Re: Finding Restrictive SubFolder Permissions when migrating NT4 data

---

• From: "Herb Martin" <news@xxxxxxxxxxxxxx>
• Date: Tue, 10 Jan 2006 15:59:31 -0600

---

"ZoFo" <ZoFo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CE660BA2-D898-417F-B7EF-63AF07DC4444@xxxxxxxxxxxxxxxx
> We are migrating lots of shared data (100+ sites, 50+ GB per site) from
> Legacy NT4 servers to an existing W2K Domain.
> The W2K servers have a common folder structure across the estate and those
> shared data folders are permissioned with inheritance to allow
> administrative
> access.
> We have seen some instances where subfolders in the NT4 data have
> different
> or restrictive permissions ie:
>
> d:\shared\sales Group "Sales" has RW
> d:\shared\sales\Mangers Group "SalesMgt" has RW, but "Sales"
> has R
>
> So when we migrate the data and inheritance is on, the Sales Group will
> inherit RW to the subfolder...
>
> While there is no way of preventing this we do need to identify it and
> then
> migrate the Managers folder somewhere else...

Sure there is. Migrate the existing permissions using something
like the /o switch in XCopy.

> Any ideas how to find these different folders???

Or copy the previous permissions with something like SetACL
(from sourceforge), substitute any changes (group names etc.)
and reply them from the captured SetACL file/script.

You can also use SubInACL (from Reskit) to correct Security
Principals if you migrate the "old permissions" directly to the
new server with tools like XCopy /o.

FYI: /o represents OWNER, but copies all of the SID and
ACL lists (/s for security or /p for permissions. etc were
already used for other purposes)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


.

---

• Prev by Date: Windows 2000 domain upgrade Windows 2003
• Next by Date: Re: Migrating Active Directory fom Win2000Srv to Win2003Srv standard
• Previous by thread: Windows 2000 domain upgrade Windows 2003
• Next by thread: RE: Business Case for Novell to MS migration
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Shared folders not visible from one PC on network ... >We have an NT Domain with NT and W2k Servers and XP clients. ... >setting the permissions is to allow the required NT groups Full Contol ... >Share level permissions to a shared folder. ... Can other servers be seen / accessed from the problem computer, ... (microsoft.public.windowsxp.network_web) Re: Export NTFS Permissions on parent folder and sub folders ... > I'm planning to migrate two Windows NT Domain to a single Windows 2003 ... Then permissions will take care of themselves. ... > permission on the shared folder permissions one server at a time. ... > permissions for all the servers in the entire domain. ... (microsoft.public.windows.server.migration) Re: User unable to open Word Document on Network ... NTFS permissions to be reapplied to the folder. ... We have a mix of Win2k servers and Win NT4 servers. ... >>> to a network folder where MS Word files reside. ... (microsoft.public.win2000.security) File Permissions and UMask in a public access folder ... Just a newbie file permissions issue, I come from a Netware and Windows ... I have created a folder under /usr for shared data, ... how do I make sure all files and folders in this SharedData folder inherit ... (alt.os.linux.suse) Re: File Permissions and UMask in a public access folder ... I have created a folder under /usr for shared data, and set the permissions ... how do I make sure all files and folders in this SharedData folder inherit ... (alt.os.linux.suse)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)