Can't copy folder with permissions to NAS share

Question

I wrote a powershell script that changes the ACL of a network folder. We used to run this script on local drives and on a network share just fine. Recently, we migrated to Windows Server 2019 and within another local datacenter and received a new NAS share. Now, this ps1 script fails when we want to set the new ACL with the Set-Acl command. We still don't have an idea why this happens and what's different with the new NAS.

However, I can use the same code to create and modify folders in the new Windows Server on a local directory. My idea was to create the folder locally, then assign an AD group with the permissions (ReadandExecute, Write) to the folder and then move it to the network share.

So, creating and modifying works just fine. After the modification, my new AD group has Read, Execute and Write permissions. But I'm still failing to move the folder to the Network share.

Here's what I tried so far:

• When I move the folder within the local directory, the permission of the AD group will persist, e.g. using

Move-Item -Path D:\pathsimulation\non_prod\testfolder -Destination D:\Temp -Force

• But I move the folder to the NAS, the AD group is removed from the folder permission. Used command:

“Move-Item -Path D:\pathsimulation\non_prod\testfolder -Destination T:\somefolders\in_data\non_prod -Force”

So I tried it with robocopy.exe as well: • When using robocopy.exe as a copy tool, the folder is not moved at all. The following command was used:

$sourcePath = "D:\pathsimulation\non_prod\testfolder"
$destinationPath = "T:\somefolders\in_data\non_prod"

Robocopy.exe $sourcePath $destinationPath /E /COPYALL /DCOPY:DAT /LOG+:D:\RobocopyLog.txt 

Results: o the folder is not moved to the NAS share o Within the log file (D:\RobocopyLog.txt), you can see that the folder was skipped:

Within the log, no error is listed.

Lastly, I tried to use xcopy. Here, I am getting an error when trying to copy to the NAS:

xcopy D:\pathsimulation\non_prod\testfolder T:\somefolders\in_data\non_prod /O /X /E /H /K
0 File(s) copied
xcopy : File creation error - A required privilege is not held by the client.
At line:1 char:1
+ xcopy D:\pathsimulation\non_prod\t...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (File creation e... by the client.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
Unable to create directory - T:\somefolders\in_data\non_prod

When I run this command to move the file to a local destination, I don't get this priviledge error, but the folder is also not moved:

xcopy "D:\pathsimulation\non_prod\testfolder" "D:\Temp" /X /H /E /V
0 File(s) copied

I don't know what else I can do. It feels like the new NAS is somehow different. Do you have any other idea, what I could do?

Answer 1

I managed to find another way to set the necessary permissions since this was the root issue. We are now using the icacls command which does not produce any error on our new NAS share:

$user = $adgroup
#$string = '"'+$user+':(OI)(CI)(IO)(F)"' #this is for full access
$string = '"'+$user+':(OI)(CI)(W,RX)"'  #provide Write, ReadandExecute permissions
icacls 'T:\somefolders\in_data\non_prod\thefolder' /q /c /t /grant:r $string

Works great now, on local directories as well as on the NAS.