Dumping shares from the registry

Most people know that dump all shares on a server to a .reg file to be able to add them to another server.

Where do Windows store all the shares?

Windows stores the share information in the registry.

Registry LanmanServer Shares

So how can I easily export the shares to a file

Im a powersheller, isnt there a cmdlet?

If you are fortunate enough to run Windows 2012 or later you have Get-SMBShare and Get-SmbShareAccess.

Get the shares back now then

If you have exported the share to a registry file. Well just reimport the regfile. And restart the Server service.

Well if you are running 2012 or later on both the origin and destination server you could build a simple script with New-CIMSession, Get-SMBShare, Get-SMBShareAccess and New-SMBShare.

UAC modified groups

So I was searching for which groups that User Access Control (UAC) removes from the default kerberos ticket. After alot of googling, and even reading the old UAC blog. So I decided to make the list myself. And not finding it I decided to build the list.

But first what is UAC?

UAC helps secure a system by removing some groups from the kerberos ticket used by Explorer.exe. When you run a program as Administrator it will run with the full kerberos ticket.

Which windows groups are removed from the default kerberos ticket? [Read more…]

Add a Private folder to all homedirectories with ACLs

So I found a user on Microsoft Social that needed some help creating a Privet folder in all users home directories and applying special permissions on that folder.

So I reused some old blog entries about Using powershell and SIDs to change ACLs and Remove NTFS rights inheritance using Powershell and wrote together a small script.

This script will take all users with a homedirectory, create a Private folder, and then set the required rights.

Remove NTFS rights inheritance using Powershell

So I needed to remove the inheritance of a folder. Yes its easy to do with icacls, just icacls /inheritance:e|d|r. Where E is enable, D is copy all ACEs and R removes all inherited rights.
But this is about doing it with powershell. [Read more…]

Excel and Delete / Create file rights

So the regular reasons I get involved with excel are due to the fact I have a customer that one of the following:

  • The users should be able to edit but not delete any excel file.
  • The users should be able to edit but not create new excel files.
  • A report of something.

The last seems like the hardest, but neither of the first are possible at all. Both of these seem quite simple, just deny create file or the delete rights. But it’s not that simple. It has been tried more than once and been asked 1000 times on forums around the world. So what does really happen and why?

Excel will create a temporary file to make sure that the contents is ALWAYS on disk even if your computer fails during the save. Below is a more complete version of what happens. [Read more…]

Refresh quotas

Sometimes after an administrator has done something he shouldnt have on the file server, or a server has problems resulting in the quota of a directory being wrong. Well just let rescan the directory and fix it.

Windows 2008R2 and earlier:

dirquota quota scan /Path:<pathtoDirectory>\…

Windows 2012 and later:

Update-FsrmQuota

How to get a hold of the quota.md and quota.xml files

The FSRM stores it data in a file called quota.xml which is located at C:\System Volume Information\SRM. To get at it you need to be running as System account. So lets start.

Fire up a CMD windows as System

So now we have the XML and md files with the settings in them. In case you want to play around or move them to another server.

Migrating quotas between From Window 2012->2012R2

So my customer is migrating from Windows 2012 to Windows 2012R2 and needed to migrate  user quotas between Windows 2012 and the new Windows 2012R2 server.

So one way would be to copy the quota.xml and quota.md files but I’m not sure that Microsoft would condone or support a suggestion like that so I will go the cmdlets from Windows 2012R2.

Lets roll, Lets get all the old quotas:

Now we have all quotas of the old server. Lets just filter out the ones we want and apply them on the new location.

We still need to migrate the auto quotas. But that is simple too:

Save and Restore NTFS permissions using ICACLS

So you need to make a big NTFS rights change. Well before changing anything do you have a good backup of the old permissions?
Most people will say I got a backup. But restoring the backup will take much longer than restoring just the permissions.

So how do I make a backup of the NTFS permissions?

[Read more…]

NetBIOS vs FQDN server names

Why should I really think twice before using a single NetBIOS name in a path.. Using NetBIOS names is a relic from old times. Today we have the possibility of using fdqn and I believe doing anything else is a bad idea. So why fqdn when netbios is so much shorter. Well your company buys the competitor and both have a fileserver called \fileservercommon. This requires you to handle it directly if you had used fqdn you would have \fileserver.ourcompany and \fileserver.othercompany. So It gives us the possibility of merging with other companies with less problems.

[Read more…]