today was completely lost, but in the end may not be wasted.

i was midway through writing the following post at around 9:15 this morning when i made a terrible error that resulted in me losing the day but may fix the access issues i was having on the drive.

this is what i was writing...

so, i was very, very slow getting started today.

i checked my email minutes after the post at 3:26 this morning and spent the next two hours dealing with that, including applying for a second mastercard through pc. they're threatening to shut down the site, now, if they don't get something in three days. i feel like i'm under an extortion attack by islamic terrorists - "give us the money in three days or it's all over". fuck.

i had to write several emails trying to order the thing out, and all i can do is hope it works.

but, it means i need to call td today. i'm in for the weekend, but will probably do an outside run on monday. that might include stopping by the bank and having a chat.

i used to have all of this information in boxes, but it's one of the things that disappeared when i left my items in storage. i have virtually everything from 2011-on, still. the credit karma site says the last payment was in june, 2006. really. i'm asking about a 13 year-old credit card. well, it's what google wants, what can i say...

i'll have to call the board today, too.

i then spent some more time thinking about the fan. can i just buy a 20 w desk fan? nobody seems to want that. 45 w? maybe if i import it from europe.

to finish the thought, i then experimented a little to see if i can plug the usb fan right into the wall, and i can, but i'm not getting as much amperage from it.

the next thing to check was my usage from the other day, and i noticed a spike where i didn't expect one (in hindsight, i can explain the spike). i thought i was sleeping (i wasn't). did i turn my laptop back on (yes)? so, i went to check the event log and couldn't open the file.

at that point, i realized that the entire system32 folder was owned by an alphanumeric s-12367tg77567896yp90 user. so, i went to take ownership and did, and then tried to remove the user, but couldn't. it said i had to remove the inheritance. i didn't think it through, i just clicked ok.

all of my security tabs disappeared.

fuck.

well, i can try a reboot, right? nope...

so, i was back in winpe on the desktop, and while the chkdsk was quick, the startup recovery couldn't find the operating system.

thankfully, i had a good understanding of what i did and the background to fix it (i did vista support, remember). just something else i'm technically an expert in. so, if you ever find yourself in the situation where you remove all ownership to a directory, accidentally or not, what you need to do is run the following script:

for /l %%x in (1, 1, n) do (
   echo %%x
   takeown /f dir /r /a /d y
   icacls dir /inheritance:e /t /q
   icacls dir /reset /t /q  
)

...where n is some appropriate number of iterations, dir is the directory.

if you do this for a system directory, as i did, n must be large, and you get something like this:

for /l %%x in (1, 1, 200) do (
   echo %%x
   takeown /f d:\windows\system32 /r /a /d y
   icacls d:\windows\system32 /inheritance:e /t /q
   icacls d:\windows\system32 /reset /t /q  
)

 so, i let that run and took a nap.

and, it still wasn't done when i woke up.

what i'm doing with the script is (1) recursively taking ownership of every file in the directory tree and putting it in the admin group, (2) turning inheritance back on and (3) resetting the acl to default. (1) will error out on each iteration, until it's done. (2) and (3) will then increase the size of the numbers processed over the next iteration of (1), so the loop is necessary to complete the process, and, while this should end, it can get frustrating when you only get through a few files per iteration, once you've been through a few thousand, already, because you have to do them again.

so, i did the last few thousand files manually by jumping directories. and, it wasn't done until 17:00...

that was brutal. it's my fault. i wanted to crawl into a hole somewhere. but, i merely lost a few hours on something that i've seen stump mcses. this is considered abstract in the field of tech support. i think they think there's a better answer, but there just isn't, you have to use brute force. fwiw, while i didn't write the tests (because they were charging a lot for them, and i wanted to get paid when i went to work), i went through three months of training by a certified microsoft employee that they flew in to ottawa from seattle, and then worked second tier microsoft support for a few months (until they shipped the jobs to the philipines). he hated the weather and couldn't get out fast enough. i bet it's nicer in manilla, if you can deal with the hurricanes. but, i basically have an mcse on top of the other degrees. i usually forget to mention that when enumerating my unofficial degrees, but that's in there, too. so, i figured this out quickly because i know what i did and how to fix it. most tech support agents would have had a hard time with that, though - that's a higher tier support problem because file systems are considered to be an abstract concept.

anyways.

i logged back in and noticed that the funny username, which i had up to this point assumed was myself from the previous install, had disappeared, at least, but that doing so had left a stream of previously hidden files, almost as though i had a rootkit. upon closer inspection, these files appeared to be exclusively related to remote access.

i've been pointing out for months that i think the cops have something installed on the drive....

so, i spent a few hours doing things like removing services, setting group policy settings and deleting directories. in the end, i can't say that i have any evidence of intrusion, but it's funny - i've turned on the event log (which was off, and i don't remember turning off) as well as the group policy editor (same.), so i should now be able to track any intrusion, when i previously couldn't. to be clear: if the cops installed something on the drive, they also turned off the software that would log them doing it. if they try it again, i should catch them in the act.

and, that's the day.

i didn't call the board. i didn't call td. i didn't finish the liner notes from inri000.

but, i'm going to get something to eat and try to push myself to finish it before i fall asleep.