Paul-
I think that you're going to have to get the GUID of the
GPO, and then set a Deny Read ACE on the NTFS permissions under
Winnt\SYSVOL\sysvol\domain\policies\{GUID}. You could use a script or command
line utility like Xcacls to do that.
Hunter
From: PAUL MAYES [mailto:[EMAIL PROTECTED]
Sent: Friday, August 27, 2004 4:46 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Scripting GP woes
I am currently in the process of scripting up some GPs to import into an
AD. As part of this I need to add a filter to a couple of the policies to
deny a group read access. (Putting the reasons for doing this aside for the
minute.). I'm trying to find a way to do this, I've tried using the
setGPOPermissions script as part of the GPMC which only seems to add apply
permissions or remove permissions that already exist. I've also been having a
play with trying to use the GPM object directly to script the deny myself but it
looks like there aren't any interfaces to do this.
GUI modification is not an option and I want to attempt to do this as out
of the box as possible, (ok with GPMC).
Thanks,
Paul.
