How to set up Windows user account profile folder to be readable by another user account?

0

My goal is to set up permissions on a user account profile to be readable by another user. I'm setting up such scheme for an automated backup purpose.

So, say I have two standard user accounts -- User A that is a general user of the system, whose data will be backed up:

enter image description here

And BackupUser that will be doing the backing up:

enter image description here

I want to set up permissions on the User A's profile folder C:\Users\User A to be readable by BackupUser.

So I start a cmd as administrator and run the following icacls command:

icacls "C:\Users\User A" /t /c /l /q /grant DESKTOP-69AQNQQ\BackupUser:(RX)

But it fails with errors of access denied to some folders.

OK. So I downloaded PSEXEC and first run my cmd as SYSTEM hoping to prevent access denied errors:

PSEXEC -i -s -d CMD

and then run the same command from it. But it still gives me the same errors:

enter image description here

So as a result when I try to copy the C:\Users\User A folder from a process running under BackupUser user account it fails with, you guessed it, "access denied" error.

So what am I doing wrong here?

PS. I'm doing these tests on Windows 10 Pro.

PS2. Here's the result of running whoami on the cmd prompt that I use for this:

enter image description here

PS3: And here's the output for icacls "C:\users\User A\Documents":

enter image description here

c00000fd

Posted 2016-08-25T05:03:21.503

Reputation: 339

Can you try it with GUI? Right click user folder, and give permissions for read and execute. – edumgui – 2016-08-25T08:15:49.397

What's the output of icacls "C:\users\User A\Documents"? Administrators should have full access to this. If they have, your cmd.exe doesn't run elevated, check with whoami /groups – Peter Hahndorf – 2016-08-25T08:55:26.523

@PeterHahndorf: I updated my OP with the whoami result. – c00000fd – 2016-08-25T19:31:04.607

1All the "folders" it fails on are actually junctions that are only there for compatibility with older applications. You're not missing any data by not backing them up. – Ben N – 2016-08-25T19:33:56.470

@BenN: Hmm. That's interesting. Good point. Although, you see my issue is that when I try to copy C:\users\User A it fails because that folder contains those junctions that User A doesn't have read-access to. There must be a way to set read permissions on them from the SYSTEM account, right? – c00000fd – 2016-08-25T19:38:41.407

No answers

Asked: 2016-08-25T05:03:21.503

Viewed: 94 times

Active: 2016-08-25T19:35:04.560