0X00000550

0x00000550: Generic Not Mapped – Quick Fix Flow

Windows Errors Intermediate 👁 0 views 📅 Jun 8, 2026

Access denied to a network drive or shared folder? This means the security descriptor is borked. Try these fixes in order.

What actually is 0x00000550?

This error means Windows tried to access a file or share, but the security descriptor (the ACL that says who can do what) doesn't have a proper generic mapping. In plain English: the system can't translate the generic rights like "read" or "write" into the specific access bits the file system expects. This usually happens on network shares or external drives when permissions got corrupted after a reinstall or a permissions inheritance break.

You'll see it in File Explorer when clicking a network drive, or in a command prompt trying to run a tool against a remote path. The error text reads: "A generic error occurred that could not be mapped to a specific error." That's Windows admitting it's confused about who should have what access.

The 30-Second Fix: Reconnect the Drive

Most people hit this after a Windows update or a credential reset. The mapped drive has stale credentials cached. Kill it and remake it.

  1. Open a command prompt as admin (Win+R, type cmd, hit Ctrl+Shift+Enter).
  2. Type net use * /delete and press Enter. This nukes all mapped drives.
  3. Re-map the drive manually: net use Z: \\server\share /persistent:yes

Why this works: When you delete the mapping, Windows also clears the cached security descriptor for that path. The new connection renegotiates the generic mapping fresh. If the error was just stale credentials or a cached bad ACL, you're done in 30 seconds. If not, move on.

The 5-Minute Fix: Reset Permissions on the Share

You need admin rights on the server or the folder for this. The problem is often that the share's security descriptor got mangled — maybe a parent folder changed permissions and inheritance didn't apply correctly.

  1. On the machine hosting the share (file server or PC), right-click the shared folder → Properties → Security tab.
  2. Click Advanced → Change Permissions (Windows 10) or just hit the Disable Inheritance button if it's grayed out.
  3. Select "Replace all child object permission entries with inheritable permission entries from this object." Apply it.
  4. Then add your user or group with the correct permissions (Full Control, Modify, or Read — whatever you need).

The real fix here is forcing inheritance to reapply. When Windows builds the security descriptor for a network access attempt, it expects a clean inherited ACL. If inheritance is broken at any point, the generic mapping can fail. This also fixes cases where the folder has explicit deny entries left over from old migrations.

The 15+ Minute Fix: Rebuild the Security Descriptor with PowerShell

If the above didn't work, the ACL itself is corrupt — probably from a botched domain migration or a volume shadow copy that got disconnected. You'll need to reset the descriptor using PowerShell with Set-Acl and Get-Acl, but the trick is to use a known-good template.

  1. Create a temporary folder anywhere on the same drive: mkdir C:\tempgood
  2. Set its permissions to what you need (e.g., everyone can read).
  3. Run this PowerShell script as admin (replace paths): 
    $sourceFolder = 'C:\tempgood'
$targetFolder = '\\server\share\problemfolder'
$acl = Get-Acl -Path $sourceFolder
Set-Acl -Path $targetFolder -AclObject $acl -ErrorAction Stop
  4. Now force inheritance on the target folder:
    icacls $targetFolder /inheritance:e /t /c

What's happening here: Set-Acl copies the security descriptor from a clean folder to the broken one. The -ErrorAction Stop flag makes it fail if the target's descriptor is too corrupted to overwrite. In that case, you need to take ownership first. Run takeown /f $targetFolder /r /d y before step 3.

This approach works because the generic mapping error is almost always a malformed security descriptor — the binary blob Windows uses to represent permissions has a bad header or missing access masks. Copying a fresh descriptor fixes that without reinstalling anything. I've used this on dozens of Server 2019 and Windows 10 machines that got hit after a failed domain join.

When all else fails: Remove and recreate the share

If you're still getting the error after resetting permissions and descriptors, the share itself might have a bad share-level ACL (the separate one in the Sharing tab, not the Security tab). Unshare the folder and re-share it. To do this on the server:

  • Run net share ProblemShare /delete
  • Then net share ProblemShare=C:\Path\To\Folder /grant:Everyone,Full

This nukes the share's NFTS-level generic mapping cache. It's a nuclear option, but it's caught edge cases where the share metadata got corrupted by a previous antivirus scan.

Pro tip: If you see this error on a mapped drive that's pointing to a Linux Samba server, it's usually a SID mismatch — Windows expects a domain SID but gets a local one. On the Samba side, make sure ntlm auth = yes and server signing = disabled in smb.conf. That's a whole different problem, but the same error code.

Was this solution helpful?

0x00000550 ERROR_GENERIC_NOT_MAPPED Windows access denied network share permissions security descriptor error generic mapping failed shared folder access denied fix Windows error 0x550 file server permissions user rights assignment Windows security corruption