[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1030
  • Last Modified:

Grant GPO user full access to specific local directory (using GPO)

I am using a Windows Server 2003 domain. I have two questions within one question. First and most importantly, I need to know how to grant normal users (teachers) FULL access to a specific local directory (C:\EXAMPLE). There is a program that they must run and have access to that directory, but we don't want them to be able to write to other places. Right now the program will not run due to this restriction. I was able to get it to work by MANUALLY granting that regular user permission by right clicking and and then doing sharing and security.

Secondly, I would like to know how to write a script to copy a shortcut to the desktop of each of the normal users. I have the .lnk file on a shared directory on the server. I have an idea to use a VBS but I don't know how that should be written. Can anyone tell me exactly how to write that?

Your help is greatly appreciated.  I need to have these up and running in only TWO DAYS and am beginning to get worried. The FIRST question is much more important than the second!
0
lanehart
Asked:
lanehart
  • 3
  • 2
1 Solution
 
LauraEHunterMVPCommented:
For the first, create and link a Group Policy Object (or edit an existing one) and use the Computer Configuration-->Windows Settings-->Security Settings-->File System.  Add the folder in question (create the folder on the machine you're working from beforehand if it's not present already), and then grant the necessary permissions to the directory.

You can assign scripts using Group Policy as well, in the User Configuration-->Windows Settings-->Scripts Group Policy node.
0
 
vladhCommented:
Why not just creating a domain local group, giving that group permissions to the folder in question and adding users to the group? Seems like using a GPO for just file system access is a very unnecessary overkill...

0
 
LauraEHunterMVPCommented:
It sounds as though the OP needs to grant these permissions across multiple workstations; a GPO is the most efficient way to accomplish that.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
lanehartAuthor Commented:
Laura,
Thanks for your swift reply...we'd been working 13 hours yesterday and finally got everything where it needs to be (!).  The GPO woried exactly as it should, so I don't see any problem with doing that. It doesn't seem to slow down our login process or anything. I will give you these points, but do you have any idea about the second part of the question? We just manually added the shortcut for now, but need to push that out to many workstations in a few days as well.

Thanks again!
0
 
LauraEHunterMVPCommented:
You can copy a .lnk file from a simple batch file.

copy \\server\share\link.lnk "c:\document and settings\all users\desktop"

You can then assign this script via GPO in the User Configuration-->Windows Settings-->Scripts Group Policy node, or by placing the script in the ~\netlogon share and modifying the Profile tab of the affected user accounts.
0
 
lanehartAuthor Commented:
Okay perfect...this combined with your other solution will help me out. I had used that script yesterday, but it wasn't allowing the users to copy because they didn't have write permissions to the \all users\desktop. Now they do and I think that this will work perfectly. Thank you for all of your help!
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now