This article is an automatic translation of the article[078f1ae37b1f6174ede2] below.
https://qiita.com/speaktech/items/078f1ae37b1f6174ede2
What to explain in this article
** ※ The content described in this article is applicable to OS version of Windows Server 2012 R2/Windows 8.1 or later. **
In Chapter 1, I will introduce the chance to write an article. (Skipped and OK)
In Chapter 2 we will briefly explain Powershell.
Chapters 3 and 4 tell you how to export and import shared access settings
I will explain in order.
1.First of all
When setting the access right in the Windows OS, shared access right is set to narrow by the NTFS access right by assigning large authority to a large group such as"Domain Users", it was taught as a newcomer.
However, when coming to the workplace, there are many cases where complicated mysterious shared access rights and NTFS access rights that have been matured over many years of operation have been set up.
In these cases, we will have difficulty in manually migrating and restoring shared access rights settings. (When migrating data, restoring at file level, etc.)
There is also an option to copy the shared access right with the DOS command permcopy, but the server from which the shared access right setting should be copied must exist online. I think that in most cases at the time of data restoration does not exist and I think that it can become a constraint of the migration plan even when data migration is done.
Therefore, in order to overcome the above problem
** I thought that it is necessary to be able to reproduce the settings automatically (as far as possible), even if the server that is the copy source of the shared access right setting is in the offline state".
And, as a method to realize this, we have devised **"a method of exporting and importing shared access right setting".
I hope it will be helpful for those with similar problems.
In order to realize this method using ** Powershell **, first I would like to briefly explain Powershell.
2. What is Powershell?
Windows PowerShell is an extensible command line interface (CLI) shell and scripting language developed by Microsoft. Designed on the basis of object oriented, it is based on .NET Framework.
https://ja.m.wikipedia.org/wiki/Windows_PowerShell
As quoted above, PowerShell is an object-oriented shell, unlike MS-DOS.
The Powershell command has a naming convention, and it is easy to guess the command name from that function even when"what is that command command?"In addition, it has tab complement function of command.
# 例1) ディレクトリの移動
PS D:\Tmp> Set-Location -Path D:\Tmp\share
PS D:\Tmp\share>
# 例2) カレントディレクトリのパスを出力
PS D:\Tmp\share> Get-Location
Path
----
D:\Tmp\share
As in the example above, basically the action content of the command appears in the command name.
| Action content | Command name |
|---|---|
| Set | Set-〇 ◯ |
| Get | Get-O O |
| Set as new | New - ○ ○ |
| Export | Export - 〇 ◯ |
| Import | Import-〇 ◯ |
Since the result of the command is returned as an object, it is also possible to access the member by assigning to the variable as follows.
# 例3) カレントディレクトリのオブジェクトを変数に代入し、メンバーへアクセス
PS D:\Tmp\share> $pwd = Get-Location
PS D:\Tmp\share> $pwd.Path
D:\Tmp\share
Based on the above, we will show you how to export and import shared access right setting by Powershell.
3. How to export share permission settings
In this chapter, we will show you how to export shared permission settings to Xml file.
3.1 Output shared access setting
Use the command ** Get-SmbShare ** to output the shared access right setting. Specifying *$false * for the subcommand ** - Special ** saves the default shared permission settings (ADMIN\$, C\$, IPC\$, etc.).
# 例4)共有アクセス権設定を出力
PS D:\Tmp> Get-SmbShare -Special $false
Name ScopeName Path Description
---- --------- ---- -----------
share * D:\tmp\share
Users * C:\Users
You can pipe an object of shared permission setting and filter it with the member's ** Path ** property to narrow down the content to be output as follows.
# 例5)Dドライブ上の共有アクセス権設定のみ出力
PS D:\Tmp> Get-SmbShare -Special $false | ? { $_.Path -like "D:\*" }
Name ScopeName Path Description
---- --------- ---- -----------
share * D:\tmp\share
3.2 Export an object to an Xml file
Use the command ** Export-Clixml ** to export the object to Xml file. You can specify a path ** to output ** Xml to subcommand ** - Path **.
Export object with shared permission setting to Xml file.
# 例6)Dドライブ上の共有アクセス権設定をXmlファイルへエクスポート
PS D:\Tmp> $shareFolder = Get-SmbShare -Special $false | ? { $_.Path -like "D:\*" }
PS D:\Tmp> $shareFolder | Export-Clixml -Path D:\Tmp\SmbShare.xml
With this, it is now possible to save the shared access right setting as an Xml file. Let's manage it carefully as a means of transition as a means of emergency.
4. How to import share permission settings
In this chapter, we will show you how to import sharing permission settings based on the Xml file exported in Chapter 3.
4.1 Import objects from Xml files
Use the command ** Import-Clixml ** to import objects from Xml files. Subcommand ** - Path ** can specify ** Xml path **.
Import the shared access right setting object from the Xml file.
# 例7)Dドライブ上の共有アクセス権設定をXmlファイルからインポート
PS D:\Tmp> Import-Clixml -Path D:\Tmp\SmbShare.xml
Name ScopeName Path Description
---- --------- ---- -----------
share * D:\tmp\share
To output the imported share permission setting in detail, use the ** Get-SmbShareAccess ** command. By passing piped objects of the imported shared permission setting, you can output the shared access right setting in detail.
# 例8)インポートした共有アクセス権設定を詳細に出力
PS D:\Tmp> Import-Clixml -Path D:\Tmp\SmbShare.xml | Get-SmbShareAccess
Name ScopeName AccountName AccessControlType AccessRight
---- --------- ----------- ----------------- -----------
share * Everyone Allow Full
4.2 Reflect shared access setting
** * It is assumed that there is no shared folder to reflect the share access right setting. When you execute the command, it will be shared immediately, so please fully check the shared access right setting before executing it. **
Use the command ** New-SmbShare ** to set the shared access right setting newly. You can reflect the shared access right setting by piping the imported share permission setting object.
# 例9)インポートした共有アクセス権設定を反映
PS D:\Tmp> Import-Clixml -Path D:\Tmp\SmbShare.xml | New-SmbShare
Name ScopeName Path Description
---- --------- ---- -----------
share * D:\Tmp\share
Detailed output and confirm that the imported shared access right setting is reflected.
# 例10)共有アクセス権設定を詳細に出力
PS D:\Tmp> Get-SmbShare -Special $false | Get-SmbShareAccess
Name ScopeName AccountName AccessControlType AccessRight
---- --------- ----------- ----------------- -----------
Users * BUILTIN\Administrators Allow Full
Users * Everyone Allow Full
share * Everyone Allow Full
With this, you can restore the share access right setting from the saved Xml file.
A postcard
It was a very niche information development called Powershell's article, but I'd appreciate it might be useful sometime somewhere.
Since I still have the AWS related Powershell story, I will run to PHP, Python story if I spit it.
Thank you for keeping me till the end.
- If there is a mistake in the contents of this article, I will be happy to correct as we correct it.