The registry key that contains all of the shares and share permissions on a Windows file server is located: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
and the Security subkey. You can export this key set from your current file server, mount the shares data drive to a new server with an updated OS and import this registry key to restore all of the shares and their associated permissions. Since you've moved the data drive to the new server, all files retained their NTFS permissions. Also, this detach/re-attach process assumes you're not using DFS.
So, step by step (assuming you're doing this in a virtual environment):
1) Create new VM with virtual HDD for OS
2) Install new OS, patch, update, etc. (Do not join to domain yet)
3) Export registry key from old file server
4) Copy registry key file to new file server
4) Unjoin old file server from domain
5) Change server name and IP address of old file server and shut down
6) Detach data volume virtual disk from old file server
7) Change server name and IP address of new file server to match old server and reboot sever
8) Join new file server to domain
9) Attach data drive virtual disk to new file server and mount with same drive letter as it had on the old file server
10) Import registry key from old file server
11) Reboot new file server
Instructions for Exporting Registry Key from old server:
Navigate to:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
Right click on Shares in the left-side view window
Select Export
Name file. Example: filesharesexport.reg
copy this file to the new server
Instructions for Importing Registry Key to New Server:
Open Registry Editor on the new server.
Go to File > Import
Navigate to the location where you copied the .reg file.
Double-click the .reg file to start the import process.
You may be prompted to confirm the import, click "Yes" to proceed.
The registry key will be added to the registry on the new server.
At this point your new file server has the data volume mounted from the old file server and the shares permissions have been imported. I'll make a separate post on some ways to consolidate the new VM data files with the old server data virtual disk into a single folder.
*edit: One problem we have become aware of in using this process is the shared folder OWNER permissions. If the shared folder on the source system is OWNED by a LOCAL administrator user, the NTFS and share permissions of the sub-folders WILL NOT be applied on the target system. Local user \\Server1\Administrator is NOT the same as local user \\Server2\Administrator, even though the names are the same. To "fix" the issue, we changed the OWNER of the root folders on the source system to a DOMAIN admin user with local admin rights on the source and target servers. After that change, the sub-folder permissions were applied properly on the target system after the .reg key import. This is also a problem if sub-folder permissions were granted using local users instead of domain users on the source host.
If you are migrating a physical file server to a virtual machine, or possibly migrating a VM-based file server to an new VM on a different platform, you can create a root shared folder on the target system, map a drive to the shared folder from the existing file server, and use a robocopy job to copy the data to the new server.
Example1: robocopy e:\rootshare r:\remoteshare /e /copy:datso /z /MT:128
Example 2: robocoy e:\rootshare r:\remoteshare /mir /z /MT:128 /LOG+:logfilename.log
After the copy job finishes and is validated, export the registry key that stores the share permissions data from the existing file server and then import the exported .reg file into the new file server's registry.
I recently had a customer's file server boot drive MBR record get irreparably corrupted. We mounted the boot volume to the new file server as a data disk, used the remote registry mount utility to mount the \Windows\System32\Config\SYSTEM registry file and export the shares registry key. When you use the remote mount utility you have to give it a temporary name. Thus, when you export the key the registry file header data has the temporary name in the (2) header paths instead of the correct header path names. We had to correct those using notepad to edit the .reg file two header data paths as follows before attempting to import the shares key into the new file server.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares\Security]
Don't forget to change the notepad save settings to *.* to preserve the .reg file extension.
Link to all Robocopy Commands: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/robocopy
and the Security subkey. You can export this key set from your current file server, mount the shares data drive to a new server with an updated OS and import this registry key to restore all of the shares and their associated permissions. Since you've moved the data drive to the new server, all files retained their NTFS permissions. Also, this detach/re-attach process assumes you're not using DFS.
So, step by step (assuming you're doing this in a virtual environment):
1) Create new VM with virtual HDD for OS
2) Install new OS, patch, update, etc. (Do not join to domain yet)
3) Export registry key from old file server
4) Copy registry key file to new file server
4) Unjoin old file server from domain
5) Change server name and IP address of old file server and shut down
6) Detach data volume virtual disk from old file server
7) Change server name and IP address of new file server to match old server and reboot sever
8) Join new file server to domain
9) Attach data drive virtual disk to new file server and mount with same drive letter as it had on the old file server
10) Import registry key from old file server
11) Reboot new file server
Instructions for Exporting Registry Key from old server:
Navigate to:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
Right click on Shares in the left-side view window
Select Export
Name file. Example: filesharesexport.reg
copy this file to the new server
Instructions for Importing Registry Key to New Server:
Open Registry Editor on the new server.
Go to File > Import
Navigate to the location where you copied the .reg file.
Double-click the .reg file to start the import process.
You may be prompted to confirm the import, click "Yes" to proceed.
The registry key will be added to the registry on the new server.
At this point your new file server has the data volume mounted from the old file server and the shares permissions have been imported. I'll make a separate post on some ways to consolidate the new VM data files with the old server data virtual disk into a single folder.
*edit: One problem we have become aware of in using this process is the shared folder OWNER permissions. If the shared folder on the source system is OWNED by a LOCAL administrator user, the NTFS and share permissions of the sub-folders WILL NOT be applied on the target system. Local user \\Server1\Administrator is NOT the same as local user \\Server2\Administrator, even though the names are the same. To "fix" the issue, we changed the OWNER of the root folders on the source system to a DOMAIN admin user with local admin rights on the source and target servers. After that change, the sub-folder permissions were applied properly on the target system after the .reg key import. This is also a problem if sub-folder permissions were granted using local users instead of domain users on the source host.
If you are migrating a physical file server to a virtual machine, or possibly migrating a VM-based file server to an new VM on a different platform, you can create a root shared folder on the target system, map a drive to the shared folder from the existing file server, and use a robocopy job to copy the data to the new server.
Example1: robocopy e:\rootshare r:\remoteshare /e /copy:datso /z /MT:128
Example 2: robocoy e:\rootshare r:\remoteshare /mir /z /MT:128 /LOG+:logfilename.log
After the copy job finishes and is validated, export the registry key that stores the share permissions data from the existing file server and then import the exported .reg file into the new file server's registry.
I recently had a customer's file server boot drive MBR record get irreparably corrupted. We mounted the boot volume to the new file server as a data disk, used the remote registry mount utility to mount the \Windows\System32\Config\SYSTEM registry file and export the shares registry key. When you use the remote mount utility you have to give it a temporary name. Thus, when you export the key the registry file header data has the temporary name in the (2) header paths instead of the correct header path names. We had to correct those using notepad to edit the .reg file two header data paths as follows before attempting to import the shares key into the new file server.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares\Security]
Don't forget to change the notepad save settings to *.* to preserve the .reg file extension.
Link to all Robocopy Commands: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/robocopy
RSS Feed