Remotely change local folder permissions

Posted on 2009-02-23
Last Modified: 2012-05-06

I have a need to give the local MACHINE_NAME\Users group write permission to a specific folder on the the HDD of each workstation.  I am looking for a way to automate this as much as possible, versus using something like using Computer Management and making the change on each machine manually.

The workstations are XP and we have an AD network with W2K3 servers.

Question by:CC85
    LVL 6

    Expert Comment

    Use Group policy for the same.
    LVL 82

    Expert Comment

    You can do that with a group policy.
    Link a GPO to the OU with the computers in question (use security filtering, if necessary), and go to Computer Configuration\Windows Settings\Security Settings\File System. Add the folder name there (you don't need to be able to browse to it on the machine you're editing the GPO with, just enter the full local path name), then configure the permissions in the next dialog.
    You can pick the local "Users" group on whatever machine you're editing the policy with, or (which is in my opinion the better solution) create a dedicated domain local group for this folder and assign it permissions, then add the global group "Domain Users" to this group.
    LVL 31

    Expert Comment

    by:Toni Uranjek
    Hi CC85,

    You can use Group Policy to configure folder permissions.

    "Apply or modify permission entries for objects using Group Policy"


    LVL 1

    Author Comment

    I was able to create the GPO and link it to the OU that contains the workstations.  The link is enabled, it's enforced, and it applies to Authenticated Users.  Using the GP Results wizard it does not get applied nor is it specifically denied.  Is there something else I need to do?
    LVL 82

    Accepted Solution

    The machines will either
    - need to be rebooted
    - need to run gpedit /target:computer /force
    - need to wait for a maximum of 90 minutes for the GP to be automtically applied again

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now