ERROR 1307 (0x0000051B) - While copying with Robocopy - None of the known sollutions work

2

I'm trying to copy a folder from one harddrive to another using the folowing robocopy options:

robocopy "H:\Source" "T:\target" /E /COPY:DATSO /R:1 /W:1 /DCOPY:T /Z /LOG:T:\Belfirst_copy.log /NP 

For files where the owner is not the Administrator, but some specific domain user, i get the following error:

ERROR 1307 (0x0000051B) Copying NTFS Security to Destination Directory T:\target\...(a lot of files/dirs)
This security ID may not be assigned as the owner of this object.

I have tried all the proposed solutions i could find:

  • Give the Domain user i'm logged in with, and running the script as, full access to the source, and target directory.
  • Give the Domain user i'm logged in with, and running the script as, the "Restore files and directories" priviledge.
  • Run as administrator
  • Run as a bat file
  • Log off and log on again and retry
  • use the /B option
  • Try without the /COPY:S option

For obvious reasons copying without the /COPY:O option solves the problem. But that beats the purpose of course.

What am i missing?

Platform: Windows Server 2008 R2

(This is highly related to "Robocopy failure with Windows Server 2008 Scheduled Task", but i don't have enough reputation yet to add a comment there.)

windows-server-2008
filesystems
robocopy
asked on Server Fault Dec 5, 2013 by Wouter • edited Apr 13, 2017 by Community

2 Answers

1

I also had this trouble. I wrote a batch file to robocopy the current logged in user and copy all his profile folder to a network shared location. Using variables and this combination of switches every folder copied without an errors. A command has to be created for each individual folder, but it works. You may have to give the user permission to create a folder in the network share, or create it prior to first time backup.

robocopy "%HOMEPATH%\FOLDER" "\SERVER\NETWORK_SHARE\%USERNAME%\FOLDER" /s /mir /zb /b /copy:dat

answered on Server Fault Apr 8, 2014 by Admin_Retro_Ray
1

Normally, you can only acquire NTFS ownership of filesystem objects for yourself. You cannot set the ownership to a third person. (This prevents users from e.g. storing compromising or incriminating data under the ownership of another, unsuspecting person.)

There is a "restore files and directories" privilege in the security policy. Microsoft states:

This security setting [...] determines which users can set valid security principals as the owner of an object.

Apparently, you need this privilege to copy ownership. Robocopy must run in a security context that allows setting ownership to arbitrary principals.

By default, local administrators have this privilege:

By default, this right is granted to the Administrators, Backup Operators, and Server Operators groups on domain controllers, and to the Administrators and Backup Operators groups on stand-alone servers.

(The "restore files and directories" privilege is part of the policy. You may need to log off and on again for it to become effective.)

answered on Server Fault Feb 9, 2019 by ManuelAtWork

User contributions licensed under CC BY-SA 3.0