lanehart
asked on
Grant GPO user full access to specific local directory (using GPO)
I am using a Windows Server 2003 domain. I have two questions within one question. First and most importantly, I need to know how to grant normal users (teachers) FULL access to a specific local directory (C:\EXAMPLE). There is a program that they must run and have access to that directory, but we don't want them to be able to write to other places. Right now the program will not run due to this restriction. I was able to get it to work by MANUALLY granting that regular user permission by right clicking and and then doing sharing and security.
Secondly, I would like to know how to write a script to copy a shortcut to the desktop of each of the normal users. I have the .lnk file on a shared directory on the server. I have an idea to use a VBS but I don't know how that should be written. Can anyone tell me exactly how to write that?
Your help is greatly appreciated. I need to have these up and running in only TWO DAYS and am beginning to get worried. The FIRST question is much more important than the second!
Secondly, I would like to know how to write a script to copy a shortcut to the desktop of each of the normal users. I have the .lnk file on a shared directory on the server. I have an idea to use a VBS but I don't know how that should be written. Can anyone tell me exactly how to write that?
Your help is greatly appreciated. I need to have these up and running in only TWO DAYS and am beginning to get worried. The FIRST question is much more important than the second!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
vladh
Why not just creating a domain local group, giving that group permissions to the folder in question and adding users to the group? Seems like using a GPO for just file system access is a very unnecessary overkill...
It sounds as though the OP needs to grant these permissions across multiple workstations; a GPO is the most efficient way to accomplish that.
ASKER
Laura,
Thanks for your swift reply...we'd been working 13 hours yesterday and finally got everything where it needs to be (!). The GPO woried exactly as it should, so I don't see any problem with doing that. It doesn't seem to slow down our login process or anything. I will give you these points, but do you have any idea about the second part of the question? We just manually added the shortcut for now, but need to push that out to many workstations in a few days as well.
Thanks again!
Thanks for your swift reply...we'd been working 13 hours yesterday and finally got everything where it needs to be (!). The GPO woried exactly as it should, so I don't see any problem with doing that. It doesn't seem to slow down our login process or anything. I will give you these points, but do you have any idea about the second part of the question? We just manually added the shortcut for now, but need to push that out to many workstations in a few days as well.
Thanks again!
You can copy a .lnk file from a simple batch file.
copy \\server\share\link.lnk "c:\document and settings\all users\desktop"
You can then assign this script via GPO in the User Configuration-->Windows Settings-->Scripts Group Policy node, or by placing the script in the ~\netlogon share and modifying the Profile tab of the affected user accounts.
copy \\server\share\link.lnk "c:\document and settings\all users\desktop"
You can then assign this script via GPO in the User Configuration-->Windows Settings-->Scripts Group Policy node, or by placing the script in the ~\netlogon share and modifying the Profile tab of the affected user accounts.
ASKER
Okay perfect...this combined with your other solution will help me out. I had used that script yesterday, but it wasn't allowing the users to copy because they didn't have write permissions to the \all users\desktop. Now they do and I think that this will work perfectly. Thank you for all of your help!