sync: auto-sync from HOWARD-HOME at 2026-05-20 17:08:25
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-05-20 17:08:25
This commit is contained in:
44
.claude/temp/frd-remove-authedusers3.ps1
Normal file
44
.claude/temp/frd-remove-authedusers3.ps1
Normal file
@@ -0,0 +1,44 @@
|
||||
$domain = 'cascades.local'
|
||||
$gpoName = 'CSC - Folder Redirection'
|
||||
$gpoGuid = '{512B43A4-F049-4CE5-BFAC-860AD13E92BE}'
|
||||
|
||||
Import-Module ActiveDirectory -EA SilentlyContinue
|
||||
Import-Module GroupPolicy -EA SilentlyContinue
|
||||
|
||||
# Suppress all ShouldProcess confirmations
|
||||
$ConfirmPreference = 'None'
|
||||
|
||||
# Try Set-GPPermission with ConfirmPreference suppressed
|
||||
try {
|
||||
Set-GPPermission -Name $gpoName -Domain $domain `
|
||||
-PermissionLevel None -TargetName 'Authenticated Users' -TargetType Group -EA Stop
|
||||
Write-Output "[OK] Removed via Set-GPPermission"
|
||||
} catch {
|
||||
Write-Output "[WARN] Set-GPPermission failed: $($_.Exception.Message)"
|
||||
|
||||
# Fallback: GPMC COM object
|
||||
try {
|
||||
$gpm = New-Object -ComObject GPMgmt.GPM
|
||||
$constants = $gpm.GetConstants()
|
||||
$gpmDomain = $gpm.GetDomain($domain, '', $constants.UseAnyDC)
|
||||
$gpo = $gpmDomain.GetGPO($gpoGuid)
|
||||
$secInfo = $gpo.GetSecurityInfo()
|
||||
$newSec = $gpm.CreateSecurityInfo()
|
||||
for ($i = 0; $i -lt $secInfo.Count; $i++) {
|
||||
$perm = $secInfo.Item($i)
|
||||
if ($perm.Trustee.TrusteeName -ne 'Authenticated Users') {
|
||||
$newSec.Add($perm)
|
||||
}
|
||||
}
|
||||
$gpo.SetSecurityInfo($newSec)
|
||||
Write-Output "[OK] Removed via GPMC COM"
|
||||
} catch {
|
||||
Write-Output "[ERROR] COM approach: $($_.Exception.Message)"
|
||||
}
|
||||
}
|
||||
|
||||
Write-Output ""
|
||||
Write-Output "=== GPO Security Filter (final) ==="
|
||||
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
|
||||
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
|
||||
}
|
||||
Reference in New Issue
Block a user