When considering the role of an Access Control List in cyber security, it basically functions as a gatekeeper for the system in question, with the ability to allow, restrict or block access when necessary. Alternatively, an Access Control List may also be built into any given network interface or operating system. ACLs may be installed on routers or switches from where they are able to monitor incoming and outgoing traffic to ensure that users and systems are adhering to the prescribed rules. $AccessRule = New-Object Access Control List, otherwise known as an ACL, is a specified set of rules that determine whether or not a system or a user is granted access to a specific object or system resource. $_inherit = ::ContainerInherit ::ObjectInherit $_perms = "$(::Delete),$(::DeleteSubdirectoriesAndFiles)" $localowneraccount = "$env:COMPUTERNAME\$localowners" This is part of the script (which works, but the setting gets lost after a few days): $PublicDesktop = "$env:Public\Desktop" Is there a permission template in Windows for that folder to adjust as well? (And what triggers its application?) Seems like something reset the folder permissions and I am not sure what it is. This works (somewhat, you have to open the folder and can’t delete the icons directly on your desktop but it is a alternative for this question) but the ACL seems to be reset regularly (the ACE for this local group with the Allow permission is removed). So I added a Local group where I add the owner users (kind of similar to power users) and add that group with a “delete allow” ACL entry on the public desktop folder. One common action people want to do is to delete desktop icons from the shared public desktop (because of stupid software installer). I tried to reduce the need for administrative privs on Windows 10 domain members.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |