Adventures with Windows ACLs and Acronis True-Image 2016

This blog post was inspired by a unique error that I came across while migrating operating systems. Up until last week, I was one of the few people that were (willingly) running Windows 7 on my gaming/main desktop. I stayed on Windows 7 so long because I’m more of a “if it ain’t broke don’t fix it” person mixed with my opinion that Windows 7 is more aesthetically pleasing than Windows 10. However, I’ve recently wanted to redesign and revamp my home network including deploying a Windows Server 2019 domain controller to handle DHCP/DNS/GPOs/etc. Unluckily for me, the 2019 RSAT tools aren’t compatible with Windows 7, hence the upgrade to Windows 10. The upgrade process was rather smooth – I did a fresh install of Windows 10 because I didn’t want to carry over random quirks from my Windows 7 install.

 

I make nightly backups with Acronis True Image but made sure to make an ad-hoc backup before the upgrade, and then after the install was complete, I used True Image’s backup mount feature which allows you to mount your .tib backup file as a virtual drive:

After mounting my drive, I immediately started copying my files over from the Y:\Users\Clinton folder to my new Windows 10 install, but then came across permissions issues because my new user account didn’t have an ACE to access the files nor was my account the owner of the files. I mean, I could have went to each folder and went to the Security tab and taken ownership of the file/folder and given myself access rights, but there were way too many files and folders that needed that treatment. Given the number of files I needed to change the ACL for, I turned over to writing some PowerShell to automate the process. The first thing I did was create a dummy folder with the new permissions that I wanted (The local admin group is the owner and my user account has access rights) and saved that ACL in a variable:

Next, before trying to fly through and apply that ACL to all files from my backup, I tried to do one folder as a test but came across a unique error:

I searched all over Google/Bing but couldn’t find anything that referenced error code 19 when it came to using Set-ACL. I spent a while poking around trying to figure out exactly why I couldn’t change the ACLs for the files in my backup and what the error meant. It turns out that Acronis TrueImage mounts your backups in read-only mode and you can’t mount them in read/write mode.  The workaround I ended up going with was to use the Disk Management console to create a 400GB large VHDX file, initialize and mount the disk, and then have True Image “restore” the backup to the VHD. From there, I was able to mass-change the ACLs on files and copy over what I needed from my backup. Crisis averted.

If you come across this error in the future, make sure that the media that contains the files/folders you are trying to manipulate is not read-only. Also in case anyone else finds it handy, this is the PowerShell script that I used to mass-change the ACLs:

Windows Nano Server “Instance DefaultGateway already exists”

While building out a lab environment for my MCSA 2016 studies, I came across an error while deploying one of my Nano Server images:

I received the “Instance DefaultGateway already exists” error. This error occurs when you add the default gateway, change the IP address or enable DHCP, and then try to use the same IP address and gateway as before. For me, I set the IP and gateway, enabled DHCP, decided not to use it and disabled it, and then tried to manually set a hardcoded IP again. Nano Server kept the default gateway (192.168.3.1) in the routing table, so when I tried to toggle DHCP and set the IP address again manually, it still had the default route stuck.

 

The FIX:

Go back to the Recovery Console, then go to Networking, select your network adapter, and then press F10 to alter the routing table. After that, find the index for your gateway route (in my case, route index 3), press the DELETE key, and then type in the index number and press enter. If you don’t immediately see your route in the Routing table, you may have to use the down arrow to scroll. After deleting the route, you’ll now be able to add in your Default Gateway IP address in the IP Configuration area.