Tintri Knowledge Base > 002 Knowledge Article Database > A User with Super Admin Role Cannot Access Hyper-V Files

A User with Super Admin Role Cannot Access Hyper-V Files

Applies To

Product(s): All VMstore models

Product Version(s): TxOS and later

Bug(s): 33638


This document describes the procedure to grant permissions for user(s) with super admin role, so that user(s) can access the Hyper-V files and optionally delete them.


A user with super admin role on the VMstore cannot access files and folders on the Hyper-V file shares. As a result, the user cannot delete them.

This issue occurs when a user accidentally modifies permissions on the Hyper-V files and folders manually or by an expected virtual machine operation.


Notes about the commands used:

  • For the icacls command the UNC path should have hyperv, while it should not be present in other commands.
  • The Start-Transcript and Stop-transcript commands are for logging purpose only.


Run the following commands on a Hyper-V host

  1. Start logging.

Start-Transcript -Path ResetVMstoreAcls.txt –Append

  1. Check permissions.

dir \\<VMstoreSMBHostName>\<ShareName> -Recurse | Get-Acl | fl Path,Owner,Group,AccessToString,Sddl


dir \\vmstore01-data.vmlevel.com\VMSHARE1 -Recurse | Get-Acl | fl Path,Owner,Group,AccessToString,Sddl

  1. Change owner on files and folders in the share.

takeown /F \\<VMstoreSMBHostName>\<SHARENAME> /A /R /D y


takeown /F \\vmstore01-data.vmlevel.com\VMSHARE1 /A /R /D y

  1. Grant permission for users with super admin role.

icacls \\<VMstoreSMBHostName>\hyperv\<SHARENAME> /grant ’Administrators:(OI)(CI)F’ /T


icacls \\vmstore01-data.vmlevel.com\hyperv\VMSHARE1 /grant ’Administrators:(OI)(CI)F’ /T

  1. Optionally, if the Hyper-V host needs access for the file share, you can grant permissions for the Hyper-V host, do the following:

a) Grant permission.

icacls \\<VMstoreSMBHostName>\hyperv\<SHARENAME>  /grant ’<ShortDomainName>\<ShortHostName>$:(OI)(CI)F’ /T


icacls \\vmstore01-data.vmlevel.com\hyperv\VMSHARE1 /grant ’VMLEVEL\HYPERV01$:(OI)(CI)F’ /T

b) Stop logging.


  1. Check the permissions using Windows Explorer and access the files and folders.



Last modified



This page has no classifications.