Home > Tintri VMstore™ > Knowledge Base > A User with Super Admin Role Cannot Access Hyper-V Files

A User with Super Admin Role Cannot Access Hyper-V Files

Applies To

Product(s): All VMstore models

Product Version(s): TxOS 3.1.1.1 and later

Bug(s): 33638

Description

This document describes the procedure to grant permissions for user(s) with super admin role, so that user(s) can access the Hyper-V files and optionally delete them.

Symptoms

A user with super admin role on the VMstore cannot access files and folders on the Hyper-V file shares. As a result, the user cannot delete them.

This issue occurs when a user accidentally modifies permissions on the Hyper-V files and folders manually or by an expected virtual machine operation.

Resolution

Notes about the commands used:

  • For the icacls command the UNC path should have hyperv, while it should not be present in other commands.
  • The Start-Transcript and Stop-transcript commands are for logging purpose only.

 

Run the following commands on a Hyper-V host

  1. Start logging.

Start-Transcript -Path ResetVMstoreAcls.txt –Append

  1. Check permissions.

dir \\<VMstoreSMBHostName>\<ShareName> -Recurse | Get-Acl | fl Path,Owner,Group,AccessToString,Sddl

Example:

dir \\vmstore01-data.vmlevel.com\VMSHARE1 -Recurse | Get-Acl | fl Path,Owner,Group,AccessToString,Sddl

  1. Change owner on files and folders in the share.

takeown /F \\<VMstoreSMBHostName>\<SHARENAME> /A /R /D y

Example:

takeown /F \\vmstore01-data.vmlevel.com\VMSHARE1 /A /R /D y

  1. Grant permission for users with super admin role.

icacls \\<VMstoreSMBHostName>\hyperv\<SHARENAME> /grant ’Administrators:(OI)(CI)F’ /T

Example:

icacls \\vmstore01-data.vmlevel.com\hyperv\VMSHARE1 /grant ’Administrators:(OI)(CI)F’ /T

  1. Optionally, if the Hyper-V host needs access for the file share, you can grant permissions for the Hyper-V host, do the following:

a) Grant permission.

icacls \\<VMstoreSMBHostName>\hyperv\<SHARENAME>  /grant ’<ShortDomainName>\<ShortHostName>$:(OI)(CI)F’ /T

Example:

icacls \\vmstore01-data.vmlevel.com\hyperv\VMSHARE1 /grant ’VMLEVEL\HYPERV01$:(OI)(CI)F’ /T

b) Stop logging.

Stop-Transcript

  1. Check the permissions using Windows Explorer and access the files and folders.

 

 

You must to post a comment.
Last modified

Tags

Classifications

This page has no classifications.