ACL for Windows Authorization Access Group

by jkavanagh58 at 2012-08-24 09:56:18

I had posted a question about this before and I am readding simply because I thought it was funny that Microsoft Premier Support provided a vbs script to address resolving the issue. Issue was discovered when SCCM discoveries were missing certain computers. The issue was the Windows Authorization Access Group was not granted Read tokengroupsglobalanduniversal on the objects that we expected to see in a system discovery. So I wrote a quick script to check all users, computers and groups to see if that group was listed in a listing of identityreferences returned via get-acl -audit. Report was accurate after manual veification. We submitted to Microsoft Premier Support our findings and it appeared to all older objects. So I was trying to write a set-acl to add the WAAG with just that right/permission but couldn’t get it without adding addition Read rights. I will have to go through the vbs that was provided and see if I can duplicate the methods in Powershell.
by DonJ at 2012-08-27 14:27:06
Feel free to post the VBS here, as a file attachment, if you’re allowed. It’s not that surprising - a lot of those Support tools have been around for a good while, and there’s no sense in rewriting them if they still work ;).
by jkavanagh58 at 2012-10-01 08:17:22
While I agree, although I get most of my Powershell experience via re-writing existing VBS scripts, with regards to use what already exists but considering verbage from the Premier Support tech and the turnaround time I would be inclined that this wasn’t an existing solution.