Share migration of folders/files that access is denied

This topic contains 3 replies, has 4 voices, and was last updated by Profile photo of Rohn Edwards Rohn Edwards 2 years ago.

  • Author
    Posts
  • #20933
    Profile photo of Nathan W
    Nathan W
    Participant

    I have a very tough assignment and I am not sure how to approach it.
    We need to migrate a share from a server to a NAS device and keep all the file/folder permissions intact. For the most part this is easy to solve with a simple robocopy script. However, our HR department has made changes to many of their folders and removed all of IT's permissions to access these files. As a result when I try my robocopy script I get a bunch of access denied errors.
    I am looking to see if Powershell may be able to overcome this and I have tried a simple script but it does not seem to do the job.
    Is this something I can do with PS?

    Here is my current script. Very simple at the moment.

    $CopySource=Read-Host "Enter the Copy Source"
    $CopyDest=Read-Host "Enter the Copy Destanation"

    Get-ChildItem -Path $CopySource | ForEach-Object {Copy-Item -LiteralPath $_.FullName -Destination $CopyDest -Force; Get-Acl -Path $_.FullName | Set-Acl -Path "$CopyDest\$(Split-Path -Path $_.FullName -Leaf)"}

  • #20936
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You're looking at a set of tasks that's complex enough that third party ISVs have developed commercial tools to handle this ;). Like Dell Software's (formerly ScriptLogic) Secure Copy tool.

    Anyway, this gets a bit political. Technically, you need to first take ownership of the file, which restores admin's permissions to it. But, that might not be something HR wants you to do.

    If you'd simply like to capture the errors, then you will have to break out of the one-liner model into more of a script, where you can use the Try/Catch construct to capture errors. That means moving top copying one file at a time with Copy-Item (which you're already doing, since you're in a ForEach), so that each file's errors can be trapped individually.

  • #20939
    Profile photo of Charles Downing
    Charles Downing
    Participant

    Just tell HR you're going to shut down the file server and all of their files will be lost to the void unless they give you full access to all of the files/folders before the copy! After all, IT admins are really demi-gods! 😉

    (Disclaimer: The suggestions made in this post have not been tested and should be run in a test organization before executing in production. The author is not responsible for any damages to your systems, person, or job status that may result from executing these suggestions.)

  • #20942
    Profile photo of Rohn Edwards
    Rohn Edwards
    Participant

    Try adding the /B switch to your RoboCopy command, which puts the program in 'Backup Mode'. All that means is that the backup privilege is enabled (assuming it has been granted to your admin account) and the files/folders are opened in a way that honors the privilege. When all of that works the way it's supposed to, the ACL is never checked, so you get to copy everything.

You must be logged in to reply to this topic.