A few weeks ago I made the terrible mistake of losing track of where I was up to in my notes, skipped ahead a little before getting back on track. The timestamp on the email prompt I left myself to blog about this was 10:17 PM, I recall I was still in the office and tired.
You know how when you add a new disk or partition to Windows, Windows will automatically give excessively high permissions to read and write new content to a fresh disk? One of the first tasks I usually do is wipe these via Advanced Permissions leaving only:
- Administrators with Full Control
- SYSTEM with Full Control
- That’s it!
On an empty disk, I force inheritance on child objects which affects a few system locations only. This goes a long way in hardening the disk from attack in the future after sensitive data has been added.
Recently, I made the stupid mistake of doing the above on a Windows Server 2012 R2 Hyper-V host with VMs running on it. The permission structure of the “vms” directory is quite vast and unique to the virtual machines. Without spending hours (that I didn’t have) on research trying to understand how the giant jigsaw puzzle of explicit permissions were applied, I was in a spot of trouble.
The purpose of this post is to shout out to Mike J McGuire and an elegantly explained blog post he has written on recovering lost Hyper-V permissions. Not only was it well explained, he provided scripts to dynamically generate the permissions required for my problem server. Credit where credit is due Mike, well done on a fantastic post and thank you for your help!
A link to Mike’s post can be found below:
- Windows sidebar.exe Memory Leak
- Google Chrome and NTLM Auto Login Using Windows Authentication
- Windows 10 upgrade error “Setup has failed to initialize the working directory”
- 2 Reasons Why I Am rolling Back From Windows 8.1 to Windows 7
- How to delete ASP.NET temporary files from shared server
- What application pool is using all that CPU?
- How to Stop sidebar.exe Using Lots of Memory (Edited 14 May 2011)
- ISAPI Filter ‘C:\Windows\Microsoft.NET\Framework\v4.0.30319\\aspnet_filter.dll’ could not be loaded due to a configuration problem