GPO ... give permissions to a specified directory

Posted on 2005-05-03
Last Modified: 2008-03-10
Hello there.

I'm fairly new to GPO and such like - I don't use them as fully as I should, however, I have a problem that if it could be solved by GPO, would make my life so much easier.

Basically, i've inherited an application that at various points, deletes all from the local machine directory 'WINDOWS/Temp' ... unless the user has permissions on this directory, an error occurs.

I would therefore like to assign delete permissions to all people in the OU to this local machine directory ...

Is this possible in GPO ?


Question by:SpencerSteel
    LVL 18

    Expert Comment

    There isn't a specific GPO setting to do this, but you could write a script that would do this and then deploy the script via GPO.
    LVL 12

    Expert Comment

    agreed with luv2smile

    Author Comment

    I could.

    If I knew how.

    *hangs head in shame*

    LVL 82

    Accepted Solution

    You actually *can* do that with a (computer) GPO.
    Create a new GPO (or use an existing one) for your client machines (this is a computer policy, not a user policy).
    Edit the policy, go to "Computer Configuration\Windows settings\Security settings\File system".
    Right-click the "File System" folder, choose "New File".
    Browse to C:\Windows\Temp, click OK ("C:\Windows" will be replaced by "%Systemroot%" automatically). In the next window, change the security settings for "Users" (or add a dedicated group) as you would when directly editing an ACL. In the next window, choose how the permissions should be set, and you're done.
    Note that this will replace "custom made" permissions on the folder you added.

    Author Comment

    wow - i just had written my script using CACLS, and was going to push that out ... but your answer is great ! That is really useful - thanks so much - I thought there would be a 'smart' way ...

    Sorry guys, but that gets the 500 points !

    LVL 18

    Expert Comment

    I learn something new everyday...did not know that one :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Suggested Solutions

    Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
    Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now