We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Disallow users to change permissions on their home folders

February 24, 2021 Views: 2154

The script can be used in business rules, scheduled tasks and custom commands to disallow users to change permissions on their home folders.

Edit Remove
PowerShell
# Get home directory folder
try
{
    $homeFolder = $Context.TargetObject.Get("homeDirectory")
}
catch
{
    $Context.LogMessage("The user does not have a home directory.", "Warning") # TODO: modify me
    return
}

# Get the user's SID
$userSidBinary = $Context.TargetObject.Get("objectSid")
$userSid = New-Object System.Security.Principal.SecurityIdentifier($userSidBinary, 0)

# Deny the permission to change security for the home folder
$homeFolderACL = Get-Acl $homeFolder
$acl = New-Object System.Security.AccessControl.FileSystemAccessRule($userSid,"ChangePermissions","ContainerInherit,ObjectInherit","None","Deny")
$homeFolderACL.AddAccessRule($acl)

Set-Acl -path $homeFolder $homeFolderACL
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers