annexit
asked on
Exporting folder share and security permissions
I'd like to start backing up network share & security permissions in addition to the data itself. Is there a method via script that I can use to automate the export of both the folder share permissions and security permissions to a text file?
Thanks in advance.
Thanks in advance.
Sorry, I missed the text file part of the question.
ASKER
I tried using Robocopy with the /COPYALL switch in log-only mode, but it only exports the file log and not the share/security permissions. This leads me to believe that this will only work by actually copying the files/folders themselves, which won't work with my backup schema.
The text file, or .csv, or whatever, will work perfectly for us - if we can get it to work. :)
The text file, or .csv, or whatever, will work perfectly for us - if we can get it to work. :)
Hi!
Try icacls (available since sp2 for server 2003)
--
icacls c:\windows\* /save AclFile /T
- Will save the ACLs for all files under c:\windows
and its subdirectories to AclFile.
--
Try icacls (available since sp2 for server 2003)
--
icacls c:\windows\* /save AclFile /T
- Will save the ACLs for all files under c:\windows
and its subdirectories to AclFile.
--
Share permissions are stored in the registry, look at http://www.petri.co.il/save_share_settings_and_permissions.htm
ASKER
Running 'net share' will give me half of the equation - the share names and sources. It won't give me the security permissions for the sources, though, from what I can see anyway.
I want to ultimately automate this via script which is why the command line procedure works best for me.
I looked at the icacls tool and am a bit confused as to how to apply it to this particular situation. For example, lets say my share is:
\\server\share
share permissions - domain users 'change'
security permissions - domain users 'read', domain admins 'full control'
How would I get the script command to export this info to a text file (or other readable format)?
I want to ultimately automate this via script which is why the command line procedure works best for me.
I looked at the icacls tool and am a bit confused as to how to apply it to this particular situation. For example, lets say my share is:
\\server\share
share permissions - domain users 'change'
security permissions - domain users 'read', domain admins 'full control'
How would I get the script command to export this info to a text file (or other readable format)?
if the folder behind \\server\share is d:\yourfolder then the command would be
icacls d:\yourfolder\* /save d:\AclFile_yourfolder.txt /T
--
d:\AclFile_yourfolder.txt reads as follows (i put a new textfile into that share):
New Text Document.txt
D:AI(A;ID;0x1301bf;;;AU)(A ;ID;FA;;;S Y)(A;ID;FA ;;;BA)(A;I D;0x1200a9 ;;;BO)(A;I D;0x1200a9 ;;;BU)
The share permissions are found at HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Lan manServer\ Shares and below in the registry. Can be exported via script with
regedit /a d:\shares.reg "HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\La nmanServer \Shares"
d:\shares.reg can be restored simply by double clicking on it.
And the best is:
icacls d:\yourfolder\ /restore d:\AclFile_yourfolder.txt
will restore those NTFS permissions.
icacls d:\yourfolder\* /save d:\AclFile_yourfolder.txt /T
--
d:\AclFile_yourfolder.txt reads as follows (i put a new textfile into that share):
New Text Document.txt
D:AI(A;ID;0x1301bf;;;AU)(A
The share permissions are found at HKEY_LOCAL_MACHINE\SYSTEM\
regedit /a d:\shares.reg "HKEY_LOCAL_MACHINE\SYSTEM
d:\shares.reg can be restored simply by double clicking on it.
And the best is:
icacls d:\yourfolder\ /restore d:\AclFile_yourfolder.txt
will restore those NTFS permissions.
ASKER
Sorry for the delayed response, I was sidetracked by other projects.
I ran the command:
icacls d:\yourfolder\* /save d:\AclFile_yourfolder.txt /T
as you suggested, and I get a .txt file that has an entry for every file in the folder tree, which is about 100,000 files. I also don't see where it lists the security permissions on the folders, which is all that I need.
I ran the command:
icacls d:\yourfolder\* /save d:\AclFile_yourfolder.txt /T
as you suggested, and I get a .txt file that has an entry for every file in the folder tree, which is about 100,000 files. I also don't see where it lists the security permissions on the folders, which is all that I need.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is also a product called SecureCopy from Script Logic that can be purchased to perform these copies.
http://www.scriptlogic.com/Products/securecopy/