I have also used the registry method in number two many times in the past with no issues. Thanks
Webster > -----Original Message----- > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim > Sent: Thursday, August 07, 2014 1:45 PM > To: powershell@lists.myitforum.com > Subject: RE: [powershell] Saving share permissions, and re-applying them > > Two step it. > > 1) Your backup system handles the NTFS perms during the restore. > 2) Grab the sharenames and share perms from lanmanserver\shares. > > http://support.microsoft.com/kb/125996 > > After the registry import you can manually edit drive letters if they changes. > Done it this way several times. > > -----Original Message----- > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone > Sent: Thursday, August 7, 2014 2:39 PM > To: powershell@lists.myitforum.com > Subject: [powershell] Saving share permissions, and re-applying them > > I could use some assistance. I have a need to create a script that will scan a > server's shares; save the share name, filepath, and permissions. Then later, I > need to read that script back in, and re-create the shares as they existed > before. (this is all part of a DR test). Ideally, this will be run from a > Win2008 > R2 or Win 7 machine; don't think I will have a Win2012 available, to use the > new PowerShell commands dealing with shares. > > I shouldn't need the folder ACLs because the SAN LUN that the shares exist > on should be replicated to the DR site. So if we attach that LUN to a new > server there, the folder permissions should still be there on disk in the > filesystem. So if I can re-create the shares, set the share permissions, and > point the shares at the existing folders. > > Effectively, it should be like pulling the hard drive out of one server in the > domain, putting it in another server in the domain.(we > hope) > > I can (I think) figure out how to enumerate and save the existing share info > and perms: > (yes, i stole most of this off of web searches) > > =================================== > ForEach ($FileServer in $AllFileServers) { $UNC_Computer = "\\"+$FileServer > ForEach ($SharePath in $AllSharePaths) { $AllShares = Get-WMIObject - > Class Win32_Share -Filter > "type=$ShareType" -ComputerName $FileServer | Select -ExpandProperty > Name | Sort > ForEach ($Share in $AllShares) { > $ACL = $null # Build ACL object > Write-Host $Share -ForegroundColor Green > Write-Host $('-' * $share.Length) -ForegroundColor Green > $objShareSec = Get-WMIObject -Class > Win32_LogicalShareSecuritySetting -Filter "name='$Share'" > -ComputerName $FileServer > TRY { > $SD = $objShareSec.GetSecurityDescriptor().Descriptor > ForEach($ACE in $SD.DACL){ > $UserName = $ACE.Trustee.Name > If ($ACE.Trustee.Domain -ne $Null) {$UserName = > "$($ACE.Trustee.Domain)\$UserName"} > If ($ACE.Trustee.Name -eq $Null) {$UserName = > $ACE.Trustee.SIDString } > [Array]$ACL += New-Object > Security.AccessControl.FileSystemAccessRule($UserName, > $ace.AccessMask, $ace.AceType) > } #end foreach ACE > } # end try > CATCH > { Write-Host "Unable to obtain permissions for $share" } > $ACL > Write-Host $('=' * 50) > } # end foreach $share > } > } > ========================= > > So I figure if I can write out all the values in $ACL per file server, I > should > have the share info and permissions. But I am mightily confused on how to > use that to then create shares and permissions on another server. > > Clues for simple-minded me, anyone? > > > ================================================ > Did you know you can also post and find answers on PowerShell in the > forums? > http://www.myitforum.com/forums/default.asp?catApp=1 > > > ================================================ > Did you know you can also post and find answers on PowerShell in the > forums? > http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
