Logon script for NTFS permissions
-
Tuesday, February 19, 2013 12:20 PM
Hello,
I'm trying to prevent users to write on their profiles. I revoked NTFS permissions with ICACLS "c:\users" /reset /T and removed auth users
icacls "C:\users" /remove:g *S-1-5-11.
Currently this works fine. I need to set logon script for new users that will logon first time. I implemented following script via GPO but it doesn't work.
::Remove user from ACL
icacls "c:\users\%userprofile%" /remove:g %username%::Add group to ACL, grant read and execute permission
icacls "c:\users\%userprofile%" /grant "users":(OI)(CI)RXThanks
All Replies
-
Tuesday, February 19, 2013 2:24 PMCAn't be done. See documentation.
¯\_(ツ)_/¯
-
Tuesday, February 19, 2013 3:20 PMModerator
I'm trying to prevent users to write on their profiles.
Why?
Bill
-
Tuesday, February 19, 2013 5:23 PMI forgot to mention that users connecting to Terminal server and they should save files locally and not on TS.
-
Tuesday, February 19, 2013 6:31 PM
I forgot to mention that users connecting to Terminal server and they should save files locally and not on TS.
It is apparent that you do not understand how TS works. This is not a scripting issue. If yo need to control this you need to do it via Group Policy. A user profile MUST be writable or they cannot log in.
¯\_(ツ)_/¯
- Proposed As Answer by jrvMicrosoft Community Contributor Tuesday, February 19, 2013 6:32 PM
- Marked As Answer by IamMredMicrosoft Employee, Owner Tuesday, March 05, 2013 4:02 AM
.png)
