I totally fucked up. Recently, due to improper handling I reinit security descriptors of a file share…
Thanks to god we can quite easily restore security descriptors with the icacls command and complete backup.
I personnaly restored security descriptors from a windows snapshot (and with the dosdev utility) but we can do it from any backup.
If, as myself, you want to use windows snapshot, we first need to mount backup as a drive letter, backup security descriptors to a file with icacls then restore security descriptors.
We will see here how to mount a snapshot as H: drive.
PS C:\> vssadmin list shadows /for=D:
PS C:\> .\dosdev.exe H: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3
PS C:\> H:
PS H:\> cd .\Share\
PS H:\> icacls 01-Admin /save c:\BACKUPACL_01-Admin /T /C
PS H:\> icacls 02-Softwares /save c:\BACKUPACL_01-Softwares /T /C
PS H:\> icacls 03-Temp /save c:\BACKUPACL_03-Temp /T /C
PS H:\> cd D:\Share
PS D:\> icacls .\ /restore c:\BACKUPACL_01-Admin /T /C
PS D:\> icacls .\ /restore c:\BACKUPACL_02-Admin /T /C
PS D:\> icacls .\ /restore c:\BACKUPACL_03-Admin /T /C
PS D:\> .\dosdev.exe H: /D