You find yourself talking to your network administrator and they need to know what your Windows machine MAC address is. Your device might be blocked, or they are helping you troubleshoot some layer 1 issue… How do you quickly find, fetch, and retrieve your MAC address?
I’m sure some of you would dive into your device properties, find your network adapter, and start looking at it’s hardware properties. Some of you would run an “ipconfig /all” and then look through that text dump to grab your physical address. Others would go through ‘Windows Settings’ or the ‘Control Panel’ or use PowerShell or other similar methods to find it.
Yes, there are many ways to find it. But there is only one truly quick way to grab all of your Windows Device’s MAC addresses. You are just going to open your terminal, it doesn’t matter if your preference is Command Prompt or PowerShell, and run the “GetMac” command. This will pull up every MAC address on your device, Wi-Fi and Bluetooth. No sorting through a wall of text with information you don’t need. Just your MAC addresses as a list, table, or csv. Let take a look below.
getmac /v
This will be the default command you use to get a verbose view of all of your MAC addresses. All at once with the connection name to make it easy to identify the desired NIC.
Variations of the command that you would use to return a list, table, or csv are:
getmac /v /FO list
getmac /v /FO table
getmac /v /FO csv
Believe it or not, this command has been around since Windows XP! Comment below if you knew that, if you have used it before, or if you are just learning about it today.
When NTFS permissions get out of sync, one common culprit is broken inheritance. A folder (or file) has been set to “stop inheriting permissions” and now behaves differently from the rest of the tree. Last week I had to reset the inheritance on a folder and realized that it would be the perfect topic to write an article about. So, in this post, you’ll learn how to use the Windows icacls command to re‑enable inheritance on a single file, a single folder, or recursively on an entire folder tree, and the difference between ACLs and ACEs.
Understanding Windows ICACLS and Permission Inheritance
The Windows icacls command is a powerful tool to view, modify, and manage permissions (aka Access Control Lists – ACL) on files and folders. One common scenario in permission management is controlling inheritance — whether an object inherits permissions from its parent folder or maintains its own explicit permissions.
Inheritance ensures that permissions applied on a parent folder can automatically propagate to its child files and subfolders, simplifying administration. Sometimes, inheritance is disabled and needs to be re-enabled. In order to change the object’s inheritance you will need to run the commands below as an administrator, or with full ownership of the folders. Running the commands as a normal user may cause “Access is denied” errors, even if the commands are correct.
This table shows the icacls commands that are most commonly used. I highly encourage you to read the entire article to better understand what the commands are actually doing and see examples of how they are used. Remember, I am not responsible for the changes you make!
Commands
Effect on inheritance
Effect on inherited ACEs
icacls "Path"
Displays permissions as they currently exist
Displays permissions as they currently exist
icacls "Path" /save "SavePath"
Saves permissions as they currently exist
Saves permissions as they currently exist
icacls "Path" /inheritance:e
Enable inheritance on a file or folder
Starts inheriting from parent again
icacls "Path" /inheritance:e /t
Enable inheritance recursively on folders and subfolders with files
Starts inheriting from parent again
icacls "Path" /inheritance:d
Disable inheritance but keep current permissions explicitly
Converts inherited ACEs into explicit ones
icacls "Path" /inheritance:r
Disable inheritance and remove inherited permissions
Removes inherited ACEs entirely
Viewing Current Permissions and Inheritance
Before changing anything, show the current ACL to confirm whether inheritance is disabled.
icacls "C:\ExampleFolder"
In the output:
Entries marked with (I) are inherited from a parent.
If you only see explicit entries and no (I) flags, inheritance is likely disabled on that object.
Example snippet you might see when inheritance is working:
C:\ExampleFolder NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
CONTOSO\Domain Users:(I)(M)
If those (I) indicators are missing at this level while present higher up the tree, someone has broken inheritance on this folder or file.
Backup ACLs Before You Touch Anything
Use “icacls /save” to capture your ACLs for rollback:
Notice that if you are restoring ACLs on a subfolder, you restore the backup to a base folder that matches the stored paths. The name of actual .acl file can be anything you want or that makes sense for your environment.
With things backed up, now we’re ready to go make changes!
How to Re-enable Inheritance Using ICACLS
The icacls command supports three inheritance-related switches:
Enable inheritance (re-enable permission inheritance from the parent) — /inheritance:e
Disable inheritance and copy existing inherited permissions explicitly — /inheritance:d
Disable inheritance and remove only inherited permissions — /inheritance:r
Reset inheritance to permissions from its parent directory — /reset
To re-enable inheritance on a file or folder, you use:
icacls "FullPathToFileOrFolder" /inheritance:e
Replace “FullPathToFileOrFolder” with the actual path of the file or folder you are working with.
Examples for Different Scopes
Enable Inheritance on a Single Folder or File
To re-enable inheritance only on a specific folder:
icacls "C:\ExampleFolder" /inheritance:e
Use this when you only want to fix one folder and leave children unchanged. As existing explicit permissions remain unchanged unless they conflict with what the parent applies.
To re-enable inheritance only on a specific file:
icacls "C:\ExampleFolder\File.txt" /inheritance:e
This makes “File.txt” inherit permissions again from “C:\ExampleFolder” (and ultimately from higher levels). The file will pick up any ACEs that are configured to flow down to files (container/object inherit flags). You can re-run icacls against just the file to look for “(I)” entries to confirm inheritance is active again.
Enable Inheritance on a Folder and All Its Subfolders and Files
This is the “fix the entire tree” scenario, and is useful when someone clicked “Disable inheritance” on a top‑level folder and has created a real mess. To recursively enable inheritance to a folder, all its subfolders, and files, use the “/t” (traverse) and “/c” (continue on errors) flags:
icacls "C:\ExampleFolder" /inheritance:e /t /c
This command makes sure inheritance is restored on the folder, all contained subfolders, and files, even if some files generate errors during processing. On large folder trees, this can take some time; so you can combine “/c” with “/q” to quiet the output:
icacls "C:\ExampleFolder" /inheritance:e /t /c /q
When to Use “/inheritance:d” vs “/inheritance:r”
It’s worth briefly discussing the other switches so we know when and how to use them, even if they are used less commonly.
/inheritance:d
Disables inheritance on the object.
Copies currently inherited ACEs as explicit entries, preserving the effective permissions at that moment.
/inheritance:r
Disables inheritance.
Removes all inherited ACEs from the ACL, potentially locking users out if you rely on parent permissions.
Reset Inheritance
Completely resetting inheritance is a powerful way to restore all of the default security settings on files and folders by resetting explicit ACLs back to the default ACLs inherited values from the parent folder object. This means any manually configured permissions will be removed, and the file/folder will inherit its’ permissions as if it were newly created in that location. It is commonly used to fix corrupted or undesired permissions by restoring the default inheritance and access settings.
icacls "C:\ExampleFolder" /reset /t /c /l
A couple things to know about using “/reset” is that you may need to take ownership first before resetting permissions, especially if access is denied. takeown /R /F "C:\ExampleFolder" And that resetting inheritance removes explicit permissions and can temporarily restrict access until the inheritance applies and you verify everything is correct. Depending on the size of your folder tree, this could take some time, so it’s better to perform this during off hours.
What are ACE and ACL?
An ACE (Access Control Entry) is an individual rule that defines the permissions granted or denied to a specific user or group (called a trustee) on a securable object like a file or folder. Each ACE contains crucial information such as a security identifier (SID) that identifies the trustee, an access mask specifying the allowed or denied rights (e.g., read, write, execute), and flags indicating whether the ACE applies to child objects through inheritance. ACEs control or audit access by specifying who can do what on an object and are the building blocks of ACLs.
An ACL (Access Control List) is a collection of ACEs associated with a securable object. It acts as an ordered list of these individual ACEs that collectively define the overall security policy for that object. For example, an ACL on a file might have several ACEs granting different users read or write permissions while denying others. There are two common types of ACLs:
Discretionary ACL (DACL), which explicitly allows or denies access
System ACL (SACL), which specifies audit rules for tracking access attempts
In short, the ACL is the overall list of permission entries, and each ACE within it is a discrete permission rule for a trustee on that object.
This relationship is fundamental in Windows NTFS security and is managed by tools like icacls, which modify the ACLs by adding, removing, or changing individual ACEs on files or folders.
Additional Notes
Be sure to run the Command Prompt as Administrator to have sufficient privileges.
The “/t” flag is essential for recursive application across all subfolders and files.
Use “/c” to prevent the command from stopping on errors, which is useful for large directories.
When inheritance is enabled, permissions from the parent folder’s ACL are applied automatically to children, marked with an “(I)” for inherited in permission listings.
Common Gotchas and Tips
Inherited vs explicit permissions: Even after turning inheritance back on, explicit ACEs can still override or add to inherited permissions, so the ACL may not look perfectly “clean.”
File‑only vs folder‑only inheritance: Flags like “(OI)” (object inherit) and “(CI)” (container inherit) control whether permissions flow to files, folders, or both, which explains why some files still differ.
Locked or in‑use files: Using “/c” ensures the command continues even if a file is locked; errors will still be reported in the console.
Combine with “takeown”: If a different owner prevents changes, scripts often pair “takeown” followed by “icacls /reset” or “/inheritance:e” to normalize problem trees.
I hope this guide and examples help you to understand how to use icacls to manage ACL inheritance on Windows systems effectively.
So the caveat to this article is that this is specifically for Windows Servers. If you’re trying to enable multiple RDP sessions on Windows 10 or 11, you’ll need to do some further googling to find out how to do that – as this alone won’t be enough.
Enable Multiple RDP Sessions
Log into the server you are trying to enable multiple Remote Desktop sessions on.
Click on the start menu button, type “gpedit.msc” and open it.
I ran into this last week when I was helping someone “fix” their server. They couldn’t reach, or ping, their host, and when running an “ipconfig /all” command it was returning that the machine’s IP was ‘duplicate’.
Worth Noting: So sometimes when a server reports that its’ IP is a ‘duplicate’ it can be a DHCP mishap. It can happen when a server is assigned a static IP that is within a DHCP pool, and because there was no reservation, DHCP hands the IP out to some other machine. Thus two machines are trying to use the same, duplicate, IP address. When that happens you’ll need to resolve it by creating an IP reservation for the “correct” machine, and then releasing the IP from the machine that “incorrectly” took the IP from the pool so it can be assigned a new IP.
The machine I was fixing lived in a subnet that did not use DHCP and only had machines that were statically assigned their IPs in it. So the possible resolution mentioned above did not fit my scenario. So, what could it be? Well if you have a static IP set, and the DHCP service is enabled, Windows likes to give you an address on the 169.x.x.x network. Which just breaks the ip traffic on your server. Here’s how to fix it…
Step 1.
Open a command prompt
Step 2. Enter
"ipconfig /all"
Find what your system’s preferred IP is and if autoconfiguration is enabled, and the name of the interface that they are on. You will need this for the next step.
Step 3. Enter
netsh interface ipv4 show interface
Find the index number that is assigned to the interface you identified in the step above, you will need it in the next step.
Step 4.
Run the command below, but replace ’69’ with the index number that you identified in the step above.
netsh interface ipv4 set interface 69 dadtransmits=0 store=persistent
Step 5. Enter
services.msc
Disable the DHCP Client service. If you ever revert from a static IP back to a DHCP IP, you will need to re-enable this service and set it back to automatic.
Step 6.
Restart your computer. After your system reboots, its static IP should now be the correct IP you had configured on it, and your IP traffic to/from it should be back to normal.
Congratulations, autoconfiguration has been disabled.
So if you know anything about managing Windows systems then you know about GPOs. In my honest opinion, GPOs are one of the greatest tools available in Windows. GPOs let you administratively manage all aspects of your computers. You can literally set about 99.9999% of any settings you ever wanted to configure on a computer.
One of the things that make GPOs so great is that it is expandable in that you can add new administrative templates as you add new software to your workstations in your domain. So not only can you manage just about any Microsoft or Windows setting, but you can also add in templates for third-party software from most of the big software venders and enterprise applications, as well as add new templates when new Microsoft releases new OSes and software.
The biggest downside of GPOs is that they can feel like a daunting wall when you first get started implementing them simply because there are sooo many settings that you can potentially configure – where to begin!?! And how do you figure out where to set some of those really odd settings. Well don’t worry, I don’t know anyone that remembers exactly where each setting is. For me, there are two resources that I regularly use to help me find the settings that I want to configure.
This is an official Microsoft tool that lets you search all of the various settings that are available to you in all Microsoft products. It’s a great resource to find where things are set just by using a keyword. Think of it as “Bing” (or “Google”) for GPOs. Out of these two links, this site is the easiest to navigate when looking specifically for Microsoft and Windows settings.
This site includes all of the Microsoft settings, but where it really shines is all of the third-party software settings it has indexed for you. If need to figure out where to set something in Chrome or Adobe or any other software, this site has you covered.
So this last site is just a bonus as it is not exactly a GPO site, but it comes in handy. It’s a way to convert registry settings into powershell commands that you can run. Paste your reg key into it and it will spit out the corresponding PS command for it.
So here’s the scenario, you’ve RDP-ed into a server and you want to change your password. You try to hit CRTL+ATL+DEL but instead of it getting sent to the remote computer, it opens on your local machine. Blah! That is not what we want… How do we get to a place where we can change the password for the account that was used in the RDP session?
One way to send it within the RDP session is to launch the on-screen keyboard. To launch it, simply click on the ‘Start Menu’ and type “osk”, then click on the result to open the keyboard. With the OSK on screen, press and hold “CTRL+ALT” on your physical keyboard, and click “DEL” on the virtual keyboard button.
The easiest way to bring up the menu from where you can change your password is to press CRTL+ALT+END in the RDP window. Now if you are RDP-ed from a mac, you’ll need to do a CRTL+ALT+Fn+Backspace or CRTL+ALT+Fn+Right-Arrow to bring up the menu.
What I’m about to say might be a surprise to you… But you don’t need to install any sort of 3rd party software (like 7zip or WinZip) to extract tarball files on WIndows. Windows 10 actually has the functionality built-in. I know, I was just as surprised to learn about it as you are. From the command line, you can use the “Tar” command to easily extract .tar, .gz, or tar.gz files.
For folks out there that don’t know;
A tarball file, ‘.tar’, is just a type of archived file. They are basically, a collection of files that have been merged into one single file.
Gzip files, ‘.gz’, are a type of compressed file and it is used to save on the amount of space that a file uses on the hard drive.
If you’re following along, then you’ll already have realized that a ‘.tar.gz’ file means that it is just a compressed archive file.
Here’s how to extract your tarball file in Windows 10.
Open the ‘Start Menu’ and search for “cmd”. Right-click on “Command Prompt” and select “Run as administrator“.
Enter the following command inside the window.
tar -xvzf "Path to file" -C "Path to destination"
Example:
tar -xvzf C:\Source\file.tar.gz -C C:\Destination\
This example will extract the contents of the ‘file.tar.gz’ file from the “C:\Source\” folder to the “C:\Destination\” folder. Note: Make sure the ‘-C’ parameter before the path to the destination is an uppercase.
The parameters explained:
x — instructs tar to extract the archived content.
v — verbose mode. This is optional to display the extraction process. Otherwise, you will only see a blinking cursor until the process is complete.
z — instructs tar to uncompress the content with gzip.
f — provides tar the name of the file you’re about to extract.
–C — uppercase and with a hypen, this tells tar to change folders to the specified folder
I’ll be honest; I’ve little experience using Git, or any other versioning software for that matter. I have had an interest in Git for a while now though. Mostly for keeping a personal code repo; scripts for working in the Azure and AWS clouds, PowerShell scripts for system administration tasks, and most recently to use to learn and deploy Docker and Kubernetes in my home lab. Previously, I just never thought that I had had the time to learn it. So when I stumbled across a link to register for FREE, for the GitLab Certified Associate (GCA) Training and Exam, I decided “What the hell. let’s do it!” (The link only lasted 2 days before they took down the free offering due to overwhelming interest, so sorry folks, I can’t provide you with the link.)
In my personal opinion, this certification is much more of a knowledge certificate than a technical certification. I feel like the course is designed to take you from 0 to drive. You cover all the basics and afterward, you’ll be able to jump right into using git without feeling like an imposter. If you have no experience, like me, this is the perfect place to start. If you’re already familiar with Git, well tough… You’ll still need to get the GCA before you can get one of their ‘specialist’ or ‘professional’ certifications. More info on their more advanced certifications can be found here.
The hands-on, self-paced, training lab was informative. There was definitely a sprinkle of marketing in there, like the inclusion of GitLab’s history. But they did do a good job of teaching the various Git concepts and terminology. They also included a bunch of labs to work on while proceeding thru the training. The hands-on portion, doing labs, was by far my favorite part. I like to learn by doing. So doing stuff like making a pull request, making changes in the WebIDE and from the command prompt, tagging code, and committing code to a project was what really made the training count. I also was able to recall that hands-on training to complete the exams later on. Like I mentioned early, I didn’t think I had the time to commit to learning Git… Well by spending 1-2hrs a night, for just a few nights, I was totally able to learn how to use Git.
The exam was twofold. One part was a “written” exam with questions you had to answer. The second part was a “lab” exam where you had to work a project and submit that project for grading. The written exam was not too bad. They give you a series of questions and you have to score 100% on them before you can proceed to the “lab” project exam. The questions dealt with terminology and things that GitLab could do. Honestly, if you did the labs, it was pretty easy as they had already covered all the information. I didn’t feel like there were any surprises or gotchas. I was a little more worried about doing the “lab” project. But again, having done the hands-on training labs, it was pretty straightforward of an exam. Some of the verbiage in the lab instructions had confused me up, and I had to reread the task it asked for a couple of times. But in the end, they again were only asking you to do stuff they had covered in the training materials. So nothing too bad if you take your time to complete it.
I feel like unless you work in development or DevOps, this is not going to be a high-priority cert for you to get. For most folks, I feel that this certification is going to more of a skill that they can add to their resume to show one more item that they are knowledgeable in. That said, it won’t hurt any to get the GitLab’s GCA if the opportunity presents itself like it did for me. You never know what you will be working on 1, 2, 5, or even 10 years from now in the future. IT is always changing. Who knows…. Tomorrow could come, and you or I might find ourselves in some sort of role needing to deploy code to a production CI/CD pipeline and using GitLab to commit our code change and push it. You never know… It could happen and when it does you’ll be happy you got yourself the GCA.
If you haven’t already upgraded your Windows servers to Windows 2019, then you will probably be doing so soon enough. That means that it’s time to review the steps you take in building out your virtual machines (VMs). Are you running your VMs from a SAN? Then during this refresh, you should really take the time to consider using the VMware Paravirtual SCSI (PVSCSI) driver.
VMware Paravirtual (PVSCSI) adapters are high-performance storage adapters that can provide greater throughput and lower CPU utilization. They are best suited for environments where hardware or applications drive a very high amount of I/O throughput, such as SAN environments. PVSCSI adapters are not suited for DAS environments.“
When building new VMs there are four options you can choose from for their SCSI controller. The default LSI Logic SAS driver that is automatically selected for you will work just fine in most environments. That said, when you want to guarantee maximum performance from your VMs you will need to use the PVSCSI. Why wouldn’t you want to allow your VMs their max performance? It’s simple enough to do. Heck, do it and make a “golden image” template so you can easily redeploy it if you don’t want to repeat the steps on each VM everytime. It’s just a couple of clicks now for better performance later. Here we go…
Launch the vSphere Client and log in to an ESXi host or vCenter Server.
Select create a new virtual machine.
In the vSphere Client, right-click on the virtual machine and click Edit Settings.
Click the Hardware tab.
Click Add.
Select Hard Disk.
Click Next.
Choose any one of the available options.
Click Next.
Specify the options you require. Options vary depending on which type of disk you chose.
Choose a Virtual Device Node and specify whether you want to use Independent mode. For data disks, choose a Virtual Device Node between SCSI (1:0)to SCSI (3:15). For a boot disk, choose Virtual Device Node SCSI (0:0) or choose the Virtual Device Node that boots in the order you require.
Note: To set a disk to use Independent mode there must be no snapshots associated to the virtual disk, if there are existing snapshots commit them before changing the disk type.
Click Next.
Click Finish to complete the process and exit the Add Hardware wizard. A new disk and controller are created.
Select the newly created controller and click Change Type.
Click VMware Paravirtual and click OK.
Click OK to exit the Virtual Machine Properties dialog.
Power on the virtual machine.
Install VMware Tools. VMware Tools includes the PVSCSI driver.
If it is a new virtual disk, scan and format the hard disk within the guest operating system.
If you’re like me you probably use one machine heavily. You have all of the hosts and devices which you connect to regularly, saved in Putty. but what if you want to conveniently share all of those saved settings with a coworker, or back them up so you can restore them in the future to a new PC.
Putty saves all of those ‘saved’ sessions in the Windows registry. While you’re not able to export them directly from Putty, you can use the command line to export either just the sessions, or all settings, from putty.
Note: These instructions only work with the ‘regular’ installed version of Putty on Windows. They will not work with the portable version.
Export
Open a Command Prompt (or PowerShell) as an Administrator.
This will create a “reg” file on the desktop of the current user. It will not export SSH keys. Do not replace “SimonTathom” with your username, Simon is the author of Putty and that is the name that particular folder inside the registry where the settings are saved.
Import
Copy the reg file to the machine which you want to import the putty settings on.
Double-click on the .reg file and accept the import.
