[How-To] Restore File Permissions from Mounted Backup with Powershell
Oh fudge
Scenario: Help desk fudged your network share’s file permissions because they accidentally changed the permissions for the wrong network drive. You start quaking harder than Sauron’s flaming eye when he felt the Ring of Power in Mt. Doom. Your clients/company needs access to those files now, and you don’t want to make them wait for a restore from backup. Your manager has granted all domain users read and write access because he’s getting barked on by his managers as a temporary stop-gap. You have a backup solution that can mount a backed up version of your network drive.
You mount the backup.
You try using icacls /save and icacls /restore to save the permissions from the backup and restore them to the live files and folders. It fails.
You try robocopy. It seems to try and copy the files over no matter what switches you use.
You look up Powershell methods of doing this. You realize you have to dig deeper because Get-ACL and Set-ACL do not have a -recurse option.
You don’t find anything useful.
What do you do?
I went 6 pages deep into Google before I gave up and tackled on forging a small script myself. I got yo’ back!
Because Get-ACL and Set-ACL don’t have recurse switches, we must manipulate Get-ChildItem and feed it into Set-ACL somehow.
Thus, I have put together a script that worked for me. To avoid funkiness and odd permission issues with UNC and mapped network drives, run the script directly on the file server with the proper relative local drive letters.
$folders = Get-ChildItem -path "H:\Company\Backup\" -recurse foreach($item in $folders){ $itemoriginalpath = $item -replace "H:","D:" $originacl = get-acl -path $itemoriginalpath $originacl | set-acl -path $item }
And voila! You’re vulnerable to ransomware and peepers while everyone has emergency access, but your permissions will be restored without demanding everyone to not work while network files are being stored from backups. It takes a while because of the foreach loop, but without -recurse on the ACL commands, I’m not sure what can be done about it. If anyone has any improvements, please feel free to share in the comments!
Thanks!