Group Policy / Robocopy question

[gyan1010]

I wrote a small script to call microsoft's robocopy tool, and have it copy a directory on a network drive, and all of its sub directories and files, into a folder in the program files directory of the local computer. Then I set this script to run at computer start up from group policy. This being a computer setting not a user one, means it should run as the domain computers group which I believe has same rights as the system user. Anyway, the script runs and all of the folders get copied and created, but the files inside the folders fail. The robocopy log says the file failed to copy because "ERROR 1314" which is "A required privilege is not held by the client". Thing is I wrote the log so that it creates itself on the C:\ drive, so if it could write the log file. Why can't it write the copied files to the proper program files directory?

Also, if its not a permissions error on the local machine but a read error from the network drive, then how did it read all of the folder an file names, and why was it able to copy all of the folders but not the files? Plus we set everyone to have read/exec permissions on that folder on the network drive.

Oh and I forgot to mention that the exact same script works just fine when run manually when logged on the computer. When run from group policy however, only the folders get copied, not the files.

Anyone have any ideas?

-Shawn

[JedMeister]

I'm not sure if I can help but here's my 10c worth.

I could be wrong but I thought that a local computer (ie in the case of start-up scripts) only operate with System privileges locally. At a domain level, I thought they just have the privileges of a domain user. This doesn't explain why you can copy the folders but not the contents. Still, the first step I would take would be to give the computer(s) explicit permission to access the folders, sub-folders & files (on the server). Obviously, apply the explicit permissions to the same OU (as you did for your start-up script in Group Policy) if it applies to multiple PCs.

Hope that works for you!