Icacls Backup and Restore – How to only restore parts of the backup

One of our customers rang us up the other day requesting help with an icacls backup that they ran.

What has this got to do with our DirectAccess service I hear you ask? Well they have a maintenance agreement with us and even though this has nothing to do with DirectAccess we are always happy to help out. After all we love thinking out side of the box, it’s what got us to make DirectAccess work behind NAT’s in the first place.

So the background,

Our customer wrote a script to change ACL’s on a drive where users would save work to share with everyone else. There was over 400Mg of data and the folder structure had got out of hand over time. Meaning the security on them had gone a bit screwy.

So the script they wrote was going to fix it. Very exciting times.

The first thing thank god they did was to run this command

Icacls d:\* /save AclFile /T /C

As a note it is very important to use /C. if icacls finds an error half way through it will stop and you may think your drive is backed up but it won’t be.

So this creates a file called AclFile on the drive. Their file was nearly 30Mg. Each line contains the path to the file and security information.

So they then ran their script and all was going to plan. 4hrs later they brought the cmd window backup to check the progress and realised something was not right. They paused the script and sure enough it hit a blip and was changing stuff on folders they didn’t want to . Ops.

But don’t panic we got a backup all is well. So let’s restore it back , fix the problem and try again.

So they ran

Icacls d:\ /restore AclFile /T /C

As a note it is very important to use /C. if icacls finds an error half way through it will stop and you may think your drive is restored but it won’t be.

This took another 4hrs to restore and they thought all was well until a user said they could not access a folder they were working on.

What the user had done was  in the middle of all this they had cut and pasted a folder somewhere else.

The problem with the backup is that it contains a path to files and folders and if they have moved or been deleted it will just fail to reset it even if the folder has only been moved down one level.

So the obvious answer is that you just move the folder back and re-run the restore. Well that would have worked but IT had already done a lot of work on the security manually and didn’t want to lose their progress.

So they went about researching how to restore just part of the backup. I.e. just the security on one folder tree.

That’s when the phone rang.

So we took the challenge and eventually sorted it.

I’m not going to go into everything we tried but eventually we did this;

Open your AclFile in notepad and un tick word wrap then do a find for the folder that you want to change.

So if the folder is called “ops” do a find and it find you the part in the file that contains the folder tree and below it all the other files and folders in the tree

So if it starts with hot\sharing\ops and below it will be everything else contained in that folder.

Copy and paste everything you need starting from hot\sharing\ops and ending with the last folder / file but its security bit like D:(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-2841303841) into a new notepad

Save it as newrestore with no extension, if you can’t, save as txt then rename it.

You will now think if you ran icacls d:\hot\sharing\ops /restore newrestore /T /C it will work.

But no we need to do a little more work.

You will now need to make a new AclFile backup so this time to make life easier map a drive z: to d:\hot\sharing so z: drive shows z:\ops. (its easier this way because the command restore does not like folders with spaces in them)

In cmd go to z: drive and run icacls * /save AclFile /T /C

You will have a new AclFile at the root of z: drive.

Go back to your newrestore file and you will need to do a find and replace for the new folder structure. So if it was hot\sharing\ops  you will need to do a replace for hot\sharing\ops with ops.

Now you’re thinking of running the command again but wait we are still not finished.

Open the z:\AclFile in notepad with word wrap off. Copy everything in the newrestore file and paste it at the very bottom of the z:\AclFile. Don’t replace what’s in there. Save it.

Now you can run the restore

In cmd go to z: drive and run icacls z:\ /restore AclFile /T /C

What will happen is that it will restore the security with the wrong info that you want but then will carry on to do the right stuff.

And bingo, hours saved

Remember to read our other blogs to see how DirectAccess could change your business.

Post a Comment

Your email is never published nor shared. Required fields are marked *

This blog is protected by Dave\'s Spam Karma 2: 23602 Spams eaten and counting...