Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Remotely change local folder permissions

Posted on 2009-02-23
5
Medium Priority
?
970 Views
Last Modified: 2012-05-06
Greetings,

I have a need to give the local MACHINE_NAME\Users group write permission to a specific folder on the the HDD of each workstation.  I am looking for a way to automate this as much as possible, versus using something like using Computer Management and making the change on each machine manually.

The workstations are XP and we have an AD network with W2K3 servers.

Thanks,
-Scott
0
Comment
Question by:CC85
5 Comments
 
LVL 6

Expert Comment

by:Syedm2
ID: 23712377
Use Group policy for the same.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 23712386
You can do that with a group policy.
Link a GPO to the OU with the computers in question (use security filtering, if necessary), and go to Computer Configuration\Windows Settings\Security Settings\File System. Add the folder name there (you don't need to be able to browse to it on the machine you're editing the GPO with, just enter the full local path name), then configure the permissions in the next dialog.
You can pick the local "Users" group on whatever machine you're editing the policy with, or (which is in my opinion the better solution) create a dedicated domain local group for this folder and assign it permissions, then add the global group "Domain Users" to this group.
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 23712407
Hi CC85,

You can use Group Policy to configure folder permissions.

"Apply or modify permission entries for objects using Group Policy"
http://technet.microsoft.com/en-us/library/cc756952.aspx

HTH

Toni
0
 
LVL 1

Author Comment

by:CC85
ID: 23712922
I was able to create the GPO and link it to the OU that contains the workstations.  The link is enabled, it's enforced, and it applies to Authenticated Users.  Using the GP Results wizard it does not get applied nor is it specifically denied.  Is there something else I need to do?
0
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 23713015
The machines will either
- need to be rebooted
- need to run gpedit /target:computer /force
- need to wait for a maximum of 90 minutes for the GP to be automtically applied again
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question