How to export shared folder with permissions and groups associated

Question

I'm working on a windows server 2008 r2 and I'm trying to export the configuration of shared folder with all the groups associated to them,permissions and file system permissions.

is there a way to do that?

maybe with powershell?

@edit: another problem is that I need to do that after a reboot, so I have to save the configuration in a file for example and then reimport it.

Do you want to export the settings of all shares, or just the settings of one specific share? — Ansgar Wiechers, Jul 30 '14 at 11:42
it doesn't matter. if you have any idea explain it to me. I want all the shared folder but the system folder. — rschirin, Jul 30 '14 at 12:54

Ansgar Wiechers · Answer 1 · 2014-07-30T18:09:46.633

4

If you want to backup/restore all existing shares you could export/import the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares.

Backup:

reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares shares.reg

Restore:

reg import shares.reg
net stop server && net start server

File/folder ACLs can be saved and restored like this:

Backup:

Get-WmiObject -Class Win32_Share -Filter 'Type = 0' | select -Expand Path | % {
  $path = $_
  Get-Acl $path | select @{n='Path';e={$path}}, Sddl
} | Export-Csv 'C:\path\to\acls.csv'

Restore:

Import-Csv 'C:\path\to\acls.csv' | % {
  $acl = Get-Acl $_.Path
  $acl.SetSecurityDescriptorSddlForm($_.Sddl)
  Set-Acl -Path $_.Path -AclObject $acl
}

edited Jul 30 '14 at 18:09

answered Jul 30 '14 at 14:39

Ansgar Wiechers

193,178
25
254
328

I can use this way, but using it I can save and import only the share permission but not Security permission (also known as ACL). – rschirin Jul 30 '14 at 16:52
@rschirin: You should have clarified in your question that you want to backup both share and filesystem permissions. See updated answer. – Ansgar Wiechers Jul 30 '14 at 18:11

score 2 · Answer 2 · answered Jul 30 '14 at 09:46

2

Interesting question, I think the only way to do so is manually getting the acl on original folder and then re-apply them to the copied folder. The cmdlet to be used are Get-Acl -path $youfolder, Copy-Item and Set-Acl

answered Jul 30 '14 at 09:46

Naigel

9,086
16
65
106

get-acl works on permission about the filesystem. but what to do for SMB? – rschirin Jul 30 '14 at 10:34
if you are using at least PS3 on win8+/2012+ you can use `New-SmbShare` – Naigel Jul 30 '14 at 10:55
unfortunately not. i'm on win 2008 r2 – rschirin Jul 30 '14 at 12:54

score 1 · Accepted Answer · answered Jul 30 '14 at 13:30

I'm working on a module (see here) that should be able to do this for you. It's a script module, so you can actually open it up and look at/modify the code. If you use it, you could do something like this (the Export-Csv call is commented out, but you can put it in after confirming this is the output you're looking for):

Get-WmiObject Win32_Share -ComputerName ServerName | 
    Get-AccessControlEntry #| Export-Csv -Path CsvLocation.csv

You'll get errors for built-in system shares, e.g., C$, so you may want to add an -ErrorAction SilentlyContinue and/or an -ErrorVariable to the Get-AccessControlEntry call.

To bring the permissions back in, you'd just feed the Get-AccessControl output into Add-AccessControlEntry:

Import-Csv -Path CsvLocation.csv | Add-AccessControlEntry -WhatIf

Add-AccessControlEntry prompts for confirmation by default. Use the -Force switch to suppress the prompts.

Changing this to work for the NTFS permissions is very easy, too. Just change the Get-WmiObject call into a Get-ChildItem call, and everything else should be the same.

How to export shared folder with permissions and groups associated

3 Answers3