Ensuring your VHD file has proper NTFS permissions with Powershell

There has been the odd time I’ve had to overwrite a VHD file in Hyper-V with a restored copy.

The problem I stumbled across was starting the Hyper-V virtual machine up ended up with an “Access Denied” error almost every time.   The reason for this is simple.   Your VHD file does not have the correct permissions.

But how does one fix that?   It does inherit the folder permissions properly but the issue at hand is the VHD file is assigned a full access write to a SID.   That SID is specific to your Virtual machine and you will probably watch your brain explode.  Or you will go about chewing on your own socks for an answer.

The Cheat (and I stress “Cheat”) to this is to just grant the “Everyone” group full access to the file and…

Oh right…. That smells like a “Security Hole”.  Here, let me just do that to the rest of my files, it’s such a wonderful idea.

While the file is relatively isolated, granting the “Everyone” group access to a critical file is about as dumb as juggling a family of rabid skunks.

But the answer is easier than you think.  Use Powershell

Let’s say you’re looking a virtual machine folder with a file you need to replace (for whatever reason) and it contains the file “CDRIVE.VHD”.  If you need to overwrite CDRIVE.VHD with a restored copy AND retain the original permissions just Rename it and store the ACL’s presently applied to it in a Powershell variable using GET-ACL.

RENAME-ITEM CDRIVE.VHD OLDCDRIVE.VHD

$Permissions=GET-ACL OLDCDRIVE.VHD

Then restore the new file in place giving it the name of the original file.   To place the correct permissions on there, just execute

SET-ACL CDRIVE.VHD –aclobject $Permissions

 

Now your restored virtual machine will start without any complaints.

.. and you won’t be considered “Dumber than a bag of Hammers” by applying “Everyone” to a critical system file. Winking smile

The Power of Shell is in YOU

Sean
The Energized Tech

Leave a Reply