Last year I started a new job at a company that was overwhelmed with IT and not enough staff to handle it for several years. I have slowly been able to assist in getting everyone up to speed and many issues resolved. Right now I am looking at the roaming profiles and I see the pretty much everyone has full permissions to everyone else’s profile. This is obviously a security issue and I want to resolve it without taking 15 hours of manually changing the permissions and ownership of each folder.
I found the following link with the security recommendations for roaming profiles
and I found this link on how to set permissions for a specified group for those profiles.
It works great for assigning domain admins permissions but I need to do more:
Assign ownership of each folder to the user it belongs to, I do not know how to take ownership via powershell, and if I did how could I change the ownership using a wildcard that would put that user as the owner. As I understand scripting, using a wildcard like %username% would assign the permissions of the user running the script, not the user who needs ownership.
Assign full permissions for the user of the profile
Basically it needs to assign the permissions as it is described in the technet article listed above.
Any help and suggestions would be greatly appreciated.