I created this (http://poshcode.org/4001) almost 18 months ago to copy shares over when upgrading file servers to new hardware/OS. It uses WMI to get the shares on one server+drive and copy them to a different server+drive, presuming the files and NTFS perms are the same on each. It could probably be modified to use multiple drives pretty easily.
Nathan Randall Microsoft Systems Engineer, HIS Allegiance Health Tel: (517) 788-4800 / Ext. 3956 AllegianceHealth.org -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Thursday, August 07, 2014 2:39 PM To: powershell@lists.myitforum.com Subject: [powershell] Saving share permissions, and re-applying them I could use some assistance. I have a need to create a script that will scan a server's shares; save the share name, filepath, and permissions. Then later, I need to read that script back in, and re-create the shares as they existed before. (this is all part of a DR test). Ideally, this will be run from a Win2008 R2 or Win 7 machine; don't think I will have a Win2012 available, to use the new PowerShell commands dealing with shares. I shouldn't need the folder ACLs because the SAN LUN that the shares exist on should be replicated to the DR site. So if we attach that LUN to a new server there, the folder permissions should still be there on disk in the filesystem. So if I can re-create the shares, set the share permissions, and point the shares at the existing folders. Effectively, it should be like pulling the hard drive out of one server in the domain, putting it in another server in the domain.(we hope) I can (I think) figure out how to enumerate and save the existing share info and perms: (yes, i stole most of this off of web searches) =================================== ForEach ($FileServer in $AllFileServers) { $UNC_Computer = "\\"+$FileServer ForEach ($SharePath in $AllSharePaths) { $AllShares = Get-WMIObject -Class Win32_Share -Filter "type=$ShareType" -ComputerName $FileServer | Select -ExpandProperty Name | Sort ForEach ($Share in $AllShares) { $ACL = $null # Build ACL object Write-Host $Share -ForegroundColor Green Write-Host $('-' * $share.Length) -ForegroundColor Green $objShareSec = Get-WMIObject -Class Win32_LogicalShareSecuritySetting -Filter "name='$Share'" -ComputerName $FileServer TRY { $SD = $objShareSec.GetSecurityDescriptor().Descriptor ForEach($ACE in $SD.DACL){ $UserName = $ACE.Trustee.Name If ($ACE.Trustee.Domain -ne $Null) {$UserName = "$($ACE.Trustee.Domain)\$UserName"} If ($ACE.Trustee.Name -eq $Null) {$UserName = $ACE.Trustee.SIDString } [Array]$ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName, $ace.AccessMask, $ace.AceType) } #end foreach ACE } # end try CATCH { Write-Host "Unable to obtain permissions for $share" } $ACL Write-Host $('=' * 50) } # end foreach $share } } ========================= So I figure if I can write out all the values in $ACL per file server, I should have the share info and permissions. But I am mightily confused on how to use that to then create shares and permissions on another server. Clues for simple-minded me, anyone? ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 This e-mail message and any attachment(s) is intended only for the individual(s) to whom it is addressed and may contain information that is privileged, confidential or proprietary in nature. Any unauthorized disclosure, copying or distribution of this e-mail or the content of this message is prohibited. If you have received this e-mail message in error, please immediately notify the sender at the e-mail address above, permanently delete this e-mail and destroy any copies of this e-mail and attachments in your possession. This electronic message (“e-mail”), including the typed name of the sender, does not constitute an electronic signature unless there is a specific statement to the contrary included in this e-mail. ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
