On Mon, Sep 8, 2008 at 7:57 AM, <[EMAIL PROTECTED]> wrote: > > KenM <[EMAIL PROTECTED]> wrote on 09/05/2008 09:32:53 PM: > >> Also why are you taking ownership, If these folders were created >> using the users home drive path in ADUC then the local admins should >> have access and your can just run the script as a users who is in >> the local admins group. > > Well, no. The only accounts with access (usually) are the user. Local admins > removed from security at upper level (i.e., E:\Users), and no inheritence > for sub-folders specified. Otherwise, anyone who is a local admin (such as a > Domain Admin) could access any files, and that's a No-No. :-)
Nice script! However, it's futile to try to deny access to local/domain admins - they can get at it anyway, and it just makes administering that much harder. I set up home drives with local administrators full control, the individual user with change control, and let it go. Life is much simpler that way. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~