Link to home
Start Free TrialLog in
Avatar of annexit
annexitFlag for United States of America

asked on

Exporting folder share and security permissions

I'd like to start backing up network share & security permissions in addition to the data itself.  Is there a method via script that I can use to automate the export of both the folder share permissions and security permissions to a text file?

Thanks in advance.
Avatar of MessHallMan
MessHallMan
Two different options - Robocopy comes with the windows resource kit and can be configured to copy the security permissions to the new location.

There is also a product called SecureCopy from Script Logic that can be purchased to perform these copies.

http://www.scriptlogic.com/Products/securecopy/
Avatar of MessHallMan
MessHallMan
Sorry, I missed the text file part of the question.
Avatar of annexit
annexit
Flag of United States of America image

ASKER

I tried using Robocopy with the /COPYALL switch in log-only mode, but it only exports the file log and not the share/security permissions.  This leads me to believe that this will only work by actually copying the files/folders themselves, which won't work with my backup schema.

The text file, or .csv, or whatever, will work perfectly for us - if we can get it to work.  :)
Avatar of McKnife
McKnife
Flag of Germany image
Hi!
Try icacls (available since sp2 for server 2003)
--
icacls c:\windows\* /save AclFile /T
- Will save the ACLs for all files under c:\windows
and its subdirectories to AclFile.
--
Avatar of McKnife
McKnife
Flag of Germany image
Share permissions are stored in the registry, look at http://www.petri.co.il/save_share_settings_and_permissions.htm
Avatar of annexit
annexit
Flag of United States of America image

ASKER

Running 'net share' will give me half of the equation - the share names and sources.  It won't give me the security permissions for the sources, though, from what I can see anyway.

I want to ultimately automate this via script which is why the command line procedure works best for me.

I looked at the icacls tool and am a bit confused as to how to apply it to this particular situation.  For example, lets say my share is:

\\server\share
share permissions - domain users 'change'
security permissions - domain users 'read', domain admins 'full control'

How would I get the script command to export this info to a text file (or other readable format)?
Avatar of McKnife
McKnife
Flag of Germany image
if the folder behind \\server\share is d:\yourfolder then the command would be
icacls d:\yourfolder\* /save d:\AclFile_yourfolder.txt /T
--
d:\AclFile_yourfolder.txt reads as follows (i put a new textfile into that share):
New Text Document.txt
D:AI(A;ID;0x1301bf;;;AU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BO)(A;ID;0x1200a9;;;BU)
The share permissions are found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares and below in the registry. Can be exported via script with
regedit /a d:\shares.reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares"
d:\shares.reg can be restored simply by double clicking on it.
And the best is:
icacls d:\yourfolder\ /restore d:\AclFile_yourfolder.txt
will restore those NTFS permissions.
Avatar of annexit
annexit
Flag of United States of America image

ASKER

Sorry for the delayed response, I was sidetracked by other projects.

I ran the command:
icacls d:\yourfolder\* /save d:\AclFile_yourfolder.txt /T
as you suggested, and I get a .txt file that has an entry for every file in the folder tree, which is about 100,000 files.  I also don't see where it lists the security permissions on the folders, which is all that I need.
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial