> ROBOCOPY source destination /MIR /SEC
Robocopy fails to mirror file permissions – but works for folder permissions.
This behaviour is by design. Robocopy focuses on copying just files that have changed (in size or modified date, by default). If a file looks like it has changed, Robocopy copies its data and, if you specified copying security as well, copies NTFS ACL from source to target after copying the data. If a file looks like it has NOT changed, Robocopy by default skips it, and copies nothing for the file, not even its security info.
When I wrote the “security copy” part of Robocopy on 22 May 1997, I chose to do this for performance reasons, to keep Robocopy times for large trees down. This was an adequate implementation for most peoples’ needs at the time. Also, another reason I chose to do things the way I did, is that setting security on directories is sufficient for most people. Setting security on a file-by-file basis is a more granular approach, for sure, but incurs a larger maintenance overhead, perhaps too much for many users.
Therefore, the solution listed as a workaround posted by Martin Zugec (MVP) is precisely what needs to be done in this situation, and this behaviour is expected:
> ROBOCOPY /Mir <Source> <Target>
> ROBOCOPY /E /Copy:S /IS /IT <Source> <Target>
The first Robocopy command above will copy data and security for files that have been updated, and the second Robocopy command will refresh file security for all files, without copying any file data.
If using a Resource Kit version of Robocopy, and wanting to keep security synced between two trees where the data is fairly static, but security is updated now and then. In fact, the “Copying NTFS Security Information” section of Robocopy.doc (from the Resource Kits) states:
“To refresh security information for existing destination files and directories without copying file data, use the /IS switch together with the /COPY switch without the D flag. For example /IS /COPY:SOU would refresh all security information for all selected files, without copying any file data.”