3

I'm getting ready to migrate a physical file server to our VM environment using VMware standalone converter. This file server has over 300 shares on it, so deleting all the shares and recreating them is not an option. I'd like to be able to disable access to each share during the migration. I can't simply turn off file sharing because VMware converter uses the service to do the P2V. Is there a way I can write a batch file to make the number of connections on each share 0?

Peter
  • 1,102
  • 3
  • 18
  • 32
  • 1
    300 shares? That's crazy. Any particular reason for that? Typically when I see people do this, it's due to the fact that people assume that permissions for shares need to be granted on the share itself, not realizing that filesystem permissions work as well through the shares. Best practice is to grant full read/write access to the share itself, and then set filesystem-level permission as needed. – EEAA Oct 12 '10 at 14:49
  • The shares are network shares for each individual user. – Peter Oct 12 '10 at 14:52
  • 1
    So that should be one (or a few at most) top-level share with each user's folder beneath that. As you're experiencing, managing more than a handful of shares is a nightmare. – EEAA Oct 12 '10 at 14:56
  • I guess that does make sense. I'm working with what I inherited, If we ever have a reason to recreate our shares I'll do that next time. – Peter Oct 12 '10 at 16:13

4 Answers4

2

Having just done something almost identical to this over the weekend, here's what I did.

On the Source server export: HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Shares On the Source server stop the Server service: sc stop Lanmanserver

Stopping lanmanserver will turn down all your shares.

Copy all our data over to the Target server.

On the Target server import the Shares registry values you exported. On the Target server restart the lanmanserver service and all your shares will repopulate.

Paul L
  • 21
  • 1
  • The OP stated he can't turn off all sharing due to sharing being used by VMware Converter. – EEAA Oct 12 '10 at 14:54
  • I'm not really sure why I didn't catch that. Using info from the above two solutions; If the OP exports the share data from the registry, deletes it all from the source, then restarts Lanmanserver, VM should be able to pick up the services it needs for the P2V. – Paul L Oct 12 '10 at 15:25
  • That will work. Export the registry key you referenced (and the Security subkey), then delete the registry key (and the Security subkey) stop and restart the Server service (and any dependent services), perform the P2V, reimport the reg file, stop and restart the Server service (and any dependent services). This will remove the shares but will allow the OP to continue running the P2V. – joeqwerty Oct 12 '10 at 23:41
1

I can think of a few ways to do this:

The method I'd recommend is just to firewall off all hosts but the ones that are needed for VMware converter to do its thing. Simple enough, and easy to reverse once the P2V is complete.

Second, you could create a group with all of your users in it, and apply an inheratable ACL to the root of your volumes that denies them access to the files/directories.

The third option is to export your shares, delete them, run the migration, and then re-import. KB article 125996 explains how to do this.

I'd recommend at least giving the firewall option a try first, though, as that seems to be the least intrusive and gives the least opportunity for things to get messed up.

EEAA
  • 108,414
  • 18
  • 172
  • 242
0

I'm doing tests right now and VMware Converter only uses file sharing to push their agent. My current process that is working in testing is: start the conversion dialog, push the agent, go in and disable file-sharing on the NIC, then proceed with the conversion. During the conversion the network shares are unavailable. After the conversion is complete boot the VM and activate file-sharing on the new VMware NIC.

Peter
  • 1,102
  • 3
  • 18
  • 32
0

Why not just remove the share with net share xxxx /delete. If you need to rollback, you can easily re-create using net share xxxx=path [options].

Simon Catlin
  • 5,222
  • 3
  • 16
  • 20