The registry key that contains all of the shares and share permissions on a Windows file server is located: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
and the Security subkey. You can export this key set from your current file server, mount the shares data drive to a new server with an updated OS and import this registry key to restore all of the shares and their associated permissions. Since you've moved the data drive to the new server, all files retained their NTFS permissions. Also, this detach/re-attach process assumes you're not using DFS.
So, step by step (assuming you're doing this in a virtual environment):
1) Create new VM with virtual HDD for OS
2) Install new OS, patch, update, etc. (Do not join to domain yet)
3) Export registry key from old file server
4) Copy registry key file to new file server
4) Unjoin old file server from domain
5) Change server name and IP address of old file server and shut down
6) Detach data volume virtual disk from old file server
7) Change server name and IP address of new file server to match old server and reboot sever
8) Join new file server to domain
9) Attach data drive virtual disk to new file server and mount with same drive letter as it had on the old file server
10) Import registry key from old file server
11) Reboot new file server
At this point your new file server has the data volume mounted from the old file server and the shares permissions have been imported. I'll make a separate post on some ways to consolidate the new VM data files with the old server data virtual disk into a single folder.
If you are migrating a physical file server to a virtual machine, or possibly migrating a VM-based file server to an new VM on a different platform, you can create a root shared folder on the target system, map a drive to the shared folder from the existing file server, and use a robocopy job to copy the data to the new server.
Example1: robocopy e:\rootshare r:\remoteshare /e /copy:datso /z /MT:128
Example 2: robocoy e:\rootshare r:\remoteshare /mir /z /MT:128 /LOG+:logfilename.log
After the copy job finishes and is validated, export the registry key that stores the share permissions data from the existing file server and then import the exported .reg file into the new file server's registry.
I recently had a customer's file server boot drive MBR record get irreparably corrupted. We mounted the boot volume to the new file server as a data disk, used the remote registry mount utility to mount the \Windows\System32\Config\SYSTEM registry file and export the shares registry key. When you use the remote mount utility you have to give it a temporary name. Thus, when you export the key the registry file header data has the temporary name in the (2) header paths instead of the correct header path names. We had to correct those using notepad to edit the .reg file two header data paths as follows before attempting to import the shares key into the new file server.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares\Security]
Don't forget to change the notepad save settings to *.* to preserve the .reg file extension.
Link to all Robocopy Commands: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/robocopy
and the Security subkey. You can export this key set from your current file server, mount the shares data drive to a new server with an updated OS and import this registry key to restore all of the shares and their associated permissions. Since you've moved the data drive to the new server, all files retained their NTFS permissions. Also, this detach/re-attach process assumes you're not using DFS.
So, step by step (assuming you're doing this in a virtual environment):
1) Create new VM with virtual HDD for OS
2) Install new OS, patch, update, etc. (Do not join to domain yet)
3) Export registry key from old file server
4) Copy registry key file to new file server
4) Unjoin old file server from domain
5) Change server name and IP address of old file server and shut down
6) Detach data volume virtual disk from old file server
7) Change server name and IP address of new file server to match old server and reboot sever
8) Join new file server to domain
9) Attach data drive virtual disk to new file server and mount with same drive letter as it had on the old file server
10) Import registry key from old file server
11) Reboot new file server
At this point your new file server has the data volume mounted from the old file server and the shares permissions have been imported. I'll make a separate post on some ways to consolidate the new VM data files with the old server data virtual disk into a single folder.
If you are migrating a physical file server to a virtual machine, or possibly migrating a VM-based file server to an new VM on a different platform, you can create a root shared folder on the target system, map a drive to the shared folder from the existing file server, and use a robocopy job to copy the data to the new server.
Example1: robocopy e:\rootshare r:\remoteshare /e /copy:datso /z /MT:128
Example 2: robocoy e:\rootshare r:\remoteshare /mir /z /MT:128 /LOG+:logfilename.log
After the copy job finishes and is validated, export the registry key that stores the share permissions data from the existing file server and then import the exported .reg file into the new file server's registry.
I recently had a customer's file server boot drive MBR record get irreparably corrupted. We mounted the boot volume to the new file server as a data disk, used the remote registry mount utility to mount the \Windows\System32\Config\SYSTEM registry file and export the shares registry key. When you use the remote mount utility you have to give it a temporary name. Thus, when you export the key the registry file header data has the temporary name in the (2) header paths instead of the correct header path names. We had to correct those using notepad to edit the .reg file two header data paths as follows before attempting to import the shares key into the new file server.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares\Security]
Don't forget to change the notepad save settings to *.* to preserve the .reg file extension.
Link to all Robocopy Commands: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/robocopy
RSS Feed