It depends.

Doing a directory only restore will bring back the directory NTFS security
acl's but it will not bring back the directory
share level security.

NTFS object security information is stored with the object on the server
and will be restored when the individual
NTFS object is restored.

Share level security (may be set on all types of file systems) is stored
in the registry and currently is only backed
up as part of the registry so the only way to get it back is to restore a
previous copy of the registry.

Backing up the individual directory share information with the directory
is a well known requirement which
development has contemplated implementing  (draw your own conclusions on
that statement....), and this
would accomplish what you trying to do regardless of whether NTFS acl's or
Share security were used.

Hope this answers your question ....

Regards, Pete

Pete Tanenhaus
Tivoli Storage Solutions Software Development
email: tanenhau AT us.ibm DOT com
tieline: 320.8778, external: 607.754.4213

"Those who refuse to challenge authority are condemned to conform to it"

---------------------- Forwarded by Pete Tanenhaus/San Jose/IBM on 06/20/2003 
03:37 PM ---------------------------
Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
Sent by:        "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
To:     ADSM-L AT VM.MARIST DOT EDU
cc:
Subject:        Restoring NT file security settings



We have a Win2k server that has 75+ shares based on the hospital
department that uses it. The security on the folders is configured so that
users can only access there own department's folder. And, depending on the
user, they can only do certain things within each folder. The director of
the department has full rights and each user down the line has less and
less
rights all the way down to the lowest person in the department who has
almost no rights. Yes, it's complicated but that's the way they want it.

One of our IS guys decided to add a superuser to the shares and
somehow screwed up all the security settings on the folders. All the
settings are wrong now and we can't figure out what he did to screw it up
so
bad.

It would take far too long to restore all the files. I have been
playing with the restore using the command line to try and do a directory
only restore.

I have restored the directory tree to another location to see if
it is doing what I want it to do and it looks like it might work. The
restored folders have all the right security settings.

I'm using the "restore d:\wrkgrp\*.* -dirsonly d:\temp\" command
on the local server to bring back the directory structure.

Is this a good approach to repair this mess?

I'm running TSM 5.1.5 on the server.





David Tyree
Microcomputer Specialist
South Georgia Medical Center
229.333.1155

Confidential Notice:  This e-mail message, including any attachments, is
for
the sole use of the intended recipient(s) and may contain confidential and
privileged information.  Any unauthorized review, use,  disclosure or
distribution is prohibited.  If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.