iCACLS
Backup NTFS permissions:
icacls D:\MyDirectory /save \\server\Backup\%computername%_iCACLS_NTFS.txt /t /c
Restore NTFS permissions:
icacls D:\MyDirectory /save \\server\Backup\%computername%_iCACLS_NTFS.txt /t /c
SubINACL
Download here: SUBINACL
SUBINACL is not supported on WS2008R2/2012 but I’ve not heard any compatibility issues.
Backup NTFS permissions (with log file):
subinacl /noverbose /OUTPUTLOG=\\server\Backup\%computername%_subinacl_log.txt /output=\\server\Backup\%computername%_subinacl_NTFS.txt /subdirectories D:\MyDirectory
<strong>Restore NTFS permissions:</strong>
subinacl /playfile \\server\Backup\Server1_subinacl_NTFS.txt
Note: If you backup the entire directory i.e. “D:\” then you will not be able to easily restore individual subfolders. I.E. “D:\Marketing” the best option is to run this for every sub-folder you wish to backup, not ideal but will save time if you need to carryout a restore.
Change Permissions from old to new domain accounts:
Use “/testmode” to generate a log file and check the changes are correct:
subinacl /testmode /OUTPUTLOG=C:\PermissionChangesLog.txt D:\Company\Shares\*.* /changedomain=OLDDomain=NEWDomain
Then remove “/testmode” to make the changes:
subinacl /OUTPUTLOG=C:\PermissionChangesLog.txt D:\Company\Shares\*.* /changedomain=OLDDomain=NEWDomain
Note: Trust relationship must be in-place for OldDomain to look-up the users in NewDomain.
Change Permissions from old to new domain accounts using mapping file:
If the users in the old domain have different usernames in the new domain then you will need to use a mapping file to let SUBINACL know what account it corresponds to. This is a basic text file in the same directory as the SUBINACL tool.
Reg Export:
Backup shares listed on server:
reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares \\server\Backup\%computername%_Shares.reg