Migrate Share Permissions via PowerShell
The script export share permissions and migrate to new file server.
Get-SharePermission use for export share permission name, path, user and permission to SharePermission.xml.
Set-SharePermission use for import SharePermission.xml and set share permissions.
If you need to change the file path, you can do it in XML file.
function Get-SharePermission
{
<#
.SYNOPSIS
Export share permissions to SharePermission.xml.
.DESCRIPTION
The function for share permissions migration.
.PARAMETER Server
Specifies the server name for export share permissions to SharePermission.xml. By default local computer name.
.INPUTS
None. You cannot pipe objects for function.
.OUTPUTS
Get-SharePermission function is generate SharePermission.xml in working directory.
.EXAMPLE
C:\PS> Get-SharePermission
.EXAMPLE
C:\PS> Get-SharePermission -Server RemoteServerName
.LINK
http://www.fatihbayram.com
#>
Param(
$Server = $env:COMPUTERNAME
)
Process {
$ShareSecurity = Get-WmiObject win32_LogicalShareSecuritySetting -ComputerName $Server
Remove-Item -Path "SharePermission.xml" -EA SilentlyContinue
$GeneralStatsXML = "<?xml version=""1.0"" encoding=""utf-8""?>`n"
$GeneralStatsXML += "<Result>`n"
$GeneralStatsXML += "<Code>1</Code>`n"
$GeneralStatsXML += "<Message>Operation is completed</Message>`n"
if ($ShareSecurity) {
foreach($Share in $ShareSecurity)
{
$sharenames = $Share.Name
$ACLS = $Share.GetSecurityDescriptor().Descriptor.DACL
foreach($ACL in $ACLS)
{
$User = $ACL.Trustee.Name
switch ($ACL.AccessMask)
{
2032127 {$Perm = "Full Control"}
1245631 {$Perm = "Change"}
1179817 {$Perm = "Read"}
}
$myObj = "" |Select-Object ShareName,User,Permission
$myObj.ShareName = $sharenames
$myObj.User = $User
if (!$User){break}
$myObj.Permission = $Perm
$myObj
$Path = (Get-WMIObject Win32_Share | Where {$_.name -Like $sharenames}).Path
$GeneralStatsXML += "<OperationResult>`n"
$GeneralStatsXML += "<ShareName>$ShareNames</ShareName>`n"
$GeneralStatsXML += "<Path>$Path</Path>`n"
$GeneralStatsXML += "<User>$User</User>`n"
$GeneralStatsXML += "<Permission>$Perm</Permission>`n"
$GeneralStatsXML += "</OperationResult>`n"
}
}
$GeneralStatsXML += "</Result>`n"
}
Add-Content -Encoding UTF8 -Value $GeneralStatsXML -Path "SharePermission.xml"
Write-Host "Save XML file to SharePermission.xml"
}
}
function Set-SharePermission
{
<#
.SYNOPSIS
Import share permissions from xml file.
.DESCRIPTION
The script for share permissions migration.
.PARAMETER ImportXML
Specifies the name and path for the xml import file. This parameter is mandatory.
.INPUTS
None. You cannot pipe objects for both functions.
.OUTPUTS
None. The function does not generate any output.
.EXAMPLE
C:\PS> Set-SharePermission -ImportXML SharePermission.xml
.LINK
http://www.fatihbayram.com
#>
Param(
[parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
$ImportXML
)
Process
{
[xml]$ShareSettings = Get-Content $ImportXML
foreach( $SetShare in $ShareSettings.Result.OperationResult)
{
$ShareName = $SetShare.ShareName
$Path = $SetShare.Path
$User = $SetShare.User
if ($SetShare.Permission -eq "Full Control") {
$Permission = "Full"
}
else {
$Permission = $SetShare.Permission
}
if (Get-SmbShare -Name $ShareName -ErrorAction SilentlyContinue) {
Grant-SmbShareAccess -Name $ShareName -AccountName $User -AccessRight $Permission -Confirm:$false
}
else {
if ($Permission -eq "Full Control") {
New-SmbShare -Name $ShareName -Path $Path -FullAccess $User -Confirm:$false
}
elseif ($Permission -eq "Change") {
New-SmbShare -Name $ShareName -Path $Path -ChangeAccess $User -Confirm:$false
}
else {
New-SmbShare -Name $ShareName -Path $Path -ReadAccess $User -Confirm:$false
}
}
}
}
}