Windows: Robocopy all files, share permissions and NTFS security attributes to new servers

Robocopy is the tool of choice for copying files between Windows machines. Not only does it compare files and copy what’s changed, it can copy all NTFS security permissions along with the files and folders as well. This is particularly important in high security environments where share permissions are just not enough, and administrators rely on security permissions to lock down access down to files or folders within a partition. The command below is what I used to copy 15TB of ACL based data to a new server:


With the above command you copy everything you specify from source server/disk to destination with all security information, and every time the command is run it will double check the permissions and modifies as necessary. It will also exclude the folders specified after /xd switch.

It is important to note that when you copy files to a Windows 2012 server, you may not have explicit security permissions to source folders and when you click on destination folder you will be asked to click continue to get access. This will alter destination folders’ security permissions, and will force robocopy to fix them during next sync. This will prolong the sync operation significantly. Therefore, if you need to run this command a few times till it is time to cut over to new server, do not view what is in those folders and force permission change until you are done. Simply run the command as many times as needed till it is time to migrate. Once you are on the new server then feel free to alter those permissions and fix what needs to be fixed.

To migrate shares to new server, simply export registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares and import onto the new server and reboot. All your shares will be active on the new server immediately.

Windows: Windows could not determine if this computer contains a valid system volume

It’s unbelievable that Windows Vista and 2008 Server are so dumb. As soon I connect a USB drive to my server and boot, it refuses to use my hard drive for a new OS install and gives me “Windows could not determine if this computer contains a valid system volume” error.

So, why did I have a USB drive connected? Because I wanted to setup a new Windows 2008 Standard Server for the office, but from home during my spare time. I HAD to have the drive connected in order to load my RAID drivers during install. I started playing around with different BIOS settings to see if I can get Winblows to install properly. Disabling USB controller was basically not an option. I looked at my boot sequence settings and my flash drive wasn’t even enabled, so I went ahead and enabled it, but moved it to down after my DVD drive and RAID controller. Tried again, no success. I was lucky that my high end RAID card had a boot partition feature… I created a boot partition, disabled USB and installed Windows.

Anyway… Rob commented with a simpler way which didn’t apply to my remote installation dilemma, but works for the rest (thank a lot, Rob). Remove the USB drive right after RAID drivers are loaded, wait a bit and then try to pick a partition for your OS. That works… the USB issue is something that keeps giving since I ran into another problem with Windows 7 RTM installation. You can check the “related articles” link at the bottom of the page.

Windows: Cannot add Active Directory Users and Computers snap-in in Windows XP 64 bit

AD Users and Computers, and a few other administrative snap-in’s are 32 bit components. To add those snap-in’s to your mmc you will have to run mmc with /32 switch.

In order to be able to save your console for future use and be able to access all 32 and 64 bit components, you need to save two copies. Run an instance using mmc.exe and the other mmc.exe /32, then save both with different names you can recognize.