Is there anyway to move/replicate folders that you don't have permissions for, without touching the security permissions?
In particular i'm trying to copy the "users" folder from one windows server (DC) to another. When a user is created the user itself is owner of its folder and policy demands that administrators can't access these.
Last time i did this i just used DFS to replicate the folders over, which works, but it's a bit messy.
How do you guys manage user migration?
When I last had to accomplish something similar, I used XCACLS to modify the current permissions on the folder (/e edits instead of replaced ACL) to give you full control. You can then move the folder and then remove your own permissions.
Alternatively, you can use the get-acl and set-acl cmdlets in powershell to get a permission set: $oldPermissions = get-acl "C:\users\folder", edit the permissions to move and then use set-acl to reapply the old permissions to the folder at the new location
Both of these, however do involve editing permissions.
Other options include:
If you really are in a Jam, you can just create the new folder structure, point the users at it and then give them a link (mapped drive, UNC in an email etc) to the old box to grab a copy of any data they need/want on the understanding that you're killing the old server in x weeks time.
PsExec -i -s -d CMDand thenrobocopy "x\dir" "y\dir" /copyall /S /E /R:0 /W:30 /DCOPY:T > C:\log.txtbut it didn't work. It seems not even system can touch user folders.nt authority\system? Can you enter the user folders withcd c:\users\...?nt authority\system ID: S-1-5-18and yes i can enter the users folders (which i can't in a normal administrator run CMD window). but still get "Access is denied." when i try to robocopy the userfolders... strange