I am using Symantec Ghost to image some new computers. Upon deployment I find that Domain Users have no local file permissions. I am doing all of this remotely. I would like to use Group Policy or script (Powershell preferred) to set drive c: including all child files and folders on the local XP Professional machines to Full for Domain Users security group in Active Directory in Windows 2003 domain. Can someone please give me some direction as to how to accomplish this. Scripted approach would be desireable since I can use a text file listing the new machines to ensure that the new machines are the only ones on which the operation will take place. No domain users may have elevated or administrator rights other than myself on any of our client machines. All work is save to folders on our servers but users need to have access to files in order to run some applications that require writing some temporary files to the local machines and they need to be able to have access to the Windows Temp file to clean up temporary files which build up and are not cleaned up well by some legacy applications.