Script Repository


Disallow users to change permissions on their home folders

June 17, 2016
985

The script can be used in Business Rules, Scheduled Tasks and Custom Commands to disallow users to change permissions on their home folders.

Edit Remove
PowerShell
# Get home directory folder
try
{
    $homeFolder = $Context.TargetObject.Get("homeDirectory")
}
catch
{
    $Context.LogMessage("The user does not have a home directory.", "Warning") # TODO: modify me
    return
}

# Get the user's SID
$userSidBinary = $Context.TargetObject.Get("objectSid")
$userSid = New-Object System.Security.Principal.SecurityIdentifier($userSidBinary, 0)

# Deny the permission to change security for the home folder
$homeFolderACL = Get-Acl $homeFolder
$acl = New-Object System.Security.AccessControl.FileSystemAccessRule($userSid,"ChangePermissions","ContainerInherit,ObjectInherit","None","Deny")
$homeFolderACL.AddAccessRule($acl)

Set-Acl -path $homeFolder $homeFolderACL

Comments ( 0 )
No results found.
Leave a comment

Related Scripts