Last year I started a new job at a company that was overwhelmed with IT and not enough staff to handle it for several years. I have slowly been able to assist in getting everyone up to speed and many issues resolved. Right now I am looking at the roaming profiles and I see the pretty much everyone has full permissions to everyone else’s profile. This is obviously a security issue and I want to resolve it without taking 15 hours of manually changing the permissions and ownership of each folder.
I found the following link with the security recommendations for roaming profiles
http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx
and I found this link on how to set permissions for a specified group for those profiles.
It works great for assigning domain admins permissions but I need to do more:
-
Assign ownership of each folder to the user it belongs to, I do not know how to take ownership via powershell, and if I did how could I change the ownership using a wildcard that would put that user as the owner. As I understand scripting, using a wildcard like %username% would assign the permissions of the user running the script, not the user who needs ownership.
-
Assign full permissions for the user of the profile
-
Basically it needs to assign the permissions as it is described in the technet article listed above.
Any help and suggestions would be greatly appreciated.