I work in a school environment working with Server 2008r2 and have a script that creates new student users. Everything about this script works except assigning file permissions.
I have a group at each school location named sec-(school)-admin and the on-site tech is a member of that group. That group has full control of the directory where the user home folders are held. The only way I have to change permissions right now is to either run the script with my domain admin credentials (on-site tech is not DA) or remote to the server and do it myself.
Here is the snippet of where I am having issues
icacls.exe $homedir /grant $icacls':(OI)(CI)(F)' /t /c icacls.exe $homedir /setowner $icacls icacls.exe $homedir /remove $env:USERNAME /t
$homedir = the users home directory
$icacls = domain\user
$env:USERNAME = The on-site tech running the script
All 3 of the commands give access denied. I have 22 separate school file servers and only one of them has issues with it giving an access denied error. It also just happens to be the largest school in my district.
Any help would be appreciated. Please let me know if you need more info.