The final step to my script is to set the proper permissions on the user's home folder. The following VBScript syntax unchecks the box "inherit permissions from parent folder" after copying the users. According to documentation with the free Microsoft script XCACLS.VBS, removing a user/group from the ACL should require the /R switch. I can't get it to remove the "Authenticated Users" group.
This syntax works at the command line:
C:\WINNT>cscript c:\winnt\xcacls.vbs \\oak\users$\TEST /I COPY /r "authenticated users"
(the command line will change "authenticated users: to "NT AUTHORITY\Authenticated Users" automatically)
This VBScript syntax does everything except remove "Authenticated Users" from the ACL:
If objFSO.FolderExists(strHomeFolder) Then
set objWsh = CreateObject("Wscript.Shell")
objWsh.run "c:\WINNT\xcacls.vbs \\oak\Users$\" & strNTName & " /I copy /r "NT AUTHORITY\Authenticated Users"
All of this code is executed from a Windows 2000 Domain Controller.
I noticed that the /I part of the command has to complete before the /r part will work and it appears that XCACLS.vbs "removes" before it "Unchecks" the Inherit permissions box.