Backup and semi-automatic recovery of File Server permissions in windows

Source: n3tl04ds Blog

Have you ever tried to reset the NTFS permissions of dozens or even hundreds of shared directories when the file server suddenly dies and the system has been reinstalled to add users, isn't it tiring? Is there really no way. In fact, the problem can still be solved by moving our minds. Some people may say that after the same user name is created, the permissions do not need to be reset. This is of course wrong, because the NTFS permission matches the UID instead of the user name, UID is different for the same user. Let's get started.

First, you need to back up the permissions of the file directory. Many people should know that the cacls command is used. First, let's look at the usage of the cacls command:
Display or modify the access control table (ACL) of a file)

[/P user: perm [...] [/D user [...]
Filename displays the ACL.
/T change the current directory and all its subdirectories
The ACL of the specified file.
/E. Edit the ACL without replacing it.
/C continues when an access denial error occurs.
/G user: perm grants the specified user access permission.
Perm can be: R read
W write
C Change (write)
F full control
/R user revokes the access permission of the specified user (only valid when used with/E ).
/P user: perm replaces the access permission of the specified user.
Perm can be: N none
R read
W write
C Change (write)
F full control
/D the user rejects access from the specified user.
You can use wildcards to specify multiple files in the command.
You can also specify multiple users in the command.
Cacls shared directory to be backed up/t> cacls.txt
Refer.
D: est COMPUTERsmall :( OI) (CI) F
Nt authoritysystem :( OI) (CI) F
COMPUTERsmall :( OI) (CI) F
Nt authoritysystem :( OI) (CI) F
Here, COMPUTER is the machine name, BUILTIN indicates that the group name is followed, nt authority is followed by the System user, and OI after the user name indicates that the object is inherited (ACE will be inherited by the Directory ), (CI) indicates that the container inherits (ACE will be inherited by the file), and other IO means only inherit (ACE is not applicable to the current file/directory ).
Cacls D: est/t/c/e/g small: F
When we use the/c parameter, some directories may need to be input Y/N. Now xcacls can solve this problem. It has a good parameter, that is,/Y indicates that confirmation is prompted when the user access is replaced.
For example, type XCACLS * at the command prompt *. */G administrator: RW/Y, and then press Enter to replace the ACL of all files and folders in the current folder, without scanning the subfolders and confirming them.
However, if we have many users with many directories and their permissions are different, setting them one by one is a big project. But below, I will introduce a better way to save a lot of time.
We need to first download the "semi-automatic permission recovery application test version" (available at http://n3tl04d.ys168.com/or the Chinese Network Manager Alliance forum to download permission restoration). We need to create the same user name as the original system.
For text processing of backup permissions, we first need to remove the host name before the user name and (OI) (CI) and other redundant stuff.
As shown below:
D: estdddd BUILTINUsers :( OI) (CI) R
COMPUTERl :( OI) (CI) F
Nt authoritysystem :( OI) (CI) F
Should be changed
D: estdddd Users: R
Bl: F
SYSTEM: F
Then remove the inheritance of the parent directory (such as D: est), and then you can use this program to restore the NTFS permission. It is very easy to use, that is, "ca d: cacls.txt (NTFS-authorized backup text file)"

Now, all permissions have been restored.