Maintaining file sharing permissions on all servers can be a major challenge, but when using PowerShell, we can automate this procedure allowing you to go home early.
When performing a file migration, you should not only pay attention to the files and the folder itself, but also the permissions established on those objects. In each file and folder there could be a different set of Access Control Entries (ACE) that make up an Access Control List (ACL). Depending on the number of files you are migrating, this can be a lot.
When moving files to a new location, permits don't always come with them. When performing a mass migration, as full file servers with intricate permissions, it is essential to keep those permissions with the objects as they move to the new location.
There are some alternatives to do this.
A favorite tool for performing file migrations is robocopy. Robocopia it's a great tool with lots of bells and whistles, but it can be complicated to use and may not work in all situations. When this happens, I regularly look for a tool called icacls. This is a tool that has been around for a long time and, What robocopy, has many switches, so let's simplify this tool a bit with some PowerShell.
Use PowerShell to transfer permissions
Even though you can use the icacls command line utility directly, not the easiest to understand. To remedy this, you will learn about PowerShell as a container to invoke the icacls tool to simplify this sometimes overwhelming procedure.
First, we will need to download an existing tool that has already been created for us. One of the best things about the PowerShell community is that, as usual, there is a tool to help us. In this circumstance, we will need a PowerShell module. This PowerShell module can be found in the PowerShell Gallery.
If you have PowerShell v4 or later, you will already have some commands to take this module quickly.
PS> Find-Module -Name NTFSPermissionMigration | Install-Module
Once you have finished the above code, you should now have a new module installed on your computer available for use. Once this installation is done, now we need to execute a command inside the module in the folder that contains all the files to which we would like to transfer permissions.
PS> Save-Acl -FolderPath OLDSERVERFileShare -SaveFilePath C:FilePermissions.txt
Once it runs, you should see output similar to this and start to see the saved file start to grow.
processed file: OLDSERVERFileShareFile1.txt
processed file: OLDSERVERFileShareFile2.exe
Successfully processed X files; Failed processing 0 files
When this is complete, you should now have all the permissions for the files and folders within the saved file. Now, we can restore this file. Despite this, before this happens, be sure to make a exactly copy all files inside the previous folder; opposite case, this won't work.
To restore the permissions to the new folder path, now we would use the Restore-Acl command.
PS> Restore-Acl -RestoreToFolderPath NEWFILESERVERFileShare -PermissionFilePath C:FilePermissions.txt
Successfully processed XXX files; Failed processing 0 files
Once this is complete, All NTFS permissions should be mirrored from your source folder and the new destination folder!!
Summary
Using a no-cost Community PowerShell module and a little scripting magic can make the overwhelming task of moving NTFS permissions from one server to another child's play.
