none
Logon script for NTFS permissions

    Question

  • Hello,

    I'm trying to prevent users to write on their profiles. I revoked NTFS permissions with ICACLS "c:\users" /reset /T and removed auth users

    icacls "C:\users" /remove:g *S-1-5-11.

    Currently this works fine. I need to set logon script for new users that will logon first time. I implemented following script via GPO but it doesn't work.

    ::Remove user from ACL
    icacls "c:\users\%userprofile%" /remove:g %username%

    ::Add group to ACL, grant read and execute permission
    icacls "c:\users\%userprofile%" /grant "users":(OI)(CI)RX

    Thanks

    Tuesday, February 19, 2013 12:20 PM

Answers

  • I forgot to mention that users connecting to Terminal server and they should save files locally and not on TS.

    It is apparent that you do not understand how TS works.  This is not a scripting issue.  If yo need to control this you need to do it via Group Policy.  A user profile MUST be writable or they cannot log in.


    ¯\_(ツ)_/¯

    Tuesday, February 19, 2013 6:31 PM

All replies

  • CAn't be done.  See documentation.

    ¯\_(ツ)_/¯

    Tuesday, February 19, 2013 2:24 PM
  • I'm trying to prevent users to write on their profiles.

    Why?

    Bill

    Tuesday, February 19, 2013 3:20 PM
    Moderator
  • I forgot to mention that users connecting to Terminal server and they should save files locally and not on TS.
    Tuesday, February 19, 2013 5:23 PM
  • I forgot to mention that users connecting to Terminal server and they should save files locally and not on TS.

    It is apparent that you do not understand how TS works.  This is not a scripting issue.  If yo need to control this you need to do it via Group Policy.  A user profile MUST be writable or they cannot log in.


    ¯\_(ツ)_/¯

    Tuesday, February 19, 2013 6:31 PM