I could use some assistance. I have a need to create a script that
will scan a server's shares; save the share name, filepath, and
permissions. Then later, I need to read that script back in, and
re-create the shares as they existed before. (this is all part of a DR
test). Ideally, this will be run from a Win2008 R2 or Win 7 machine;
don't think I will have a Win2012 available, to use the new PowerShell
commands dealing with shares.
I shouldn't need the folder ACLs because the SAN LUN that the shares
exist on should be replicated to the DR site. So if we attach that LUN
to a new server there, the folder permissions should still be there on
disk in the filesystem. So if I can re-create the shares, set the
share permissions, and point the shares at the existing folders.
Effectively, it should be like pulling the hard drive out of one
server in the domain, putting it in another server in the domain.(we
hope)
I can (I think) figure out how to enumerate and save the existing
share info and perms:
(yes, i stole most of this off of web searches)
===================================
ForEach ($FileServer in $AllFileServers)
{
$UNC_Computer = "\\"+$FileServer
ForEach ($SharePath in $AllSharePaths)
{
$AllShares = Get-WMIObject -Class Win32_Share -Filter
"type=$ShareType" -ComputerName $FileServer | Select -ExpandProperty
Name | Sort
ForEach ($Share in $AllShares) {
$ACL = $null # Build ACL object
Write-Host $Share -ForegroundColor Green
Write-Host $('-' * $share.Length) -ForegroundColor Green
$objShareSec = Get-WMIObject -Class
Win32_LogicalShareSecuritySetting -Filter "name='$Share'"
-ComputerName $FileServer
TRY {
$SD = $objShareSec.GetSecurityDescriptor().Descriptor
ForEach($ACE in $SD.DACL){
$UserName = $ACE.Trustee.Name
If ($ACE.Trustee.Domain -ne $Null) {$UserName =
"$($ACE.Trustee.Domain)\$UserName"}
If ($ACE.Trustee.Name -eq $Null) {$UserName =
$ACE.Trustee.SIDString }
[Array]$ACL += New-Object
Security.AccessControl.FileSystemAccessRule($UserName,
$ace.AccessMask, $ace.AceType)
} #end foreach ACE
} # end try
CATCH
{ Write-Host "Unable to obtain permissions for $share" }
$ACL
Write-Host $('=' * 50)
} # end foreach $share
}
}
=========================
So I figure if I can write out all the values in $ACL per file server,
I should have the share info and permissions. But I am mightily
confused on how to use that to then create shares and permissions on
another server.
Clues for simple-minded me, anyone?
================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1
