Transfer fie and folde permissions on iSCSI attached shared folders

The permissions are stored in the filesystem not in the OS so you shoudln't need to transfer permissions.  Just mount the volume on the new server as.  

Now group access is a different beast.  Are these servers in a domain?

Make sure you are using domain based permissions versus server based permissions
domain\administrator full access versus server\administrators of which domain\administrators are members when joined in AD.
You would have to go through each to check what the settings are to adjust them.
Default server\administrators etc. will be seen as newserver\administrators the only issue you may have is if you created individual local groups which will not match because of the GUID.

Yes these servers are on a domain and some Security Groups are being used. Is this the type of group access that you are refering to?

Yes.  If you have any groups that local to the server as opposed domain groups they will not transfer.  One common example is the local administrators group.

The NTFS volume on the server is shared, with Exeryone having Full Control permissions.

Within this volume are all of the tsprofiles, mydocs, network shares, everything, all with granular share permissions.

Would Permcopy be the solution here, or will all these settings be retained on the SAN volumes?

You can use robocopy to copy permissions.

Yes.
Administrator, Remote Desktop User, etc. will transfer since their GUID Is common.
But if you added local group1 and added domain\group1 etc.
the local group1 will be unknown on the new server even if you created one because the GUID is "randomly" assigned.
with this in mind, local\group1 permissions will not be validated on the new server.

We are not using any Local Groups on the server, just Domain Security Groups and User accounts in AD.

with this being the case, are you saying that I do not need to transfer share permissions to the Server 2008 server, say with Permcopy or the FSMT?

It seems like you would need to setup these permissions in Windows again but Im not sure.

One problem I have here with using permcopy or robocopy is that the new server will be replacing the old, with both IP and Hostname. I have to bring one down to bring up the other, and I cannot have both connected to the SAN volume at the same time. I believe these CLI tools require a source and destination server and I dont see how I can do that.

You would need to copy the current share settings since they are part of the OS, the security settings on the directories/files are stored within the filesystem and these you will not need to copy.

Any advice for how to accomplish this since I cannot have both the old and new servers connected to the SAN volume at the same time?

The shares are stored in the registry you can export the registry entries for them and then import them into the new server.

Unfortunately I can't put my hands on teh exact location atm.  

Does this look right? Would this be all I need to do as far as permissions?


To save only the existing share names and their permissions on Windows follow these steps.

Note This procedure applies only to NetBIOS shares and not to Macintosh volumes.
On the existing Windows installation that contains the share names and permissions that you want to save, start Registry Editor (Regedt32.exe).
From the HKEY_LOCAL_MACHINE subtree, go to the following key:
SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
Save or export the registry key.
For Windows NT and Windows 2000, click Save Key on the Registry menu.
For Windows Server 2003, click Export on the File menu.
Type a new file name (a file extension is not necessary), and then save the file to a floppy disk.
Reinstall Windows.
Run Registry Editor (Regedt32.exe).
From the HKEY_LOCAL_MACHINE subtree, go to the following key:
SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
Restore or import the registry key.
For Windows NT and Windows 2000, click Restore on the Registry menu.
For Windows Server 2003, click Import on the File menu.
Type the path and file name of the file that you saved in steps 3 and 4.

Caution This step overrides the shares that already exist on the Windows computer with the share names and permissions that exist in the file you are restoring. You are warned about this before you restore the key.
Restart the server.

You can use setacl or security explorer to make a backup file with file system permissions.

net share will list all the shares.  There is a similar question EE's knowlegebase, but I do not recall which question it was. There is a script floating on the net as well that can copy share settings:
Presumably you've seen this
http://support.microsoft.com/kb/174273
Using support tools:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsNT/AdminTips/Network/RestoreorcopyShareDefinitionsToAnotherServer.html
http://msadmin.net/CInetpubmsadmin.net/archive/2007/07/09/13.aspx
https://www.experts-exchange.com/questions/22414739/modify-share-permissions-via-vbscript.html

The registry related steps posted by LeeTech_Admin are all you need to do. You don't need robocopy or any other tools. That, and make sure that when you mount the iSCSI volumes on the new server to use the same drive letters. Since you are keeping the same server name, this is a pretty straightforward operation. You don't need to backup or document NFTS or share settings. I have done it several times. using EqualLogic storage.

You can always take a snapshot of your volumes using the EqualLogic GUI when the servers are offline. Also, don't forget to remove the ACL on the volumes for the old server and add the new server.

@kevinhsieh

Thanks I pretty much have this completed. One thing though. What do you mean by "don't forget to remove the ACL on the volumes for the old server and add the new server. "

The registry import gave me my share permissions, by my mapped network drives are now giving errors "the local device name is already in use" from clients, and the server itself is being prompted to log into its won share.

When I try to browse to shares on this new server, I now get "You were not connected because a duplicate name exists on the network. Go to System in Control Pane; to change the computer name"

Did you shut down the old server? You may need to give the new server a reboot.

In the EqualLogic GUI, go to the volume(s) attached to the server. Click onthe Access tab. There should only be entries for your active server and possibly your backup server for snapshots only.