Adventures with Windows ACLs and Acronis True-Image 2016



This blog post was inspired by a unique error that I came across while migrating operating systems. Up until last week, I was one of the few people that were (willingly) running Windows 7 on my gaming/main desktop. I stayed on Windows 7 so long because I’m more of a “if it ain’t broke don’t fix it” person mixed with my opinion that Windows 7 is more aesthetically pleasing than Windows 10. However, I’ve recently wanted to redesign and revamp my home network including deploying a Windows Server 2019 domain controller to handle DHCP/DNS/GPOs/etc. Unluckily for me, the 2019 RSAT tools aren’t compatible with Windows 7, hence the upgrade to Windows 10. The upgrade process was rather smooth – I did a fresh install of Windows 10 because I didn’t want to carry over random quirks from my Windows 7 install.

 

I make nightly backups with Acronis True Image but made sure to make an ad-hoc backup before the upgrade, and then after the install was complete, I used True Image’s backup mount feature which allows you to mount your .tib backup file as a virtual drive:

After mounting my drive, I immediately started copying my files over from the Y:\Users\Clinton folder to my new Windows 10 install, but then came across permissions issues because my new user account didn’t have an ACE to access the files nor was my account the owner of the files. I mean, I could have went to each folder and went to the Security tab and taken ownership of the file/folder and given myself access rights, but there were way too many files and folders that needed that treatment. Given the number of files I needed to change the ACL for, I turned over to writing some PowerShell to automate the process. The first thing I did was create a dummy folder with the new permissions that I wanted (The local admin group is the owner and my user account has access rights) and saved that ACL in a variable:

Next, before trying to fly through and apply that ACL to all files from my backup, I tried to do one folder as a test but came across a unique error:

I searched all over Google/Bing but couldn’t find anything that referenced error code 19 when it came to using Set-ACL. I spent a while poking around trying to figure out exactly why I couldn’t change the ACLs for the files in my backup and what the error meant. It turns out that Acronis TrueImage mounts your backups in read-only mode and you can’t mount them in read/write mode.  The workaround I ended up going with was to use the Disk Management console to create a 400GB large VHDX file, initialize and mount the disk, and then have True Image “restore” the backup to the VHD. From there, I was able to mass-change the ACLs on files and copy over what I needed from my backup. Crisis averted.

If you come across this error in the future, make sure that the media that contains the files/folders you are trying to manipulate is not read-only. Also in case anyone else finds it handy, this is the PowerShell script that I used to mass-change the ACLs:


1 comments

Hi – Like you – I still use Win7 – and the 32 bit edition with 3 GB RAM is way fastre than Win 10 (64 bit) 8 GB Ram. Other than for VBA, I use Ubuntu as my dev machine.

I just wanted to say that I was a user of Acronis but have moved to clonezilla – and never once has it hiccuped – even with dual boot systems. My typical partitions are – Win 7 20 Gb, Win 10 100 GB, Ubuntu 100 GB – I manually set locations of My Documents to the Data Partion and then I use Clonezilla – for saving partitions and restoring. sometimes when there are boot issues, I use Ubuntu Live USB and Gparted for partition editing…

Leave a Reply

*