Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
How to Restore Files with uncommon NTFS permissions
설명
When performing a file level restore, you note that you are able to browse the recovery point but the folders you intend to restore are protected with very specific NTFS permissions. You cannot even take ownership of the folders to be restored despite using an administrative account and the "Paste with Permissions" option fails as well with a permissions related error message. Please see below for options to work around the permissions issues.
해결 방안
There are a few possible approaches to address this issue.
Permissions:
Log on as one of the accounts permitted to access the data in the folder to be restored. (Adding your account to the group containing that account may or may not work, depending on the actual permissions on that folder).
Alternatively, you may log on on a different computer with an account with appropriate permissions and access the folder to be restored in the mounted recovery point on the Core.
This may not be possible for a variety of reasons (i.e. you do not have the password, the user is not in Active Directory anymore or the Core and the protected server are on different domains).
Local Mount Utility (LMU):
On the machine you are restoring the files too, download and install the LMU version that matches your Core build.
Add the Core you are restoring from, using specific credentials with Administrator permissions for that Core.
Mount the recovery point and restore files locally. As you are logged into the server as domain and / or local administrator you will have permissions needed to restore the file.
Unblock (if blocked) and extract PsExec.exe to a local folder.
Open an elevated command prompt and change directory to the directory containing PsExec.exe.
Enter the following command, psexec –i –s cmd.exe.
The PSExec License Agreement will pop up, click Agree when prompted.
A new CMD will open and run as SYSTEM.
Type explorer and press Enter, a new File Explorer opens. Since it was launched from a command window running under the SYSTEM account, it will run under the SYSTEM account as well.
Attempt to change permissions on the folders to restore.
Takeown command line utility:
If Impersonating the System Account fails, you may use the takeown command utility.
Please make sure that you are logged in with Administrative credentials and open an elevated command prompt.
Enter the following command, takeown /f /r /d y and press Enter. For example takeown /f C:\Mountpoints /r /d y.
Parameters equal:
/f: File or folder path
/r: Recursive
/d y: Default answer is Yes.
Once you take ownership you may change the permissions on the files to be restored as needed.
However, in some situations you cannot enable inheritance and you have to change the the file permissions on each file manually.
Unpack the .zip archive and copy the 64 bit version located at SetACL (executable version).zip\SetACL (executable version)\64 bit\setacl.exe to a folder of your choice, for instance c:\temp.
Open an elevated command prompt and change directory to the location of SetAcl.exe file
NOTE: that in some cases you may NOT be able to take ownership of the folder. In the unlikely situation this happens, please use the takeown.exe utility as shown at #3
Apply permissions for yourself on all files to be restored so you can copy them in bulk.
SetAcl is a powersful and complex application and explaining the parameters above is outside of the scope of this KB. Documentation and examples are maintained at http://helgeklein.com. The usage reference can be found here. Please note that setacl.exe is very fast and acts recursively and as such it is a good choice to change permissions on files and folders for very large file restores.