Solved

How to reset permissions of files/shares from one computer to another

Posted on 2010-11-07
7
984 Views
Last Modified: 2012-05-10
We copied files from a dying server to a new server, and setup the same share structure. Unfortunately, none of the permissions where kept (they new files inherited permissions). Since the dying server is online, how can we copy permissions (both share and acl) only!!!!! We can't copy the files again, they are too large and the server is about dead.

Old server is 2003, new server is 2008r2
0
Comment
Question by:surfsideinternet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 3

Expert Comment

by:Suryanarayan Balakrishnan Iyer
ID: 34080812
How to Back Up and Restore NTFS and Share Permissions
This topic was originally posted to the AskDS blog and has been added to the wiki to allow for community editing.

From time to time we are asked how to backup and restore NTFS file system permissions as well as network share permissions. KB article 125996 talks about the network share piece of it, but it does not talk about NTFS permissions.

One thing that has made the NTFS permissions piece of this simpler is the Icacls tool. Icacls was developed for Windows Vista as a replacement for tools such as Cacls, Xcacls, and Xcacls.vbs. It was also included in Service Pack 2 for Windows Server 2003 and Windows Server 2008.

Backup and Restore of Share Permissions


To backup share permissions, export the Shares registry key.

1.Open Regedit to the following location:

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

2.Right-click the Shares registry key and select Export. Give it a file name such as shareperms.reg.
When you want to restore the permissions, double-click shareperms.reg to import it back into the registry.

Use the Reg tool to backup the registry key from the command line:

reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares shareperms.reg

If you need to restore it at some point, just run:

reg import shareperms.reg

Backup and Restore of NTFS Permissions


Use this command to backup NTFS permissions:

icacls d:\data /save ntfsperms.txt /t /c

The /T switch allows it to get subfolder permissions too. The /C switch allows it to continue even if errors are encountered (although errors will still be displayed).

Use this command to restore them:

icacls d:\ /restore ntfsperms.txt

Note that in the command to save the permissions, I specified the target folder D:\Data, but when I restored them, I specified just D:\ as the target. Icacls is a little funky like that, and here’s why.

If you open the text file with the exported permissions (ntfsperms.txt in the above example), you’ll see that Icacls uses relative paths (in bold below). Underneath the relative paths are the permissions for the folders in Security Descriptor Definition Language (SDDL) format.

data
D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)
data\folder1
D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)
data\folder2
D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)

Had I specified D:\Data in the command to restore the permissions, it would have failed looking for a D:\Data\Data folder:

D:\>icacls d:\data /restore perms.txt
d:\data\data: The system cannot find the file specified.
Successfully processed 0 files; Failed processing 1 files

You might think specifying D:\ as the target in the restore command may somehow mess up the permissions on other folders at that level, but as you can see from the ntfsperms.txt output file, it only has information about the Data folder and subfolders, so that is all it will change.
0
 
LVL 3

Expert Comment

by:Suryanarayan Balakrishnan Iyer
ID: 34080813
0
 

Author Comment

by:surfsideinternet
ID: 34080822
The first one requires coping the files over again, the second only works if your shared drive is the same (ie. both new and old shares are on Drive F:)
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 6

Accepted Solution

by:
bahige earned 500 total points
ID: 34080869
Robocopy is the solution for you but you need to test before actually running it.

You can get robocopy gui from here:
http://www.mydigitallife.info/2007/05/08/microsoft-robocopy-gui-free-download/

/SEC will copy permissions only

Also, the program will only copy over new or changed files so it won't copy files already copied.

This is what i most commonly run:
robocopy "C:\source" "d:\destination" /S /E /V /SEC /NP /LOG+:"D:\robocopylog.txt" /R:2 /W:3
/s copies subdirectories
/e copies empty ones too
/v is verbose for the log
/SEC copies permissions
/np shows no progress percentage (this is ugly and gets piped to the log)
/log is the log file
/R is the number of retires
/W is the wait time between retries

Let me know if you have trouble.
0
 

Author Comment

by:surfsideinternet
ID: 34080925
Okay, it keeps telling me access is denied when changing permissions. Although I am logged in as Administrator.
0
 

Author Comment

by:surfsideinternet
ID: 34080931
Nevermind.... It looks like it is working great. THanks
0
 

Author Closing Comment

by:surfsideinternet
ID: 34080963
Worked perfectly. - Thanks
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question