Knowledgebase

How to Migrate a Windows Data Drive While Preserving NTFS Permissions, Ownership, and File Shares Using Robocopy

28 Jun 2026 General 0 views

Migrating a data drive on a Windows Server is a common task during storage upgrades, SSD migrations, disk replacements, or partition resizing. While copying files is straightforward, preserving NTFS permissions, ownership, auditing information, and ensuring uninterrupted user access is often the biggest challenge.

Many administrators mistakenly believe that copying files alone is enough. However, if NTFS Access Control Lists (ACLs), ownership, and auditing entries are not migrated correctly, users may receive "Access Denied" errors, applications may fail to open data files, and shared folders may become inaccessible.

Advertisement

This guide explains a proven method for migrating a data drive while preserving security settings and minimizing downtime.

Migration Scenario

Consider the following example:

  • Original data drive: 650 GB
  • New SSD: 450 GB
  • Data copied from the original drive to the new drive
  • Drive letters swapped after the copy
  • Goal: Preserve all NTFS permissions, ownership, auditing, and folder access while ensuring applications continue to work normally.

This approach is suitable for:

  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows 10
  • Windows 11

Why Simple File Copy Is Not Enough

Traditional copy methods such as Windows Explorer copy only:

  • Files
  • Folder structure
  • Basic attributes

They do not always preserve:

  • NTFS Permissions
  • Ownership
  • Auditing
  • Special Access Entries
  • Security Identifiers (SIDs)

As a result, users may lose access to folders even though all files appear to be present.

Step 1 – Copy the Data

Robocopy is Microsoft's recommended tool for large-scale file migrations.

Example:

robocopy E:\ D:\ /MIR /COPYALL /DCOPY:DAT /R:0 /W:0 /XJ /MT:16

This command copies:

  • Files
  • Folder structure
  • Attributes
  • Timestamps
  • NTFS Security
  • Ownership
  • Auditing

Step 2 – Synchronize Existing Security Information

If the destination drive already contains the copied files, synchronize only the security information.

Example:

robocopy E:\ D:\ /MIR /COPYALL /SECFIX /DCOPY:DAT /R:0 /W:0 /XJ /MT:16 /TEE /LOG:C:\ACLRestore.log

Important switches

Switch Purpose
/MIR Mirror source and destination
/COPYALL Copy all file information
/SECFIX Repair security information on existing files
/DCOPY Copy directory timestamps and attributes
/MT:16 Multi-threaded copy
/R:0 No retries
/W:0 No waiting
/XJ Ignore junction points
/TEE Display output while logging
/LOG Save detailed log

Understanding Robocopy "Modified"

Many administrators panic when they see:

100% Modified

This usually indicates that Robocopy updated:

  • NTFS permissions
  • Ownership
  • Auditing
  • Attributes
  • Timestamps

It does not necessarily mean that file contents were copied again.

Reading the Robocopy Summary

A successful migration typically ends with a summary similar to:

Total       Copied    Skipped    Mismatch    FAILED

Directories
Files
Bytes

FAILED : 0
Mismatch : 0

What each value means

FAILED = 0

No files failed during migration.

Mismatch = 0

No differences remain between source and destination.

Copied

Security or metadata was synchronized.

Skipped

Files were already identical.

Common icacls Backup Issues

Administrators often try:

icacls E:\ /save ACL_Backup.txt /T /C

While this works in most environments, problems may occur with:

  • Very long file paths
  • Unicode filenames
  • Deleted files during scanning
  • Junction points
  • Legacy application folders

Typical errors include:

The system cannot find the path specified.

These errors generally affect only a small number of files and do not necessarily indicate a failed migration.

Why Users Cannot Open the Root of the Drive

A common concern after migration is:

  • Users cannot open D:

  • But users can access D:\DATA
  • Users can open D:\Shared
  • Applications work normally

This behavior is usually intentional.

Many servers restrict the root of the data drive to:

  • SYSTEM
  • Administrators
  • Specific administrative accounts

Users receive permissions only on the folders they require.

This improves security by preventing users from browsing unrelated data.

Verify Permissions

Compare permissions using:

icacls E:\

and

icacls D:\

Verify important folders:

icacls D:\DATA
icacls D:\Projects
icacls D:\Applications

Test Before Removing the Old Drive

Always verify:

  • Open shared folders
  • Create files
  • Rename files
  • Delete files
  • Open business applications
  • Confirm database access
  • Verify mapped drives
  • Test user permissions

Only after successful testing should the original drive be removed.

Export SMB Share Configuration

Before formatting the old drive:

reg export "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares" C:\Shares_Backup.reg /y

Export the share list:

net share > C:\Shares_List.txt

These backups allow quick restoration if necessary.

Best Practices

  • Always keep the original drive connected until testing is complete.
  • Use Robocopy instead of Windows Explorer for large migrations.
  • Preserve NTFS permissions using /COPYALL.
  • Repair security using /SECFIX.
  • Verify important folders manually.
  • Test with standard user accounts.
  • Keep a backup of SMB share configuration.
  • Perform a planned reboot after business hours (optional but recommended).
  • Remove the original drive only after successful production testing.

Conclusion

Migrating a Windows data drive is much more than copying files. Preserving NTFS permissions, ownership, auditing information, and SMB shares is essential for maintaining application functionality and uninterrupted user access.

Robocopy provides a reliable, enterprise-grade solution for synchronizing file security while minimizing downtime. By validating permissions, testing user access, and verifying business applications before decommissioning the original drive, administrators can perform storage upgrades safely and confidently without disrupting production workloads.

 

#WindowsServer #Robocopy #NTFS #ACL #Permissions #FileServer #WindowsAdmin #SystemAdministrator #ITSupport #StorageMigration #DataMigration #Windows2019 #Windows2022 #Windows2016 #Windows11 #Windows10 #SMB #SharedFolders #ServerMaintenance #EnterpriseIT #Infrastructure #SSDUpgrade #DiskMigration #FilePermissions #FolderPermissions #Ownership #Security #Audit #RDS #RemoteDesktop #PowerShell #CMD #Microsoft #Backup #DisasterRecovery #ITInfrastructure #DataProtection #ServerUpgrade #TechGuide #WindowsTips #ITProfessional #Storage #Networking #SysAdmin #FileCopy #Migration #WindowsSecurity #ServerManagement #Filesystem #TechTutorial

Windows Server migration Robocopy COPYALL SECFIX NTFS permissions ACL Access Control List icacls Windows Server 2019 Windows Server 2022 Windows Server 2016 Windows 11 Windows 10 file permissions folder permissions ownership auditing secu
Was this article helpful?
Advertisement