Q141589 details a workable method of restoring shares from one server to another server. The procedure involves restoring the old server's system.hive to the new server and importing the share subkey. It works. I have used it. The method assumes that the accounts and groups exist on the new server. In fact, the procedure only works when the old and new server are domain controllers within the same domain. As such, they share a single SAM with the same accounts and groups re: SIDS.

If the "old" box and the new box are member servers, once you restore the shares, you will find that the shares have permissions granted to "unknown accounts". The SIDs for the accounts and groups do not match. Microsoft has released a new (Jan 5, 2000) KB article, Q250267 which details how to copy shares from one member server to another with the ACLS intact.

You use Resource Kit utilities getsid to copy the SIDS from the old server, scopy to copy the files and acls (now Unknown), and Subinacl to apply the getsid data and make it all work. The following command can be used to print out the acls for a file:

subinacl /verbose=1 /file c:\whateverfile.txt /display

Related Tips

• Subinacl.exe
  
• Subinacl syntax
  
• HOW TO: Grant Users Rights to Manage Services in Windows 2000
  

Must have for NT administrators