Showing posts from December, 2014

NTFS Security Issue on Windows 2012 for members of the Administrators Group

I've been migrating some large file servers from a customer's environment into a service provider's cloud.  Instead of just transferring the VMs (which would literally take weeks in some cases), we've provisioned new VMs and are replicating the data.  Then, during an outage window, we do a differential copy, shut down the old server and give the old server's name to the new server.  This also has the benefit of allowing us to get all of those older file servers up on Windows 2012 R2, so it's a win-win.  Well, mostly.

One of these file servers has some very strict NTFS permissions due to the presence of sensitive data.  In this case, the only permissions on the folder were a Full Control for the Domain Admins and a Full Control for the group who owns the data (we'll call them the Finance Department).  We used good old Robocopy (taking advantage of the new /MT switch to multithread it for added performance!) to copy the data and all permissions from the old s…