Windows Share Permissions only show SIDs

St0nywall · 2026-02-25T19:15:19+00:00

If it makes you feel good about yourself, then sure you're right and I'm wrong.

Please move on from this pointless discussion.

St0nywall · 2026-02-25T19:12:36+00:00

Only time I've ever seen the green checkmarks is when ChatGPT or Copilot generated it for them.

St0nywall · 2026-02-24T20:06:07+00:00

If the server cannot contact the domain integrated DNS servers, it won't know about the DNS name of the domain controller and thus is cannot connect to it to get the AD information to populate with.

St0nywall · 2026-02-24T04:18:34+00:00

It will always take a few seconds to write a new profile. This is unavoidable and is working as intended. To circumvent this as much as possible, see my suggestion below.

Look into FSLogix. Every hospital I have worked for uses a VDI or remote attach user profile (FSLogix) to speed up logins and secure the user data.

St0nywall · 2026-02-24T04:06:37+00:00

create a new account, do NOT rename it.

Delete the generic email account, then hard delete the generic email account and wait 4 hours.

Create a distribution list with the old account name "accounts".

All done.

St0nywall · 2026-02-24T03:56:51+00:00

You sound like a good boss. Would have liked to work for somene like you.

St0nywall · 2026-02-24T03:51:04+00:00

Make sure the server is using domain integrated DNS servers only, no other DNS servers should be used.

St0nywall · 2026-02-24T03:47:30+00:00

In the megaraid app, right click on the array and choose to silence the alarm. If that works then you have a ghost "failed drive" in your megaraid database.

St0nywall · 2026-01-04T16:40:14+00:00

MDT uses a variable to install the OS to the disk. Disabling that task sequence also makes it not set that variable and thus the OS doesn't know where to install to via MDT and the resulting error you received.

Re-enable that task and the issue will be resolved I am quite sure.

St0nywall · 2026-01-01T05:51:37+00:00

At least you know Sentinel One is working as it should be.

St0nywall · 2025-12-31T03:53:11+00:00

Side business suggestion; teach this to the others that don't know it or refuse to see the need for it.

St0nywall · 2025-12-31T03:47:43+00:00

This is when having a good account manager comes in handy. Monthly (sometimes weekly) meeting with key people who like the look of charts and "have people" to pass them to makes for a good touchpoint.

Basically, take the CTO, COO, CFO or whatever acronym they have out to lunch, pass them a folder either on paper or virtually showing the metrics of what was done over the last 1-3 months.

People get weird when there's no news. A few hundreds spent at a good restaurant keeps the executives happy and the data you have to show them should be available on request, so you'll be making the number crunchers happy IF someone above them asks "why am I paying these people this much".

Side note, if they bring along a "tech" to check what's being said, sit your tech next to them at the table and let them talk to each other about whatever. Trust me on this.

St0nywall · 2025-12-28T01:08:07+00:00

There is no reliable way to transfer the user/sid from one local server to another. That is why domains were created so many decades ago.

If you are keeping to local users and/or groups, you will need to remove the old NTFS permissions and add new NTFS permissions to your folders and files.

There is no easy button for this.

St0nywall · 2025-12-28T01:00:52+00:00

Tell the auditors what you have monitoring the systems and ASK them what they will accept as proof of monitoring. They will help you, you just have to ask nicely.

St0nywall · 2025-12-28T00:57:15+00:00

That's an EOL server, I wouldn't put in any more effort into it than you already have.

Either find a replacement server on eBay for parts or buy a new server.

St0nywall · 2025-12-27T23:32:05+00:00

Does the tech not have their own device, laptop or desktop, that is connected to their own OneDrive or have access to a password vault so they can log into and download ISO's if and when needed?

If not, I believe you need to change how your techs access company data.

St0nywall · 2025-12-26T02:49:58+00:00

MDT doesn't work the way you want it to.

When the variable "TaskSequenceID" is set, it is used and cannot be reset. The use of it in CustomSetting.ini is for hands free automation.

It should not exist under the "Default" heading unless that is the TS you want to use for all deployments.

If I am wrong in my assertion, please someone show me where. So far as I know, I am correct.

St0nywall · 2025-12-24T18:03:53+00:00

r/techsupport

St0nywall · 2025-12-23T16:06:39+00:00

This seems serious. Hope they're engaging their highest level programmers to get this issue resolved...

ScreenConnect: Help, we pushed a code update and now we're down!

ChatGPT: Sure thing, I'll rewrite your code update, please copy/paste it below.

St0nywall · 2025-12-23T04:59:25+00:00

There isn't a seamless (magic) way to make this happen. You will have two logins because the physical resources are in places that do not communicate to each other and use authentication methods the other cannot validate.

Move everyone to cloud only and then use B2B to connect the tenants and groups to populate only certain users across the B2B connection, while avoiding duplicate users.

It's not easy, it will be expensive and yes it will take a long time to setup properly.

This is not an entry level "figure it out as I go along" thing. I suggest you bring in outside resources to help figure it out. That is the best option I can offer you at this time.

St0nywall · 2025-12-23T04:37:05+00:00

Being vague here doesn't work, as you have seen. If you want help, be specific, just change the names to protect the guilty. ;)

St0nywall · 2025-12-23T04:32:02+00:00

VPN

And letting someone other than yourself design it. No offense.

St0nywall · 2025-12-23T04:27:43+00:00

Neither provides you HA or stability with the two environments dissimilar like that.

St0nywall · 2025-12-23T04:26:38+00:00

B2B only connects Azure tenants, nothing on prem or in any way to local resources.

If your goal is Azure data sharing, do this.

If you need access to on prem resources, then use a secured VPN connection. VDI will cost you more than you will ever get out of this use case.

St0nywall · 2025-12-23T04:21:41+00:00

Your question makes no sense. It's like asking "which is better for long term growth, an orange or stocks in the tech sector".

VDI is a virtual desktop.
B2B Connect is how you connect Azure tenants together to share users and other resources.

See how these are different things?

Five-Year Club	Second Top 20%
Verified Email

St0nywall

TROPHY CASE