Robocopy ignores file level permissions

I’ve noticed there’s a bunch of conflicting information about how robocopy works when it replicates files. This causes confusion to administrators who can’t work out why a bunch of files in a folder that have had inheritance removed, no longer receive ACL updates.

With the standard parameters, robocopy only checks the file contents when comparing if files have changed, which doesn’t include ACLs. This isn’t a problem on directories – The ACLs will be copied across as expected.

In order to have robocopy copy the ACLs for individual files across to the destination directory, you can run “robocopy /e /copy:s /is”.

This will copy security (/copy:s = copy security) for all files including in subdirectories (/e = everything) even if the file contents haven’t changed (/is = is same). It’s important to note that if you use /copyall or any other parameter that includes file contents, then the entire file contents will replicate (when using the /is parameter), so you’ll want to make sure that you don’t do this if you have a very large amount of data that you’re transferring over a WAN link, for example, and all that needs changing are ACLs.