I am currently in the process of scripting up some GPs to import into an AD. As part of this I need to add a filter to a couple of the policies to deny a group read access. (Putting the reasons for doing this aside for the minute.). I'm trying to find a way to do this, I've tried using the setGPOPermissions script as part of the GPMC which only seems to add apply permissions or remove permissions that already exist. I've also been having a play with trying to use the GPM object directly to script the deny myself but it looks like there aren't any interfaces to do this.
GUI modification is not an option and I want to attempt to do this as out of the box as possible, (ok with GPMC).
Thanks,
Paul.
