Migrating Windows NTFS File Permissions with ICACLS

You can easily migrate file permissions using the ICACLS command line tool. This tutorial is especially useful for when you’re moving files from an old file server to a newer file server and you want to make sure all the folder and file permissions are carried over. The ICACLS tool allows you to get and change the access control lists for file system objects. When importing the ACLs at the new file server, make sure the directory paths mirror the old server.

Export NTFS Permissions

To get all ACLs for a specific folder including its subfolders and files and save them as plain text, run the following command:

icacls c:\FileShare /save fileShare_ntfs.txt /t /c

Note/t key is used to get ACLs for all subdirectories and files, /c allows to ignore access errors.

Give this process some time. It may take a long time depending on how many files/folders there are.

Successfully processed 3001 files; Failed processing 0 files

Open the exported text file using any text editor. As you can see, it contains the full list of files and folders in a directory, and each item has the current permissions specified in SDDL (Security Descriptor Definition Language) format.

Importing NTFS Permissions

To restore NTFS permissions on the objects of this folder automatically according to the values from the backup file, run this command:

icacls c:\ /restore fileShare_ntfs.txt /t /c

Note.  When importing permissions from the exported file, you should specify the path to the parent directory. Do not specify the parent folder name.

After all permissions have been recovered, the statistics on the number of the processed files will also be displayed.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *