I have a full drive to move to another partition.
The problem is that the design was poorly funded and now, we have to deal with lots and lots of different users accessing via SMB and applying their own permissions on their folders.
In order to backup, I see robocopy has a /b switch, which uses the backup mode.
AFAIK: Backup mode applies to those users who have the setting "enabled" when they run "whoami /priv" on the SeBackupPrivilege and SeRestorePrivilege settings.
I've been trying to modify my user's setting via GPO but it does not seem to sort any effect!
Can anyone shed some light on this issue?
Truth is that ever since I started using the /b switch, the backup seems to run better and does not give me so many access errors (it actually does not output any)
Windows – Acess windows files with SeBackupPrivilege and SeRestorePrivilege
access-control-listrobocopywindows
Related Topic
- Windows Group Policy – Troubleshooting Windows Group Policy Permissions
- Server 2008 robocopy access denied to user folders + /B error I don’t understand
- Linux – Robocopy exclude directory in recursive file structure
- Robocopy /xd with wildcards and sub-paths
- Robocopy – Error 50 Accessing Destination Directory: How to Fix
Best Answer
In order to allow robocopy to use backup privilege, you must be an administrator (or see below) and you must run robocopy from an elevated command line window.
To open an elevated command line window, type
cmd
in the Start Menu and then pressSHIFT-CONTROL-ENTER
instead of justENTER
, or choose the "Run as administrator" option. Depending on how Windows is configured, you may be prompted to confirm that you want to proceed, or you may need to re-enter your account details.If you are an administrator, you automatically have backup and restore privileges, unless your system configuration has been changed in an unusual way.
It is possible to explicitly grant a user account just backup and restore privilege rather than full administrator privilege. Traditionally, nobody bothers, because backup and restore privilege is "equivalent" to administrator privilege, in that a malicious user could easily leverage backup and restore privilege to obtain administrator access. (There may be some marginal security benefit in that a virus might not be programmed to take advantage of this situation, but generally speaking it isn't worth it IMO. Just have a separate admin account and use it when you need to perform this sort of operation.)
If you choose to do it this way, however, you must still open an elevated command window in order to take advantage of the privileges. In this scenario, you will always be prompted for a username and password.
You can confirm that this has worked using the
whoami /priv
command as mentioned in the question, but you should ignore the State column. IfSeBackupPrivilege
andSeRestorePrivilege
appear in the list of privileges, then they are available to the robocopy command even if the State is shown as Disabled. Robocopy will enable the privileges automatically when you use the/b
option. If you do not have the privileges, they will not appear on the list at all.