In addition to SMB share duties for my media files, I'd like to keep my Windows Library folders mirrored to my TrueNAS Core box as a backup. However, while playing with robocopy today I got jammed up trying to copy NTFS permissions with an "ERROR 5 (0x00000005) Copying NTFS Security to Destination File XXX Access is denied."
As it stands I've "shadowed" the local user account on my Windows 10 machine in TrueNAS and ticked the Windows Authentication box when creating that user. That user and its group owns the dataset, share permissions are wide-open. In fact, dataset permissions are wide open as well, Full Control for Everyone!
As a test, I robocopied with /COPY:DAT and then re-applied dataset permissions and then was able to copy the NTFS permissions with /COPY:DATSO, but can see the resulting ACEs have had my local machine name replaced with the TrueNAS NETBIOS name. I mean, what else would it do right?
Anyways, if say my local data harddrive on my standalone Windows box fails and I just want to be able to robocopy the data back across the network to a new disk and have original NTFS security preserved, do I just need to bite the bullet, setup AD, and join this thing to the domain?
I am about to spin up a bare metal install of Windows Server for Blue Iris anyways, so it wouldn't be the end of the world to provision it as a domain controller as well.
If AD is the way to go, will TrueNAS authenticate access to the share if the domain controller is down? I know you can cache credentials for local login on computers in the AD, is the same possible with TrueNAS? Don't want to hamstring myself here.
If I'm just missing something obvious, what is it? Should I expect to be able to copy NTFS permissions from my standalone Windows Machines? Should I care for my use case?
As it stands I've "shadowed" the local user account on my Windows 10 machine in TrueNAS and ticked the Windows Authentication box when creating that user. That user and its group owns the dataset, share permissions are wide-open. In fact, dataset permissions are wide open as well, Full Control for Everyone!
As a test, I robocopied with /COPY:DAT and then re-applied dataset permissions and then was able to copy the NTFS permissions with /COPY:DATSO, but can see the resulting ACEs have had my local machine name replaced with the TrueNAS NETBIOS name. I mean, what else would it do right?
Anyways, if say my local data harddrive on my standalone Windows box fails and I just want to be able to robocopy the data back across the network to a new disk and have original NTFS security preserved, do I just need to bite the bullet, setup AD, and join this thing to the domain?
I am about to spin up a bare metal install of Windows Server for Blue Iris anyways, so it wouldn't be the end of the world to provision it as a domain controller as well.
If AD is the way to go, will TrueNAS authenticate access to the share if the domain controller is down? I know you can cache credentials for local login on computers in the AD, is the same possible with TrueNAS? Don't want to hamstring myself here.
If I'm just missing something obvious, what is it? Should I expect to be able to copy NTFS permissions from my standalone Windows Machines? Should I care for my use case?
