Backup NTFS Permissions | iCACLS | SubINACL


Backup NTFS permissions:

icacls D:\MyDirectory /save \\server\Backup\%computername%_iCACLS_NTFS.txt /t /c

Restore NTFS permissions:

icacls D:\MyDirectory /save \\server\Backup\%computername%_iCACLS_NTFS.txt /t /c


Download here: SUBINACL 

SUBINACL is not supported on WS2008R2/2012 but I’ve not heard any compatibility issues.

Backup NTFS permissions (with log file):

subinacl /noverbose /OUTPUTLOG=\\server\Backup\%computername%_subinacl_log.txt /output=\\server\Backup\%computername%_subinacl_NTFS.txt /subdirectories D:\MyDirectory

<strong>Restore NTFS permissions:</strong>

subinacl /playfile \\server\Backup\Server1_subinacl_NTFS.txt

Note: If you backup the entire directory i.e. “D:\” then you will not be able to easily restore individual subfolders. I.E. “D:\Marketing” the best option is to run this for every sub-folder you wish to backup, not ideal but will save time if you need to carryout a restore.

Change Permissions from old to new domain accounts:

Use “/testmode” to generate a log file and check the changes are correct:

subinacl /testmode /OUTPUTLOG=C:\PermissionChangesLog.txt D:\Company\Shares\*.* /changedomain=OLDDomain=NEWDomain

Then remove “/testmode” to make the changes:

subinacl /OUTPUTLOG=C:\PermissionChangesLog.txt D:\Company\Shares\*.* /changedomain=OLDDomain=NEWDomain

Note: Trust relationship must be in-place for OldDomain to look-up the users in NewDomain.

Change Permissions from old to new domain accounts using mapping file:

If the users in the old domain have different usernames in the new domain then you will need to use a mapping file to let SUBINACL know what account it corresponds to. This is a basic text file in the same directory as the SUBINACL tool.

Reg Export:

Backup shares listed on server:

reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares \\server\Backup\%computername%_Shares.reg

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.