Switching to Windows Server Essentials 2016 - how does one handle folder / file ownership and security...

[AndyD]

Whenever I reformat or upgrade in place, the old installation leaves behind accounts that are then recognized as "S1-..."  and the owner of the files is unknown.

 

These are files / folders on other drives.  Is there some specific way to handle the migration so these permissions / owner settings is handled in the process?  Or do I have to claim ownership after the fact manually for each that needs changing while removing the ghost entries.

Also network shares on folders - does it make sense to remove these

I've been doing this for years without really knowing if there is an appropriate way of handling

[TPreston]

If you do an upgrade to 2016 this wont happen. But when you wipe and load a DC you will have to reapply the security permissions the sid's no longer match even if the domain name is the same.

[AndyD]

I did an upgrade and saw the S1s and unknown owners.   I ended up having to image back to 2012 because of issues with my drives.  I'll likely try again in a few days and guess just manually go through the process.  I was wondering if there was a better way of handling it but doesn't seem like it's the case.

[Mando]

i get by it when migrating servers by using robocopy and the relative switches (Secfix etc) to copy the old ntfs perms over. Dont know if thats possible for you, is the 2016 server on the hardware that 2012 was?

 

If you are using the same shares, you can also extract the reg key from Lanmanager in the registry.

[AndyD]

Yeah, same hardware.  I'll give both a look.  Thanks!

[norseman]

  On 21/01/2017 at 21:17, Mando said:

i get by it when migrating servers by using robocopy and the relative switches (Secfix etc) to copy the old ntfs perms over. Dont know if thats possible for you, is the 2016 server on the hardware that 2012 was?

 

If you are using the same shares, you can also extract the reg key from Lanmanager in the registry.

Expand  

Robocopy is awesome. We were able to migrate 50+ TB from a Sun Thumper to an EMC Isilon 7 PB server with no permission issues. Made us pretty happy.

[Mando]

  On 22/01/2017 at 03:00, AndyD said:

Yeah, same hardware.  I'll give both a look.  Thanks!

Expand  

i can sort you with the switches to use, I kept a note of them at work, ill look them out. 

 

@norseman yep, as long as you remember the retry and wait switches, so if it cant manage a file or subdir, it will retry x amount of times after x amount of time, a total godsend combined with SECFIX etc. with Windows, i saved days of work by extracting the LANManager reg entries from the source file server and merged it into the registry of the new 2012 R2 server, so even the shares had the right perms  combined with robocopy, it saved literally 20 or so man hours.

 

@op due to it landing on same hardware, any way you could build a VM of the 2012 setup, run on a host and migrate your shares that way? as youll need both servers "alive" at the same time to use Robocopy.