I’m wokring on a script that can be applied across multiple domains to:

  1. Alert me when a specific condition has been met (Completed, all working)
  2. Lock down the network shares for SMB and DFS.

I understand that mupltiple users can have the access blocked but I don’t really fancy having to type out a list of users with comma’s.

Now, the majority of networks I work with have a generalised group for every user to make permissions easier to deal with.

Would there be a way of using the group name rather than a list of every single user in AD?

Do you mean, “can you use an AD group as part of an SMB share’s Access Control List?” Yes.