File Restore on windows to new hardware NTFS ACLs wrong

Problem is restoring File based backup on new hardware/windows install, Urbackup restores the file/folder ACLs as it was on the old machine, which doesn’t have the same SIDs…and thus the new user on the new machine can’t access any restored files. Anyone have a better fix for this problem?

My server is using file based backups.

Here’s my standard workflow for data restore when I’m deploying a new machine

  • Setup new PC with same Windows ID (so it creates the same windows profile path)
  • Uninstall Urbackup client from old machine
  • Login to Urbackup server and disable File based backup
  • Re-download installer from Urbackup server for old machine
  • Install old client from old machine on new computer
  • Wait for Urbackup to reconnect to server
  • Restore folders in user profile
    Files are restored, but current windows server can’t access files so…
  • Have to manually change ownership on the c:\Users\username\ with recursive
  • Have to then change ACLs on folder to allow user access (desktop, docs, pics etc).

Now everything is working as expected.

Am I doing this the hard way? Is there an option I’ve missed that is something like: “Don’t restore NTFS ACLs during File Restore”?

Does someone have a script that will do this rather than my having to manually do it?


I’ve did it a few months ago, because that is an interesting part of a restore.

It worked as expected. ACLs have been restored. But I’ve started the restore from the server after recreating the machine from an image. After this, I’ve restored a big folder tree which is not included in the image.

I noticed there are at least 2 passes of a file restore process. First, the folders and files will be created, 2nd the ACLs will be restored, which took quite long. So check your server activities to be sure it has finished.



Hey thx for replying. I understand it’s a 2-phase process when you’re using the File based backup/restore system. Restore files, then restores old ACLs.

Problem is I don’t want to restore ACL’s sometimes. I’m restoring to a users profile (c:\users\username) and since it’s just a file-based restore I don’t want the old ACLs because the new user on the new computer has a different SID. When I do the restore of the files, all the folders start filling in with files…and then disappear on the new computer in the new user because ownership…and access is for the old user only, not the new user.

Here’s the .bat file you need to fix permissions

rem To use set first arg to PC name and 2nd arg to username
rem eg pc1 user1

set chown_pcname=%1
set chown_username=%2

takeown /s %chown_pcname% /u %chown_pcname%\%chown_username% /f "c:\users\%chown_username%\Desktop" /r /d Y
icacls "c:\users\%chown_username%\Desktop" /reset /T

takeown /s %chown_pcname% /u %chown_pcname%\%chown_username% /f "c:\users\%chown_username%\Documents" /r /d Y
icacls "c:\users\%chown_username%\Documents" /reset /T

takeown /s %chown_pcname% /u %chown_pcname%\%chown_username% /f "c:\users\%chown_username%\Downloads" /r /d Y
icacls "c:\users\%chown_username%\Downloads" /reset /T

takeown /s %chown_pcname% /u %chown_pcname%\%chown_username% /f "c:\users\%chown_username%\Favorites" /r /d Y
icacls "c:\users\%chown_username%\Favorites" /reset /T

takeown /s %chown_pcname% /u %chown_pcname%\%chown_username% /f "c:\users\%chown_username%\Music" /r /d Y
icacls "c:\users\%chown_username%\Music" /reset /T

takeown /s %chown_pcname% /u %chown_pcname%\%chown_username% /f "c:\users\%chown_username%\Pictures" /r /d Y
icacls "c:\users\%chown_username%\Pictures" /reset /T

takeown /s %chown_pcname% /u %chown_pcname%\%chown_username% /f "c:\users\%chown_username%\Videos" /r /d Y
icacls "c:\users\%chown_username%\Videos" /reset /T