Script repository

Disallow users to change permissions on their home folders

February 24, 2021 Views: 2137
Folders and Profiles Security

The script can be used in business rules, scheduled tasks and custom commands to disallow users to change permissions on their home folders.

Edit Remove
PowerShell
# Get home directory folder
try
{
    $homeFolder = $Context.TargetObject.Get("homeDirectory")
}
catch
{
    $Context.LogMessage("The user does not have a home directory.", "Warning") # TODO: modify me
    return
}

# Get the user's SID
$userSidBinary = $Context.TargetObject.Get("objectSid")
$userSid = New-Object System.Security.Principal.SecurityIdentifier($userSidBinary, 0)

# Deny the permission to change security for the home folder
$homeFolderACL = Get-Acl $homeFolder
$acl = New-Object System.Security.AccessControl.FileSystemAccessRule($userSid,"ChangePermissions","ContainerInherit,ObjectInherit","None","Deny")
$homeFolderACL.AddAccessRule($acl)

Set-Acl -path $homeFolder $homeFolderACL
Comments 0
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers