Restoring broken Windows 2012 R2 Hyper-V directory permissions

A few weeks ago I made the terrible mistake of losing track of where I was up to in my notes, skipped ahead a little before getting back on track. The timestamp on the email prompt I left myself to blog about this was 10:17 PM, I recall I was still in the office and tired.

You know how when you add a new disk or partition to Windows, Windows will automatically give excessively high permissions to read and write new content to a fresh disk? One of the first tasks I usually do is wipe these via Advanced Permissions leaving only:

  • Administrators with Full Control
  • SYSTEM with Full Control
  • That’s it!

On an empty disk, I force inheritance on child objects which affects a few system locations only. This goes a long way in hardening the disk from attack in the future after sensitive data has been added.

Recently, I made the stupid mistake of doing the above on a Windows Server 2012 R2 Hyper-V host with VMs running on it. The permission structure of the “vms” directory is quite vast and unique to the virtual machines. Without spending hours (that I didn’t have) on research trying to understand how the giant jigsaw puzzle of explicit permissions were applied, I was in a spot of trouble.

The purpose of this post is to shout out to Mike J McGuire and an elegantly explained blog post he has written on recovering lost Hyper-V permissions. Not only was it well explained, he provided scripts to dynamically generate the permissions required for my problem server. Credit where credit is due Mike, well done on a fantastic post and thank you for your help!

A link to Mike’s post can be found below:

Restoring All Lost Hyper-V Permissions. Wipe Them Out… All Of Them.

Similar Posts:

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
Tags: , , .

What are your thoughts?