the only difference seems to be that the original files contain a long string of characters which I've seen before; and I know it represents a user or a group in the system but I don't remember what it is called. The strings look like this:

S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX

They can be matched with this regex in VIM:

/S-\d-\d-\d\{2\}-\d\{10\}-\d\{10\}\-\d\{9\}\-\d\{4\}/
leeand00
  • 4,807
  • 13
  • 64
  • 106

1 Answers1

35

It's a SID, or Security Identifier. If it's showing the string rather than a "friendly name," it sounds like the new server doesn't recognize the account.

Katherine Villyard
  • 18,510
  • 4
  • 36
  • 59
  • I'm making the copies on the same machine. (going to update my post) – leeand00 Apr 17 '15 at 15:35
  • Interesting. Well, for some reason, it's confused. (Network hiccup?) – Katherine Villyard Apr 17 '15 at 15:36
  • I'd actually like to do the same thing on a Windows 2003 server; I'm testing it on my Windows 7 machine first; which is why I'm using the older syntax instead of `/SECFIX` – leeand00 Apr 17 '15 at 15:37
  • I updated my post to include my robocopy command. – leeand00 Apr 17 '15 at 15:38
  • I've seen that before at my previous job; even though properly authenticated, for some reason it used the SIDs instead of the AD names for displaying permissions. Not sure if it's a particular permission setup or something weird with the AD server. – Joe Apr 17 '15 at 16:45
  • 2
    This happens when you create a new local Administrator account, and copy files belonging to another local Administrator account. The new account cannot access files belonging to the old account even though both accounts are Administrator – eyoung100 Apr 17 '15 at 17:42
  • If you disable UAC this behavior goes away. – I say Reinstate Monica Oct 31 '15 at 03:06