I have a batch script that runs cacls commands to reset permissions on files in the system32 directory of an Win XP domain computer. The script is run as a machine startup script from an Active Directory GPO. The script is not working correctly when run from the GPO. If I run the script as a domain admin on the computer directly it works correctly.
1. Can CACLS be run under the local computer SYSTEM credentials correctly?
2. If yes to #1, then what can I do to enable debugging to see why it's not working.
Here's an example of a line in the script.
echo y| cacls %SystemRoot%\system32\at.exe /G Administrators:F System:F