Trying to set folder permissions for users yet to sign onto pc. RRS feed

  • Question

  • I have a RunOnce working on Panasonic units to turn off Numlock for each user who signs on. I configure it under the Default user with a VB script and place it in the registry under RunOnce.

    What I'd like to do now is set permissions on a folder under the user\appdata\local location for a folder that gets created for each user who signs on. I am not sure if I can copy the permissions/folder from an existing pc and use that somehow.

    The standing issue is that the appdata\local folder had a folder in it that has to have authenticated users having full control, but for each user who signs on. We manually do this, but it gets skipped by some techs during the manual setup, so I'd like to have this happen during imaging if possible. I can't modify the installer because I don't even know what software was used to build the application.

    Wednesday, March 20, 2019 1:17 PM

All replies

  • Look into using icacls to modify permissions on the folder. You could set it as a command line task.
    Wednesday, March 20, 2019 10:10 PM
  • The issue I have is that the folder doesn't exist yet. It only appears when the user signs on.

    I had luck with something similar, the Numlock toggle, for future users, by setting a RunOnce on the default
    user profile in the registry. I'm just not familiar with how I'd go about properties of a folder for all subsequent users who may sign on.

    Thursday, March 21, 2019 1:39 PM
  • You can setup a runonce command in your unattend.xml file. Or if you run group policy on your network you could do it with a user logon script or with GPO file/folder preferences.
    Friday, March 22, 2019 1:00 PM
  • If the issue is the user profile does not exist yet, I have had luck in Powershell creating a profile using start-job

    This is run as a local admin, and it is setup for 1 user.

    The bit of code relevent:

    # Build the credential object for the target user and password

    $objUserCred = New-Object System.Management.Automation.PsCredential($strDomainUser, (ConvertTo-SecureString $strPass -AsPlainText -Force))

    # Runs a job as the target user.  This forces the creation of the profile

    $objGenJOB = start-job -ScriptBlock{dir} -Credential $objUserCred
    Wait-Job -Job $objGenJOB

    Friday, March 22, 2019 2:36 PM
  • The issue is this..... I am silently installing FransonGPS Gate onto my image during MDT cloning. It installs without an issue. In order for any user to run it and add COM ports, the 'shortcut' has to have Run As Administrator box checked in the shortcut properties.

    I've tried changing the properties of the actual app itself and you still cannot add COM ports unless you check the box 'Run As Administrator' on the shortcut (in Public Desktop).

    So what I am hoping for is to change the properties of the shortcut crested during the silent install.

    Monday, March 25, 2019 5:28 PM