Tuesday, April 20, 2010

Backup NTFS permissions

Reference : _h_t_t_p_://ochoco.blogspot.com/2009/02/quick-tip-back-up-your-ntfs-security.html

_________Adding a security group to a folder and maintain inheritance_________
C:\Program Files\Support Tools>icacls D:\data$\NTFS_PermTEST /Grant "domainname\
DLGTestGroup":(OI)(CI)F
(Be mindful of security group names... has to be prewindows 2000 name for groups)
__________________________________________________________________________

Subinacl.exe

http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en

Here is example syntax that you can use to proactively back up your NTFS permissions:

Subinacl /noverbose /output=c:\ntfs_perms.txt /subdirectories "Path to the Folder of NTFS permissions we have to Backup"

To backup the permissions of the folder, subfolders and files on folder called Data\IT on the D: drive:

subinacl /noverbose /output=c:\ntfs_perms_TEST.txt /subdirectories D:\data\IT

If you wanted to just backup the NTFS permissions for the entire drive, the command would look like this:

subinacl /noverbose /output=c:\ntfs_D_drive_perms.txt /subdirectories D:\*.*

Most of you will probably not be concerned with backing up down to the file level, and are satisfied with just backing up the permissions at the directory level. Backing up the permissions for just the directories can be achieved with the following syntax:

subinacl /noverbose /output=c:\D_drive_NTFSperms.txt /subdirectories=directoriesonly D:\*.*

The output of the command while have something like this:
Elapsed Time: 00 00:00:00
Done: 5, Modified 5, Failed 0, Syntax errors 0
Last Done : D:\data$\IT\NTFS_PermTEST\TestA\Test_A_2\Inherit_notAllowed

The contents of the file created by subinacl are viewable in any text editor and the output is similar to this:
===================================
+File D:\data$\NTFS_PermTEST\TestA
===================================
/control=0x400
/owner =builtin\administrators
/primary group =domainname\domainname users
/audit ace count =0
/perm. ace count =5
/pace =domainname\A.B Type=0x0 Flags=0x13 AccessMask=0x1301bf
/pace =domainname\domainname admins Type=0x0 Flags=0x13 AccessMask=0x1f01ff
/pace =domainname\gav Type=0x0 Flags=0x13 AccessMask=0x1200a9
/pace =domainname\gsg-information technology Type=0x0 Flags=0x13 AccessMask=0x1f01ff
/pace =domainname\rahul Type=0x0 Flags=0x13 AccessMask=0x1f01ff

===================================
+File D:\data$\NTFS_PermTEST\TestB
===================================
/control=0x400
/owner =builtin\administrators
/primary group =domainname\domainname users
/audit ace count =0
/perm. ace count =5
/pace =domainname\A.B Type=0x0 Flags=0x13 AccessMask=0x1301bf
/pace =domainname\domainname admins Type=0x0 Flags=0x13 AccessMask=0x1f01ff
/pace =domainname\gav Type=0x0 Flags=0x13 AccessMask=0x1200a9
/pace =domainname\gsg-information technology Type=0x0 Flags=0x13 AccessMask=0x1f01ff
/pace =domainname\rahul Type=0x0 Flags=0x13 AccessMask=0x1f01ff
=======================================


To restore the permissions on the drive using the file that you backed them up to:

Subinacl /playfile c:\D_drive_NTFS_perms.txt

No comments:

Post a Comment