Robocopy and Share Permssions TommyD[ at ]GE 6/27/2007 8:44:04 PM I've used Robocopy to migrate about 200 users home directories to a new server. The only problem is that Robocopy does not copy the share level permission keeping the directory share name (ex. tomd$). anyone have a script that may help me copy those permissions and apply it to the new directories?? TommyD

Re: Robocopy and Share Permssions "Lanwench [MVP - Exchange]" <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> 6/28/2007 3:40:02 AM TommyD[ at ]GE <TommyDGE[ at ]discussions.microsoft.com> wrote: [Quoted Text] > I've used Robocopy to migrate about 200 users home directories to a > new server. The only problem is that Robocopy does not copy the share > level permission keeping the directory share name (ex. tomd$). anyone > have a script that may help me copy those permissions and apply it to > the new directories?? > > TommyD Well - one thing to mention is that you'd be a lot better off not sharing individual home directories, unless you have legacy (e.g., NT or Win9x) clients that can't map a drive to a subfolder of a share. I tend to use HOME$ for the share itself (everyone=full control for share level permissions) and subfolders for each user - specifying \\server\home$\%username% in each user's ADUC properties. Robocopy can copy NTFS permissions if you use the /SEC switch...so you wouldn't have to worry about all the security settings on subfolders once you set up the parent share. That said, you might check out "Microsoft File Server Migration Toolkit 1.0" http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-42b0-b595-66f462f5d87b&DisplayLang=en

Re: Robocopy and Share Permssions TommyD[ at ]GE 6/28/2007 2:56:10 PM I totally agree that this makes sense and I wish it were something that I could do. But unfortunatly I have to stay with the global standard thats in place as far as the profile mappings are setup, so this isn't going to be feasable for me. There's got to be a script that will share out all of the user directories to %username%$. TD "Lanwench [MVP - Exchange]" wrote: [Quoted Text] > TommyD[ at ]GE <TommyDGE[ at ]discussions.microsoft.com> wrote: > > I've used Robocopy to migrate about 200 users home directories to a > > new server. The only problem is that Robocopy does not copy the share > > level permission keeping the directory share name (ex. tomd$). anyone > > have a script that may help me copy those permissions and apply it to > > the new directories?? > > > > TommyD > > Well - one thing to mention is that you'd be a lot better off not sharing > individual home directories, unless you have legacy (e.g., NT or Win9x) > clients that can't map a drive to a subfolder of a share. I tend to use > HOME$ for the share itself (everyone=full control for share level > permissions) and subfolders for each user - specifying > \\server\home$\%username% in each user's ADUC properties. Robocopy can copy > NTFS permissions if you use the /SEC switch...so you wouldn't have to worry > about all the security settings on subfolders once you set up the parent > share. > > That said, you might check out > "Microsoft File Server Migration Toolkit 1.0" > http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-42b0-b595-66f462f5d87b&DisplayLang=en > > > >

Re: Robocopy and Share Permssions "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> 6/29/2007 3:37:24 AM "Lanwench [MVP - Exchange]" <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message news:e28NheTuHHA.1208[ at ]TK2MSFTNGP03.phx.gbl... [Quoted Text] > TommyD[ at ]GE <TommyDGE[ at ]discussions.microsoft.com> wrote: >> I've used Robocopy to migrate about 200 users home directories to a >> new server. The only problem is that Robocopy does not copy the share >> level permission keeping the directory share name (ex. tomd$). anyone >> have a script that may help me copy those permissions and apply it to >> the new directories?? >> >> TommyD > > Well - one thing to mention is that you'd be a lot better off not sharing > individual home directories, unless you have legacy (e.g., NT or Win9x) > clients that can't map a drive to a subfolder of a share. I tend to use > HOME$ for the share itself (everyone=full control for share level > permissions) and subfolders for each user - specifying > \\server\home$\%username% in each user's ADUC properties. By a strange coincidence, I am in the process of justifying a change to this UNC style of home folder definition. I have been referring to it as a "best practice", however, other than using my own common sense, I am having great difficulty in tracking down any references to this actually being stated anywhere. Do you know of any references I could quote that might carry more weight than, for example, the word of a scripting ex-MVP like me? /Al

Re: Robocopy and Share Permssions "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> 6/29/2007 3:44:46 AM Too bad. When I was in the process of converting all the users in my OU to the UNC format, I wrote a batch script that would re-create the shares in the event of a problem as a roll-back mechanism. Unfortunately, I did not keep a copy, but it went something like this: pushd D:\users for /d %%D in (*) do call:makeshare %%~nD goto:eof :makeshare net share %1=\\%computername%\users$\%1 goto:eof I also had it set the share permission to everyone:full, but I can't seem to find they syntax in "net share /?" on my XP box at home for doing that. /Al "TommyD[ at ]GE" <TommyDGE[ at ]discussions.microsoft.com> wrote in message news:CA4A7978-0D69-4E98-BC09-CF132FFD4F64[ at ]microsoft.com... [Quoted Text] >I totally agree that this makes sense and I wish it were something that I > could do. But unfortunatly I have to stay with the global standard thats > in > place as far as the profile mappings are setup, so this isn't going to be > feasable for me. There's got to be a script that will share out all of the > user directories to %username%$. > > TD > > "Lanwench [MVP - Exchange]" wrote: > >> TommyD[ at ]GE <TommyDGE[ at ]discussions.microsoft.com> wrote: >> > I've used Robocopy to migrate about 200 users home directories to a >> > new server. The only problem is that Robocopy does not copy the share >> > level permission keeping the directory share name (ex. tomd$). anyone >> > have a script that may help me copy those permissions and apply it to >> > the new directories?? >> > >> > TommyD >> >> Well - one thing to mention is that you'd be a lot better off not sharing >> individual home directories, unless you have legacy (e.g., NT or Win9x) >> clients that can't map a drive to a subfolder of a share. I tend to use >> HOME$ for the share itself (everyone=full control for share level >> permissions) and subfolders for each user - specifying >> \\server\home$\%username% in each user's ADUC properties. Robocopy can >> copy >> NTFS permissions if you use the /SEC switch...so you wouldn't have to >> worry >> about all the security settings on subfolders once you set up the parent >> share. >> >> That said, you might check out >> "Microsoft File Server Migration Toolkit 1.0" >> http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-42b0-b595-66f462f5d87b&DisplayLang=en >> >> >> >>

Re: Robocopy and Share Permssions "Lanwench [MVP - Exchange]" <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> 6/29/2007 3:50:12 PM Al Dunbar <AlanDrub[ at ]hotmail.com.nospaam> wrote: [Quoted Text] > "Lanwench [MVP - Exchange]" > <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in > message news:e28NheTuHHA.1208[ at ]TK2MSFTNGP03.phx.gbl... >> TommyD[ at ]GE <TommyDGE[ at ]discussions.microsoft.com> wrote: >>> I've used Robocopy to migrate about 200 users home directories to a >>> new server. The only problem is that Robocopy does not copy the >>> share level permission keeping the directory share name (ex. >>> tomd$). anyone have a script that may help me copy those >>> permissions and apply it to the new directories?? >>> >>> TommyD >> >> Well - one thing to mention is that you'd be a lot better off not >> sharing individual home directories, unless you have legacy (e.g., >> NT or Win9x) clients that can't map a drive to a subfolder of a >> share. I tend to use HOME$ for the share itself (everyone=full >> control for share level permissions) and subfolders for each user - >> specifying \\server\home$\%username% in each user's ADUC properties. > > By a strange coincidence, I am in the process of justifying a change > to this UNC style of home folder definition. I have been referring to > it as a "best practice", however, other than using my own common > sense, I am having great difficulty in tracking down any references > to this actually being stated anywhere. Do you know of any references > I could quote that might carry more weight than, for example, the > word of a scripting ex-MVP like me? > /Al I'm honestly not sure, but creating 100 shares for users, instead of one, seems like a logically bad choice. I'm sure there are plenty of reasons (overhead of some sort...there's probably a limit to the number of shares you can create), but it just seems so obvious that one, as opposed to 100, is easier to manage. Since I use a hidden share for the parent folder, users can't browse it, but even if they could, I wouldn't care - they can't access the folders of other users.

Re: Robocopy and Share Permssions "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> 7/2/2007 11:18:59 PM "Lanwench [MVP - Exchange]" <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message news:eBaE7cmuHHA.3356[ at ]TK2MSFTNGP03.phx.gbl... [Quoted Text] > Al Dunbar <AlanDrub[ at ]hotmail.com.nospaam> wrote: >> "Lanwench [MVP - Exchange]" >> <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in >> message news:e28NheTuHHA.1208[ at ]TK2MSFTNGP03.phx.gbl... >>> TommyD[ at ]GE <TommyDGE[ at ]discussions.microsoft.com> wrote: >>>> I've used Robocopy to migrate about 200 users home directories to a >>>> new server. The only problem is that Robocopy does not copy the >>>> share level permission keeping the directory share name (ex. >>>> tomd$). anyone have a script that may help me copy those >>>> permissions and apply it to the new directories?? >>>> >>>> TommyD >>> >>> Well - one thing to mention is that you'd be a lot better off not >>> sharing individual home directories, unless you have legacy (e.g., >>> NT or Win9x) clients that can't map a drive to a subfolder of a >>> share. I tend to use HOME$ for the share itself (everyone=full >>> control for share level permissions) and subfolders for each user - >>> specifying \\server\home$\%username% in each user's ADUC properties. >> >> By a strange coincidence, I am in the process of justifying a change >> to this UNC style of home folder definition. I have been referring to >> it as a "best practice", however, other than using my own common >> sense, I am having great difficulty in tracking down any references >> to this actually being stated anywhere. Do you know of any references >> I could quote that might carry more weight than, for example, the >> word of a scripting ex-MVP like me? >> /Al > > I'm honestly not sure, but creating 100 shares for users, instead of one, > seems like a logically bad choice. I'm sure there are plenty of reasons > (overhead of some sort...there's probably a limit to the number of shares > you can create), but it just seems so obvious that one, as opposed to 100, > is easier to manage. Since I use a hidden share for the parent folder, > users can't browse it, but even if they could, I wouldn't care - they > can't access the folders of other users. Thanks anyway. Maybe I could just turn it around and state that best practice is to share each home folder if there is a need to support 9x and w2k. But since we have outlawed 9x and w2k on our network, continuing to accommodate them would not be appropriate ;-) /Al

Re: Robocopy and Share Permssions TommyD[ at ]GE 7/3/2007 7:18:01 PM OK - So in Conclusion to this thread, here is what i ended up doing. Used Robocopy to migrate the data Used NET SHARE to share out the directories Used PERMCOPY to copy the permissions to the new shares Thanks to you both for the replies on my issue. "Al Dunbar" wrote: [Quoted Text] > > "Lanwench [MVP - Exchange]" > <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message > news:eBaE7cmuHHA.3356[ at ]TK2MSFTNGP03.phx.gbl... > > Al Dunbar <AlanDrub[ at ]hotmail.com.nospaam> wrote: > >> "Lanwench [MVP - Exchange]" > >> <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in > >> message news:e28NheTuHHA.1208[ at ]TK2MSFTNGP03.phx.gbl... > >>> TommyD[ at ]GE <TommyDGE[ at ]discussions.microsoft.com> wrote: > >>>> I've used Robocopy to migrate about 200 users home directories to a > >>>> new server. The only problem is that Robocopy does not copy the > >>>> share level permission keeping the directory share name (ex. > >>>> tomd$). anyone have a script that may help me copy those > >>>> permissions and apply it to the new directories?? > >>>> > >>>> TommyD > >>> > >>> Well - one thing to mention is that you'd be a lot better off not > >>> sharing individual home directories, unless you have legacy (e.g., > >>> NT or Win9x) clients that can't map a drive to a subfolder of a > >>> share. I tend to use HOME$ for the share itself (everyone=full > >>> control for share level permissions) and subfolders for each user - > >>> specifying \\server\home$\%username% in each user's ADUC properties. > >> > >> By a strange coincidence, I am in the process of justifying a change > >> to this UNC style of home folder definition. I have been referring to > >> it as a "best practice", however, other than using my own common > >> sense, I am having great difficulty in tracking down any references > >> to this actually being stated anywhere. Do you know of any references > >> I could quote that might carry more weight than, for example, the > >> word of a scripting ex-MVP like me? > >> /Al > > > > I'm honestly not sure, but creating 100 shares for users, instead of one, > > seems like a logically bad choice. I'm sure there are plenty of reasons > > (overhead of some sort...there's probably a limit to the number of shares > > you can create), but it just seems so obvious that one, as opposed to 100, > > is easier to manage. Since I use a hidden share for the parent folder, > > users can't browse it, but even if they could, I wouldn't care - they > > can't access the folders of other users. > > Thanks anyway. Maybe I could just turn it around and state that best > practice is to share each home folder if there is a need to support 9x and > w2k. But since we have outlawed 9x and w2k on our network, continuing to > accommodate them would not be appropriate ;-) > > /Al > > >