Moving to Server 2008R2 on domain: Shared drives permissions question

Beer4Me · May 9, 2011

I have a domain controller (PowerEdge 2950) running Server 2008 w/ SP2 (x64). I have acquired licensing for Server2008R2, and the hardware I have is fully capable of running 2008R2. I want to do a clean install of Server R2 on this box to take advantage of the stability, speed, features, and addt'l security that it brings over Server 2008.
I am going to first demote it as a DC (using dcpromo), and reboot it and install with 2008R2 media. Install, patch, readd to domain, and add back in to the domain controller pool (dcpromo again).

My question is this:
I already moved the shared drives (domain user folders) and Public shared folder (within contains individual departmental folders using security permissions to assign access) to another separate RAID-1 array (E:\).

If I wipe, and load 2008R2, am I going to have to re-do the security permissions on each folder on the E:\ drive, or is that going to stay intact when I install 2008R2? I am NOT going to do an upgrade, I want to do a CLEAN install of 2008R2. Thanks for your help.

rasczak · May 10, 2011

I think this is what you may need to look at first.

http://social.technet.microsoft.com.../thread/97e542b0-4f77-42bf-bede-c17a076a1227/

as for the permissions on the shared drives, if they are on a completely different server on the domain, then your permissions should not change.

Beer4Me · May 10, 2011

rasczak said:
I think this is what you may need to look at first.

http://social.technet.microsoft.com.../thread/97e542b0-4f77-42bf-bede-c17a076a1227/

as for the permissions on the shared drives, if they are on a completely different server on the domain, then your permissions should not change.

thanks for trying to help. Your link is helpful, but not what I am really looking/asking for. Sorry for the confusion, I need to know if the file/security permissions are preserved on a separate drive on the same server if i wipe the OS partition and reload.

rasczak · May 10, 2011

thanks for clarifying. I have not had experience moving shares that way so i really couldn't say. sorry. Try technet forums and see what they say. you'll probably get a quicker response as well.

IndyColtsFan · May 10, 2011

Beer4Me said:
thanks for trying to help. Your link is helpful, but not what I am really looking/asking for. Sorry for the confusion, I need to know if the file/security permissions are preserved on a separate drive on the same server if i wipe the OS partition and reload.

On the same server, IIRC, when moving the files/folders between volumes (rather than copying them; note the difference here), the NTFS permissions will be maintained. If you copied them, they will inherit the default permissions of the destination drive/folder to which you copied them. Keep in mind that shares and share permissions will need to be reconfigured, if you used them, and also keep in mind that this only is valid for a different volume in the same server (which is your case). To move the folders to a different server with permissions intact, you'd need a utility or a tape backup/restore to maintain permissions.

Now, what happens when you remove a PC from a domain that has file shares with NTFS permissions assigned via domain users/groups and then you re-add it? The permissions will be maintained.

If you want a quick and dirty way to test it, take a workstation that is on the domain, create a folder, and assign permissions with domain groups. Next, remove the workstation from the domain. Log in locally and review the security for the folder. You'll see a cryptic string of numbers/letters/dashes in the ACL -- that is the SID representing the account or group. Next, join it back to the old domain and then read the permissions on the folder. Guess what? You'll see that your old permissions have returned.

Make sure you take a backup before you do anything data-destructive to the OS -- better safe than sorry.

Beer4Me · May 11, 2011

IndyColtsFan said:
On the same server, IIRC, when moving the files/folders between volumes (rather than copying them; note the difference here), the NTFS permissions will be maintained. If you copied them, they will inherit the default permissions of the destination drive/folder to which you copied them. Keep in mind that shares and share permissions will need to be reconfigured, if you used them, and also keep in mind that this only is valid for a different volume in the same server (which is your case). To move the folders to a different server with permissions intact, you'd need a utility or a tape backup/restore to maintain permissions.

Now, what happens when you remove a PC from a domain that has file shares with NTFS permissions assigned via domain users/groups and then you re-add it? The permissions will be maintained. If you want a quick and dirty way to test it, take a workstation that is on the domain, create a folder, and assign permissions with domain groups. Next, remove the workstation from the domain. Log in locally and review the security for the folder. You'll see a cryptic string of numbers/letters/dashes in the ACL -- that is the SID representing the account or group. Next, join it back to the old domain and then read the permissions on the folder. Guess what? You'll see that your old permissions have returned.

Make sure you take a backup before you do anything data-destructive to the OS -- better safe than sorry.

Perfect! Thanks Indy. Yeah, I moved the shares to volume E: on the server where C:\ is going to be wiped and reloaded. Long as my security permissions on the folders/files are intact, I'm golden. Restoring share permissions will be easy from there.

rasczak · May 12, 2011

IndyColtsFan said:
On the same server, IIRC, when moving the files/folders between volumes (rather than copying them; note the difference here), the NTFS permissions will be maintained. If you copied them, they will inherit the default permissions of the destination drive/folder to which you copied them. Keep in mind that shares and share permissions will need to be reconfigured, if you used them, and also keep in mind that this only is valid for a different volume in the same server (which is your case). To move the folders to a different server with permissions intact, you'd need a utility or a tape backup/restore to maintain permissions.

Now, what happens when you remove a PC from a domain that has file shares with NTFS permissions assigned via domain users/groups and then you re-add it? The permissions will be maintained. If you want a quick and dirty way to test it, take a workstation that is on the domain, create a folder, and assign permissions with domain groups. Next, remove the workstation from the domain. Log in locally and review the security for the folder. You'll see a cryptic string of numbers/letters/dashes in the ACL -- that is the SID representing the account or group. Next, join it back to the old domain and then read the permissions on the folder. Guess what? You'll see that your old permissions have returned.

Make sure you take a backup before you do anything data-destructive to the OS -- better safe than sorry.

thanks for the clarification indy. i learned something new today.

IndyColtsFan · May 12, 2011

rasczak said:
thanks for the clarification indy. i learned something new today.

It is a handy trick for images as well. You can pop a domain security group into a local group, sysprep it, and blast the image up. When you pull it down and join the machine to the domain, you're set!

Search

Moving to Server 2008R2 on domain: Shared drives permissions question

Beer4Me

Senior member

rasczak

Lifer

Beer4Me

Senior member

rasczak

Lifer

IndyColtsFan

Lifer

Beer4Me

Senior member

rasczak

Lifer

IndyColtsFan

Lifer

TRENDING THREADS