Configuring shares can be a time-consuming process especially if you are trying to troubleshoot why a particular user doesn't have access or set up a new server with the same file shares as a server you are decommissioning. Fortunately, there are two tools you can use to help you better manage file shares and the way they are implemented:
SrvCheck
PermCopy
Both tools are found in the Windows Server 2003 Resource Kit, and each is discussed in the sections that follow. Keep in mind that you should use an account with administrative privileges to run these tools.
SrvCheck is a handy tool for helping you track file share and print share permissions on both local and remote systems. You can use it to display a list of shares and who has access. If you redirect the output of SrvCheck, you can save the share configuration and access information to a file, and this file can become a log that helps you track share permission changes over time.
To run SrvCheck, type srvcheck \ComputerName, where ComputerName is the domain name or IP address of the computer whose file share and print share information you want to display. For example, if you wanted to display the share information for CORPSVR02, you'd type
srvcheck \CorpSvr02
The output of SrvCheck shows you the name of each share on the server, who has access to it, and which access permissions these users have. Here is an example:
\corpsvr02SYSVOL NT AUTHORITYAuthenticated Users Full Control BUILTINAdministrators Full Control Everyone Read \corpsvr02NETLOGON BUILTINAdministrators Full Control Everyone Read \corpsvr02print$ BUILTINServer Operators Full Control BUILTINPrint Operators Full Control BUILTINAdministrators Full Control Everyone Read \corpsvr02fifthse BUILTINServer Operators Full Control BUILTINPrint Operators Full Control BUILTINAdministrators Full Control Everyone Full Control \corpsvr02CorpData CPANDLDomain Users Change CPANDLDomain Admins Full Control \corpsvr02FxsSrvCp$ Everyone Read BUILTINAdministrators Full Control \corpsvr02faxclient Everyone Read \corpsvr02EngData CPANDLDomain Users Change CPANDLDomain Guests Read CPANDLDomain Controllers Read CPANDLDomain Computers Read CPANDLDomain Admins Full Control \corpsvr02DevData CPANDLDomain Users Change CPANDLDomain Guests Read CPANDLDomain Controllers Read CPANDLDomain Computers Read CPANDLDomain Admins Full Control
The list of shares shown for CORPSVR02 includes the file shares SYSVOL, NETLOGON, PRINT$, CORPDATA, FXSRVCP$, ENGDATA, and DEVDATA, as well as the FIFTHSE print share. Administrative shares created and managed by Windows, including ADMIN$, IPC$, and any drive shares, are not included in the list. You'll also find that any Macintosh shares that you've configured aren't listed. Still, this tool is very handy for helping you track file share and print share permissions.
If you want to redirect the output to a file, you can do this by typing srvcheck \ComputerName > FileName.txt, where ComputerName is the domain name or IP address of the computer whose file share and print share information you want to display and FileName.txt is the name of the file to create and to which you want to write, such as
srvcheck \CorpSvr02 > C:logsfileshares-Dec05.txt
Whether you are setting up a new file share with the same permissions as an existing file share or configuring a new file server with the same file shares as a server you are decommissioning, you can use PermCopy to help you out. PermCopy is a tool that you can use to copy share permissions from one file share to another. Not only will this save you time, but this will also ensure that share permissions are exact—something that is often hard to do if you have a complicated permission set or a lot of different users and groups with assigned permissions. Thus, rather than going back and forth from one folder's Share Permissions to another's, you can simply copy the permissions from one to the other.
The syntax for PermCopy is as follows:
permcopy \SourceServer ShareName1 \DestinationServer ShareName2
where
SourceServer is the domain name or IP address of the source computer. This is the computer with the file share whose permissions you want to copy.
ShareName1 is the name of the source file share. This is the file share with the permissions you want to copy.
DestinationServer is the domain name or IP address of the destination computer. This is the computer to which you are copying file share permissions.
ShareName2 is the name of the destination file share. This is the file share whose permissions you want to replace.
Consider the following example:
permcopy \corpsvr01 DevData \corpsvr17 EngData
Here, you copy the permissions of the DevData share on CORPSVR01 to the EngData share on CORPSVR17. It's important to note that any existing permissions for the EngData share are deleted and replaced with those of DevData.
The source and destination computer can be the same. In the following example, you copy the permissions of the History share on CORPSVR02 to the Q405 share in the same server:
permcopy \corpsvr02 History \corpsvr17 Q405
When you run the command, it should display the message "The command completed successfully." If you get an error, check the syntax and make sure you can connect to both the source and destination server.