azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fa4ac2ea37a32e0fde79ff87a109ffbcb01dc787
claudetools/.claude/temp/frd-remove-authedusers3.ps1
Howard Enos bc984d9c78 sync: auto-sync from HOWARD-HOME at 2026-05-20 17:08:25 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-20 17:08:25
2026-05-20 17:08:29 -07:00

45 lines
1.6 KiB
PowerShell
Raw Blame History

$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
$gpoGuid = '{512B43A4-F049-4CE5-BFAC-860AD13E92BE}'
Import-Module ActiveDirectory -EA SilentlyContinue
Import-Module GroupPolicy -EA SilentlyContinue
# Suppress all ShouldProcess confirmations
$ConfirmPreference = 'None'
# Try Set-GPPermission with ConfirmPreference suppressed
try {
Set-GPPermission -Name $gpoName -Domain $domain `
-PermissionLevel None -TargetName 'Authenticated Users' -TargetType Group -EA Stop
Write-Output "[OK] Removed via Set-GPPermission"
} catch {
Write-Output "[WARN] Set-GPPermission failed: $($_.Exception.Message)"
# Fallback: GPMC COM object
try {
$gpm = New-Object -ComObject GPMgmt.GPM
$constants = $gpm.GetConstants()
$gpmDomain = $gpm.GetDomain($domain, '', $constants.UseAnyDC)
$gpo = $gpmDomain.GetGPO($gpoGuid)
$secInfo = $gpo.GetSecurityInfo()
$newSec = $gpm.CreateSecurityInfo()
for ($i = 0; $i -lt $secInfo.Count; $i++) {
$perm = $secInfo.Item($i)
if ($perm.Trustee.TrusteeName -ne 'Authenticated Users') {
$newSec.Add($perm)
}
}
$gpo.SetSecurityInfo($newSec)
Write-Output "[OK] Removed via GPMC COM"
} catch {
Write-Output "[ERROR] COM approach: $($_.Exception.Message)"
}
}
Write-Output ""
Write-Output "=== GPO Security Filter (final) ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
}
Reference in New Issue View Git Blame Copy Permalink