I have always just exported this Reg key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares Of course you could easily script the export using reg.exe in a batch file.
As long as the file server at both ends is Windows, as opposed to say a NAS or SAMBA Server, I don't think it should matter what version of Windows the source and target are. This is awfully simple, but it has always worked for me. Just remember to restart the Server service after you import the Reg file. In my DR testing I don't have to do anything like this, to be honest, since the backup software includes the System State. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: Thursday, August 07, 2014 2:41 PM To: [email protected] Subject: [NTSysADM] Fwd: Saving share permissions, and re-applying them I could use some assistance. I have a need to create a script that will scan a server's shares; save the share name, filepath, and permissions. Then later, I need to read that script back in, and re-create the shares as they existed before. (this is all part of a DR test). Ideally, this will be run from a Win2008 R2 or Win 7 machine; don't think I will have a Win2012 available, to use the new PowerShell commands dealing with shares. I shouldn't need the folder ACLs because the SAN LUN that the shares exist on should be replicated to the DR site. So if we attach that LUN to a new server there, the folder permissions should still be there on disk in the filesystem. So if I can re-create the shares, set the share permissions, and point the shares at the existing folders. Effectively, it should be like pulling the hard drive out of one server in the domain, putting it in another server in the domain.(we hope) I can (I think) figure out how to enumerate and save the existing share info and perms: (yes, i stole most of this off of web searches) =================================== ForEach ($FileServer in $AllFileServers) { $UNC_Computer = "\\"+$FileServer ForEach ($SharePath in $AllSharePaths) { $AllShares = Get-WMIObject -Class Win32_Share -Filter "type=$ShareType" -ComputerName $FileServer | Select -ExpandProperty Name | Sort ForEach ($Share in $AllShares) { $ACL = $null # Build ACL object Write-Host $Share -ForegroundColor Green Write-Host $('-' * $share.Length) -ForegroundColor Green $objShareSec = Get-WMIObject -ClassWin32_LogicalShareSecuritySetting -Filter "name='$Share'"-ComputerName $FileServer TRY { $SD = $objShareSec.GetSecurityDescriptor().Descriptor ForEach($ACE in $SD.DACL){ $UserName = $ACE.Trustee.Name If ($ACE.Trustee.Domain -ne $Null) {$UserName ="$($ACE.Trustee.Domain)\$UserName"} If ($ACE.Trustee.Name -eq $Null) {$UserName =$ACE.Trustee.SIDString } [Array]$ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName,$ace.AccessMask, $ace.AceType) } #end foreach ACE } # end try CATCH { Write-Host "Unable to obtain permissions for $share" } $ACL Write-Host $('=' * 50) } # end foreach $share } } ========================= So I figure if I can write out all the values in $ACL per file server, I should have the share info and permissions. But I am mightily confused on how to use that to then create shares and permissions on another server. Clues for simple-minded me, anyone?
