My code works on my Windows 2008R2 domain (test). But same code on Windows 2003 domain (customer production) acts strange. Here is my code.
# Set ACL
$FullPermissionsGroup = "DL_AdminGroup"
$Rights = [System.Security.AccessControl.FileSystemRights]::"FullControl"
$Inherit = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$Propagation = [System.Security.AccessControl.PropagationFlags]::None
$Access =[System.Security.AccessControl.AccessControlType]::"Allow"
$objUser = New-Object System.Security.Principal.NTAccount($FullPermissionsGroup)
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $Rights, $Inherit, $Propagation, $Access)
$ACL = Get-Acl $ADuser.HomeDirectory
$ACL.AddAccessRule($AccessRule)
$Account = new-object system.security.principal.ntaccount($ADUser.sAMAccountName)
$ACL.setowner($Account)
$ACL.SetAccessRule($AccessRule)
Set-ACL $ADuser.HomeDirectory $ACL
Windows 2008R2 environment
- DL_AdminGroup group are added on user's HomeDirectory. That is what I want.
Windows 2003 environment
- DL_AdminGroup group are added on user's HomeDirectory and all other permissions are removed (except directory ownew).
What to do that W2003 environment acts like W2008R2?