Copying data between NTFS partitions with permissions intact

By default, when copying data from one NTFS partition -- which could be on the same physical disk, different physical disks, or even different systems -- the files and folders automatically inherit the permissions of the destination. When copying data with granular or restricted permissions -- e.g. the contents of a file server or a user profile -- this can be problematic.

Using a utility like Microsoft's Robocopy, data can be copied from one location to another with all security information intact. The command-line arguments to do this are as follows:

robocopy "sourcepath" "destinationpath" /E /COPYALL /R:0 /W:0

Notes:

  • sourcepath and destinationpath cannot end in a backslash. Robocopy will not accept that syntax. They must end either in a folder name or "*.*" to copy all data.
  • /E means copy all files and sub-folders, including empty ones.
  • /COPYALL means copy all information: data, attributes, timestamps, NTFS security ACLs, owner information, and auditing information.
  • /R:0 /W:0 means 0 retries and 0 seconds wait between retries, respectively. You may adjust these numbers to your liking.
  • You might also consider adding /NP and/or /LOG switches. See Robocopy help for more information.

This solution will work if copying data within the same system, between domain controllers, or if the permissions were configured using domain accounts or groups directly instead of the Microsoft-recommended UGLP method of assigning permissions.

When moving data between systems, local user accounts and group SIDs change, thereby potentially rendering NTFS permissions invalid. Using the above method in conjunction with a utility like SwitchRight, NTFS permission replacement utility, will allow you to translate SIDs to match the local usernames and groups on the destination system.

Author: ASAK
Created: Jan 25 2006 (last modified Jan 26 2006)
Categories: Utilities - Windows
TechByte #120

Warning: By visiting this site and/or by using any information contained herein, you agree to the Techbytes.ca terms of use.



Add a comment about this TechByte

If you wish to add a comment regarding this TechByte, please use the form below. Please note that by submitting comments using this form you are allowing all of the information submitted to be visible on this website. Any comments submitted using this form will only be shown on the website if they are approved by the administrators of this site. IF APPROVED, COMMENTS MAY TAKE SEVERAL DAYS TO BE POSTED.

Posted By: (Optional)

Comments:


Other TechBytes: