The powershell NTFSSecurity module provides cmdlets to export and import security. Unlike icacls which sticks to using sddl format (for a 10 fold increase in speed exporting security for large filesystems), powershell will resolve the SIDs in sddl format into human friendly names by chatting to the DC as it goes. Some useful commands are noted below.
Download from here
NTFSSecurity Module for Powershell
Installation
Just create the folder “NTFSSecurity” in the folder set according to the environment variable %PSModulePath%
The module should now be listed in “Get-Module -ListAvailable” and can be imported using “Import-Module NTFSSecurity“.
For example, all the files in the zip file have to be in “%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\NTFSSecurity\“.
If you did this then the module should be listed in “Get-Module -ListAvailable” and can be imported using “Import-Module NTFSSecurity“.
Note that running Windows Powershell Modules (look for the powershell icon with the admin shield in the corner in your start menu), will automatically load the module upon CLI startup.
USAGE EXAMPLES
BACKUP AND RESTORE PERMISSIONS USING POWERSHELL
#to backup permissions just pipe what Get-Ace returns to Export-Csv
get-childitem -Recurse | Get-Ace -ExcludeInherited | Export-Csv permissions.csv
#to restore the permissions pipe the imported data to Add-Ace
#As the imported data also contains the path you do not need to specify the item
Restore: Import-Csv .\permissions.csv | Add-Ace
FIND ALL FOLDERS WITH INHERITANCE TURNED ON
get-childitem -Recurse | get-inheritance | export-CSV C:\inheritanceon.csv -NoTypeInformation
FIND ALL ACES INHERITED OR NOT ON FOLDERS ONLY
get-childitem -recurse -exclude *.* | get-ace | export C:\migrationscripts\incinherited.csv -notypeinformation