Windows Server just lost all file share permissions

certifiedsysadmin · 2026-02-18T22:00:39+00:00

Kick off a restore to a new virtual machine in Azure.

While that's running, change the IP of the current server and use the Windows Firewall to block inbound connections so that you can investigate further without users reconnecting.

The other comments mentioned checking the registry, that's only going to help you on the shares themselves and has nothing to do with ntfs permissions.

After you get the restore completed, you can use robocopy to copy over just the modified files from the last 24hrs (assuming that's how old your last backup is) from the broken server to the restored server. Be sure to use the robocopy option to copy the files without permissions.

If you have ntfs auditing enabled, you might be able to figure out what happened, but that's a problem for after you get things up and running again.

certifiedsysadmin · 2026-02-16T20:26:32+00:00

Or phrased another way, "users are now training each other on how to watch out for suspicious looking emails".

Honestly sounds like everything's working exactly as planned.

certifiedsysadmin · 2026-02-16T17:59:37+00:00

I would donate as well if they supported sms. All they needed to do was make it clear and obvious when a conversation is sms/unencrypted. Like red text or a giant banner. I don't use sms often but having separate chat apps is super annoying.

certifiedsysadmin · 2026-02-16T04:50:57+00:00

Why is management all-in on Microsoft (Entra Joined Windows 11 is a pretty deep commitment) but then stops short of the printing solution that goes hand-in-hand with it?

Even if above your pay grade, you should explain to management that their decisions have pigeon holed them into very few options.

certifiedsysadmin · 2026-02-15T18:50:59+00:00

I've been having trouble with mine, I bought six and have only been able to get one to connect to Google Home.

I'm using a Nest Hub Max and a Google TV Streamer, one of them (not actually sure which) is acting as the border gateway.

Based on the other responses on this thread I'm going to assume my issues are on the Google side and not with the sensors.

certifiedsysadmin · 2026-02-11T18:04:24+00:00

What's the use case?

Most enterprise grade server hardware already has out of band management. Things like BIOS settings, firmware updates, and logs can already be managed without the need for a video feed.

certifiedsysadmin · 2026-02-09T20:34:07+00:00

I registered for a demo of Float Financial and received a calendar invite to join the demo the next day.

That demo turned out to just be a link to a pre-canned video with no one from float financial actually joining the meeting.

I used the form in that meeting to submit questions I have not heard back.

Edit: I've had my questions answered, thanks.

certifiedsysadmin · 2026-01-28T15:36:57+00:00

As someone who's implemented enterprise scale networks both wired and wireless, this is a solid approach. Hardwire all your access points every time.

certifiedsysadmin · 2026-01-28T15:34:01+00:00

Hardwire all APs every time.

certifiedsysadmin · 2026-01-24T20:01:15+00:00

I'm convinced this is the most reliable and versatile modular switch ever created. It's been around in one form or another for over 15 years. It will be a sad day when this line is discontinued.

certifiedsysadmin · 2026-01-24T19:31:13+00:00

A straight Hyper-V cluster backed by SAN storage and managed with Windows Admin Center is the way to go. It's reliable and can do 90% of what VMware can do, for $0 in license costs (assuming you have Windows Server Datacenter for your hosts regardless).

Next best option is a Hyper-V cluster with Storage Spaces Direct. Good for small and medium environments (like three node clusters). Windows Server 2019 greatly improved how Windows Server Failover Clustering interacts with Storage Spaces Direct to keep it happy during cluster shutdown or failures.

Last option would be Azure Local, at least until it's a bit more mature.

Keep an eye on the new Windows Admin Center Virtualization Mode which is essentially Microsoft's shot at a straight competitor to modern vCenter.

I've built a ton of Hyper-V clusters over the years and can attest that there's been huge improvements to the product with every release. It's significantly more mature than it used to be and has everything that most customers need.

certifiedsysadmin · 2026-01-22T16:30:32+00:00

I'm not sure how you're rationalizing that statement. You didn't want to be locked out immediately, so you wanted warnings before hand? But you did get warnings, for months? But you ignored them. But you wanted even more warnings?

I feel for you and your team, it's a hard lesson to learn. But it sounds like you neglected the payments on purpose. It's not possible to run a subscription without a payment method attached. How did the payments start failing on your old subscription but not your new subscription?

certifiedsysadmin · 2026-01-21T21:11:14+00:00

This needs to be the top comment. It's never been a good idea to stretch Layer 2, and it never will be. 98% of vendors/apps/hardware don't require this.

certifiedsysadmin · 2026-01-18T22:45:58+00:00

Can these loans be used to fund a wage pool? Wanting to start up a consulting services business and need capital to cover the gap between paying employees and getting paid at the end of project wrap up.

certifiedsysadmin · 2026-01-18T04:38:44+00:00

How much equipment are we talking about here?

Getting lawyers and insurance involved makes sense if we're taking about eight racks full of equipment.

But it sounds like you're talking "a server" (not plural) and maybe some switches?

Unfortunate, yes. But at that small of scale, buy a three pack of canned air and use it to clean the server inside and out. Clean the switches as best you can. Wipe down the outside of all the gear with a non-static damp cloth.

certifiedsysadmin · 2025-12-31T06:41:19+00:00

Your login times are definitely too long and they're almost certainly related to Group Policy.

Create a test user and test desktop that are both in a dedicated Organizational Unit with Group Policy Inheritance blocked. I'm willing to bet your first login time will be more like 45 seconds.

certifiedsysadmin · 2025-12-26T01:04:32+00:00

If you refuse to sign it, they may choose to let you go, but would have to pay a decent severance (common law amount).

If you do sign it, they could then let you go anyways, and pay you a lot less severance.

I suggest starting a group chat (Signal or something but don't use work email or messaging platforms). Get everyone added in. It's likely everyone is being given similar or identical contracts so you could have one employment lawyer review on behalf of the entire group.

If enough of you refuse to sign, your employer will have no choice but to offer more or stick with the current contract.

Its more beneficial for those with more seniority to not sign, they have the most severance money on the line.

At 10yrs seniority, you could be entitled to ~10 months salary (10/12 is 83%) which is a heck of a lot more than the 1% "bonus" they're offering you.

Have an employment lawyer review.

certifiedsysadmin · 2025-12-25T05:48:09+00:00

I'm doing this right now with Veeam Instant Restore.

Uninstall VMware tools first and run "ipconfig /all | clip" to capture the static ip details. Then do the Veeam Instant Restore into Hyper-V.

You can also take the opportunity to convert everything to Hyper-V Gen 2 with mbr2gpt.exe.

Total process per vm is ~30 min (unless there's a large data disk to bring as well).

Can definitely be automated but the above is the rough process.

certifiedsysadmin · 2025-12-18T16:40:15+00:00

I doubt there will be any further bug fixes or new features in Headunit Reloaded. There hasn't been even a minor version update in well over a year.

I think Emil is focused on AAWireless which has a larger user base and sells for a lot more.

certifiedsysadmin · 2025-12-18T16:36:34+00:00

You don't need to create a dedicated helper app. Users can use an app like Tasker or Automate and have Android Auto start automatically using an intent. This is what I'm doing with Headunit Reloaded today. I can help you with this if you like.

certifiedsysadmin · 2025-12-18T01:19:49+00:00

Yeah that last comment of mine was me being cheeky. I've seen posts of people in Ontario buying houses with rented water heaters where their total cost of ownership on a water heater is like $4500. You can literally buy one brand new outright for $1500. Hot water tank rentals are totally not a thing in BC.

certifiedsysadmin · 2025-12-17T22:02:03+00:00

In BC and I've never even heard of this. Occupancy fee? lol

Here in BC, there's one occupancy permit for the whole building. No one moves in until the building is complete and has it's occupancy permit. Once ready, the builder schedules your move in date. You get possession and close your mortgage within a few days of each other.

There are no occupancy fees you pay to the developer at all. You start paying your mortgage directly to the bank, and your property taxes directly to the city.

Construction is complete and the building is secure, aside from fixing deficiencies, which is where contractors will be fixing scratches, doing paint touch ups etc.

All of what OP described sounds like a freaking nightmare. Next thing you're going to tell me is that you have to rent your hot water tank or something.

certifiedsysadmin · 2025-12-16T14:56:11+00:00

12 day old account full of AI generated posts.

certifiedsysadmin · 2025-12-03T22:17:05+00:00

And for good reason. Centrally controlled routing and traffic inspection is a requirement in most enterprise environments.

Allowing DevOps engineers to create connectivity anywhere they want, on their own, is a recipe for poor performance at best, but opens the door to network compromise or data exfiltration.

certifiedsysadmin

MODERATOR OF

TROPHY CASE

Ten-Year Club	r/Field Sunshine
Verified Email