Robocopy

Robocopy is a useful tool that can be leveraged to copy files and folders from one location to another (e.g. Over the network to another server) without losing file and folder ACLs (permissions / ownership data).

Run as Domain Admin

When you run Robocopy, especially when transferring data across the network to another remote server, you need to be sure to run the command prompt under the session of a domain admin. Secondly, it needs to be ran as an administrator to ensure the command is successful. This can be done by going to the start menu and typing "Command Prompt" > Right Clicking > "Run as Administrator" while logged in as a domain administrator.

An example of using Robocopy is below, with a full breakdown: 

robocopy "E:\Source" "Z:\Destination" /Z /B /R:5 /W:5 /MT:4 /COPYALL /E

  • robocopy "Source" "Destination" : Initiates the Robocopy command to copy files from the specified source directory to the designated destination directory.
  • /Z : Enables Robocopy's restartable mode, which allows it to resume file transfer from the point of interruption once the network connection is re-established.
  • /B : Activates Backup Mode, enabling Robocopy to override Access Control Lists (ACLs) and copy files regardless of the existing file or folder permissions.
  • R:5 : Sets the maximum retry count to 5, meaning Robocopy will attempt to copy a file up to five times if the initial attempt fails.
  • W:5 : Configures a wait time of 5 seconds between retry attempts, providing a brief pause before trying to copy a file again.
  • /MT:4 : Employs multi-threading with 4 threads, allowing Robocopy to process multiple files simultaneously, each in its own thread.
  • /COPYALL : Instructs Robocopy to preserve all file and folder attributes, including security permissions, timestamps, and ownership information during the copy process.
  • /E : Directs Robocopy to include all subdirectories in the copy operation, ensuring even empty directories are replicated in the destination.

Usage of Administrative Shares

Whenever dealing with copying data from one server to another, try to leverage "Administrative Shares", also referred to as "Default Shares". These exist in such a way that, if the server exists in a Windows-based domain, you can type something like \\SERVER\C$ or \\SERVER\E$ to access files and bypass most file access restrictions (ACLs). This generally only applies to read-access, write-access may be denied in some circumstances.

An adjusted example can be seen below to account for this usage.
This example assumes you are running robocopy from the destination computer. Remember: You are always PULLING data with administrative shares, not pushing it, the source should be the administrative share, and the destination should be local (in this example). There are scenarios where you can move data between two network shares, but its best (and cleaner) to always have a remote/local relationship in the transfer. 

robocopy "\\SERVER\E$\SOURCE" "E:\DESTINATION"  /Z /B /R:5 /W:5 /MT:4 /COPYALL /E