Server OS: 2012 r2
Clients: Win 10
Folder re-direction: GPO redirects Desktop, Documents, Favorites and Downloads to \\Server\Share$\%username%\
Normally I disagree with re-directing downloads, but due to compliance requirements, we have to re-direct the downloads folder.
That being said, we are trying to figure out the most effective way to have the contents of the downloads folder removed nightly without impacting user logon/logoff times.
The only way we can think of doing this is by using a scheduled task that runs on the server nightly.
We tried using a script that runs on each computer at logoff but that proved to be impractical because it caused users to experience really long logoff times depending on the size of their downloads directory.
The issue we are faced with is, if we create a scheduled task on the server, would we have to create an account with full access permissions to user's home folders or can we run a scheduled task with gMSA? Does gMSA have full system access to any directory regardless of NTFS permissions?
I say regardless, but that's assuming NTFS permissions for the folder re-direction shares have the "SYSTEM" user account added with full control to the parent directory and all subfolders and files.
It makes sense to just try it and test it, but we're on a bit of a time crunch. We're working on getting a gMSA setup and try to run a script using that account.