NTFS
The Permission Panic: How to Backup and Restore Share & NTFS Permissions | Lazy Admin Blog
It only takes one “Inheritance” checkbox error to bring a department to a standstill. If you are migrating a file server or just performing routine maintenance, having a permission backup is your “Undo” button.
1. Share Permissions (The Registry Method)
“Share” permissions (the ones you see in the Sharing tab) are not stored on the files themselves; they are stored in the Windows Registry.
To Backup: Open a Command Prompt (Admin) and run:
DOS
reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares shareperms.regTo Restore: Simply import the file back on the new or repaired server:
DOS
reg import shareperms.regNote: You must restart the ‘Server’ service or reboot for the shares to reappear.
2. NTFS Permissions (The icacls Method)
NTFS permissions (the “Security” tab) are much more complex. We use the built-in icacls tool to handle these.
The Backup Command:
DOS
icacls d:\data /save ntfsperms.txt /t /c- /t: Recurses through all subfolders.
- /c: Continues even if it hits a single file error (like a long file path).
The “Tricky” Restore Command: When restoring, icacls treats the paths inside the text file as relative. If your backup file says “Data\Folder1,” and you try to restore to D:\Data, it will look for D:\Data\Data\Folder1.
The Correct Syntax:
DOS
icacls d:\ /restore ntfsperms.txtLazy Admin Warning: Always point the restore command one level above the folder you backed up. If you backed up
D:\Data, restore toD:\.
Understanding the “Secret Code” (SDDL)
If you open your ntfsperms.txt file, you’ll see strings like D:AI(A;ID;FA;;;BA). This is Security Descriptor Definition Language (SDDL).
- BA = Built-in Administrators
- SY = Local System
- AU = Authenticated Users
It looks like gibberish, but to the Windows Kernel, it is a perfect map of your security infrastructure.
#WindowsServer #SysAdmin #DisasterRecovery #NTFS #FileServer #TechTips #CyberSecurity #ITAdmin #LazyAdmin