How to reset NTFS permissions with ICACLS

File and folder permissions are really important to Windows. Sometimes a user may mess with the permissions causing software or even the operating system to work in an undesired way.

There’s a simple way to solve this kind of problems without headaches, using the ICACLS command.

Launch the command prompt as an Administrator and navigate through the tree of folders you need to fix.

Then launch the command ICACLS * /T /Q /C /RESET.

ICACLS will reset the permissions of all the folders, files and subfolders. After a while, depending on the number of file, the permissions will be fixed.

Sometimes, you may need to take the ownership of a tree of folders. You can use the command takeown /R /F * before launching the ICACLS.

Be careful, taking the owenership of system folders may break your operating systems.

Configuring and using Windows Deployment Services (WDS)

Windows Deployment Services (WDS) is a really interesting tool from Microsoft. It allows an administrator to remotely deploy Windows operating systems to machines booting from a network adapter.

In environments with a high number of clients WDS can be very useful, a new computer can be formatted just plugging the Ethernet, without any physical support like Windows DVDs or USB drives.

The configuration isn’t difficult but there are some requirements:

  • There must be an Active Directory Domain Services
  • At least one partition on the server must be formatted as NTFS
  • A DHCP server must be active to assign IP addresses to the WDS clients

Let’s see how you can configure and use the Windows Deployment Services.

How to deploy (and/or remove) software packages via GPO

One of the greatest advantages of having an Active Directory Domain is the possibility to deploy software packages via GPO (Group Policy Object). Software deployment is crucial in business environments to save time and money.

Microsoft not only gives us a simple way to deploy software, but also provides a quick solution to uninstall it when we don’t need it anymore.

How to: Software Restriction policies with AppLocker

We’ve already seen how to restrict software on Windows Server 2012 // R2 using GPOs. There’s another way available since Windows Server 2012, thanks to a feature called AppLocker.

We still use GPOsAppLocker is a subset of GPOs – to enforce software restriction but it’s easier and more powerful.

AppLocker can manage execution permissions of:

  • Executables: files with .exe extension
  • Windows installers: Windows installer packages with .msi and .msp extensions
  • Scripts: files with .ps1, .bat, .cmd, .cbs and .js extensions
  • Packaged Apps: Windows Store apps


How to configure static routes to route traffic through a specific gateway

Sometimes you may need to route traffic through a specific gateway only for destinations matching a group of IPs or a subnet.

Static routes are usually configured at the router level but you can also configure them locally, from the Windows command prompt.

The operation is quite easy, you won’t miss the GUI. In our example we are using Windows Server 2012 R2, but you can do the same with any version of Windows. (more…)

How to add a Backup Domain Controller to an existing Active Directory Domain

An Active Directory Domain with a unique Primary Domain Controller (PDC) is something that you should not rely on. A hardware failure can make your day a really bad one and, for this reason, Microsoft give us the possibility to add a (or more) Backup Domain Controller (BDC) to our domain.

The configuration is quite simple on Windows Server 2012 // R2, a much appreciated gift from Redmond.