Error reading security values for file. Security values will not be compared or copied. Access is denied.

When running a Job, Schedule or Real-Time Monitor, you receive the following:

Warning: Error reading security values for file. Security values will not be compared or copied.

Access is denied. ([AGENTNAME]PathToFile)

This message occurs when you have configured SureSync to copy NTFS security objects. In order to copy these, the account SureSync is using must be able to read the security objects on the folders and files.

Resolution

This error is a permissions issue for the file or file mentioned in the error. Ensure that the account SureSync is running under is an Administrator on the machine and has Full Control to the files. The account used for accessing the files can be determined by:

  • If you're using the Communications Agent, each machine has it's own user account defined. Launch the SureSync Desktop, click on Home, click on Communications Agents and finally Configure Communications Agents. Click on the Computers tab and select the machine in question from the drop-down. The user account for that machine will be listed.
  • If you're synchronizing via UNC path, the account used is the account defined for the agent you're referencing the UNC path with. Generally speaking, this is the local agent on the SureSync machine. You can also define an account for the individual UNC path. This is done by clicking on the Job and going to the Root Paths tab. Click on the UNC path, click Edit, then click on the Options tab. If an account is listed under "User ID for UNC Path Access," this account is used.

If you are copying auditing and ownership, the account needs the advanced user rights to "Manage auditing and security log" and "Take Ownership of files and other objects." Generally, administrator accounts should already have these rights. These rights can be configured in the Local Security Policy MMC under Local Policies | User Rights Assignment.

Once the permission issue has been corrected, you must trigger the file to be processed again. You can right click on a Schedule or Real-Time Monitor in the SureSync Desktop and select "Re-scan Files." This will rescan the entire tree and resolve any differences. You can also right click on a running Job and select "Re-scan files" to be prompted to scan a specific subfolder.

Also, it is important to note that by default SureSync only copies security when copying a file. This means the file has to change for security to be copied. On the "Copy Security" tab of a Rule are options for "Copy folder security objects to existing folders" and "Copy file security objects even if the file is not copied" if you want security compared and copied more frequently. These options do introduce additional overhead to the process.