Come spostare cartelle mantenendo i permessi NTFS ( Windows ACL )

Durante la migrazione di un server spesso ci trova di fronte alla necessità di dover spostare delle share di rete, quindi delle cartelle va un volume ad un altro, mantenendone i permessi NTFS ( Windows ACL ).

Ricordiamo che quando si copia o sposta file e cartelle tra due volumi NTFS, Windows li considera come  nuovi file e conseguentemente i permessi ACL vengono persi e sovrascritti con i permessi della cartella di destinazione. 

Per fare questa operazione mantenendo le NTFS Permission è possibile utilizzare Robocopy che è uno strumento utilizzabile da riga di comando per copiare e sincronizzare files e cartelle.

Robocopy supporta numerosissimi switch che ci permettono di avere a disposizione moltissime funzioni, quindi oltre a copiare difatti permette di ottenere mirror, copie incrementali, copia di ACL, etc.

Robocopy è incluso nel Resource Kit di Windows, reperibile qui : Resource Kit per sistemi Windows 2003; per sistemi moderni come Windows 2008 e successivi è già incluso nel sistema.
La copie dei files o delle cartelle vengono effettuate solo se i file di origine e destinazione sono diversi, in modo da risparmiare tempo e banda, il che è molto utile se si sta replicando attraverso una connessione di rete.

Per il nostro scopo come detto Robocopy fornisce la possibilità di copiare mantenendo inalterate le ACL (i permessi utente) dei files ed i dati di auditing, supporta inoltre i percorsi UNC, così non si è costretti a mappare le unità prima della copia.

Vediamo nello specifico il comando da utilizzare :

Parametri :
%1 directory sorgente
%2 directory destinazione
%3 directory\filelog


robocopy %1 %2 /MIR /ZB /A+:R /A-:RSH /R:4 /W:1 /V /LOG:%3.log /TEE

Switch Utilizzati :

/MIR :: MIRror a directory tree (equivalent to /E plus /PURGE).
/ZB :: use restartable mode; if access denied use Backup mode.
/A+:[RASHNT] :: add the given Attributes to copied files. R – Read only S – System N – Not content indexed A – Archive H – Hidden T – Temporary
/A-:[RASHNT] :: remove the given Attributes from copied files.
/R:n :: number of Retries on failed copies: default 1 million.
/W:n :: Wait time between retries: default is 30 seconds.
/V :: produce Verbose output, showing skipped files.
/LOG:file :: output status to LOG file (overwrite existing log).
/TEE :: output to console window


Con questo script avremo un mirror della nostra cartella completa di permessi NTPS ( Acl ) nella cartella di destinazione.


Per un maggior approfondimento sotto riporto la guida ufficiale.

Robocopy Guida Ufficiale Tutti gli Switch

ROBOCOPY source destination [file [file]…] [options]

source Source Directory (drive:\path or \\server\share\path)
destination Destination Dir (drive:\path or \\server\share\path)
file File(s) to copy (names/wildcards: default is “*.*”)

Copy options

/S Copy Subdirectories, but not empty ones.
/E Copy subdirectories, including Empty ones.
/LEV:n Only copy the top n LEVels of the source directory tree.
/Z Copy files in restartable mode.
/B Copy files in Backup mode.
/ZB Use restartable mode; if access denied use Backup mode.
/EFSRAW Copy all encrypted files in EFS RAW mode.
/COPY:copyflag[s] What to COPY for files (default is /COPY:DAT).
(copyflags : D=Data, A=Attributes, T=Timestamps).
(S=Security=NTFS ACLs, O=Owner info, U=aUditing info).
/DCOPY:T COPY Directory Timestamps.
/SEC Copy files with SECurity (equivalent to /COPY:DATS).
/COPYALL COPY ALL file info (equivalent to /COPY:DATSOU).
/NOCOPY COPY NO file info (useful with /PURGE).
/SECFIX FIX file SECurity on all files, even skipped files.
/TIMFIX FIX file TIMes on all files, even skipped files.
/PURGE Delete dest files/dirs that no longer exist in source.
/MIR MIRror a directory tree (equivalent to /E plus /PURGE).
/MOV MOVe files (delete from source after copying).
/MOVE MOVE files AND dirs (delete from source after copying).
/A+:[RASHCNET] Add the given Attributes to copied files.
/A-:[RASHCNET] Remove the given Attributes from copied files.
/CREATE CREATE directory tree and zero-length files only.
/FAT Create destination files using 8.3 FAT file names only.
/256 Turn off very long path (> 256 characters) support.
/MON:n MONitor source; run again when more than n changes seen.
/MOT:m MOnitor source; run again in m minutes Time, if changed.
/RH:hhmm-hhmm Run Hours – times when new copies may be started.
/PF Check run hours on a Per File (not per pass) basis.
/IPG:n Inter-Packet Gap (ms), to free bandwidth on slow lines.
/SL Copy symbolic links versus the target.
/MT[:n] Do multi-threaded copies with n threads (default 8).
n must be at least 1 and not greater than 128.
This option is incompatible with the /IPG and /EFSRAW options.
Redirect output using /LOG option for better performance.

File Selection Options

/A Copy only files with the Archive attribute set.
/M Copy only files with the Archive attribute and reset it.
/IA:[RASHCNETO] Include only files with any of the given Attributes set.
/XA:[RASHCNETO] eXclude files with any of the given Attributes set.
/XF file [file]… eXclude Files matching given names/paths/wildcards.
/XD dirs [dirs]… eXclude Directories matching given names/paths.
/XC eXclude Changed files.
/XN eXclude Newer files.
/XO eXclude Older files.
/XX eXclude eXtra files and directories.
/XL eXclude Lonely files and directories.
/IS Include Same files.
/IT Include Tweaked files.
/MAX:n MAXimum file size – exclude files bigger than n bytes.
/MIN:n MINimum file size – exclude files smaller than n bytes.
/MAXAGE:n MAXimum file AGE – exclude files older than n days/date.
/MINAGE:n MINimum file AGE – exclude files newer than n days/date.
/MAXLAD:n MAXimum Last Access Date – exclude files unused since n.
/MINLAD:n MINimum Last Access Date – exclude files used since n.
(If n < 1900 then n = n days, else n = YYYYMMDD date).
/XJ eXclude Junction points. (normally included by default).
/FFT Assume FAT File Times (2-second granularity).
/DST Compensate for one-hour DST time differences.
/XJD eXclude Junction points for Directories.
/XJF eXclude Junction points for Files.

Retry Options

/R:n Number of Retries on failed copies: default 1 million.
/W:n Wait time between retries: default is 30 seconds.
/REG Save /R:n and /W:n in the Registry as default settings.
/TBD Wait for sharenames To Be Defined (retry error 67).

Logging Options

/L List only – don’t copy, timestamp or delete any files.
/X Report all eXtra files, not just those selected.
/V Produce Verbose output, showing skipped files.
/TS Include source file Time Stamps in the output.
/FP Include Full Pathname of files in the output.
/BYTES Print sizes as bytes.
/NS No Size – don’t log file sizes.
/NC No Class – don’t log file classes.
/NFL No File List – don’t log file names.
/NDL No Directory List – don’t log directory names.
/NP No Progress – don’t display percentage copied.
/ETA Show Estimated Time of Arrival of copied files.
/LOG:file Output status to LOG file (overwrite existing log).
/LOG+:file Output status to LOG file (append to existing log).
/UNILOG:file Output status to LOG file as UNICODE (overwrite existing log).
/UNILOG+:file Output status to LOG file as UNICODE (append to existing log).
/TEE Output to console window, as well as the log file.
/NJH No Job Header.
/NJS No Job Summary.
/UNICODE Output status as UNICODE.

Job Options

/JOB:jobname Take parameters from the named JOB file.
/SAVE:jobname SAVE parameters to the named job file.
/QUIT QUIT after processing command line (to view parameters).
/NOSD NO Source Directory is specified.
/NODD NO Destination Directory is specified.
/IF Include the following Files.



Submit a Comment

