Windows Server 2008 registry key that controls folder and file permissions

I'm building a new Windows Server 2008 server to replace an existing one and I need to know what registry key(s) are used to control folder and file security (not share) permissions. I have found the Share security permissions and I'm able to export and import those to the server, but the file and folder security permissions are not included. The reason why I need to do this is because this server is only used for access control as a file server role for a NAS drive array via iSCSI EqualLogic MPIO, so the drive array is the same data with all of the share and security permissions as before. The registry path to the Share and Share security keys is below.

HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>LanmanServer>Shares>Security

I actually did this process a few years ago when the hardware server that controlled the NAS drive array was also compromised. I seem to recall that at that time all I did was export the Shares key and Security key below it and when the new virtual server was configured for the iSCSI communication to the drive array I just imported the Shares and Security registry keys, restarted the server and all of the share and security permissions were the same as the original. Now when I run some tests it doesn't seem to be working.

Any ideas?



File and folder security settings are kept in the filesystem, not in the registry. You need to perform a copy which is able to transfer security settings, like RoboCopy with /copy:DATS and /DCopy:T.



File and folder security settings are kept in the filesystem, not in the registry. You need to perform a copy which is able to transfer security settings, like RoboCopy with /copy:DATS and /DCopy:T.



Can this be used to copy just the permissions without the data?



RoboCopy will only perform required changes. If the files are at both source and destination, with same timestamps, it won't do anything IIRC. At least that was an issue with prior releases of it.

But rereading your question again, you won't have to do anything. As said the filesystem holds the ACLs, and as long as the SIDs don't change (that is, you are using the same domain), they are still valid after replacing the server.
However, "NAS" and "iSCSI" are mutual exclusive. You probably mean "SAN", which builds an external drive array used like a local disk. A NAS has its own server OS running, a Linux in most cases.





Share this

Related Posts

There was an error in this gadget