Here is a quickie that has had me scratching my head. Not a showstopper, so an answer isn’t urgent, but still.
I am trying to modify the logon scripts directory to include a login script. I have gone with Remote Desktop into my Domain Controller, and I am using a specially-created administrative account (something that wasn’t there when the domain was crafted) that is a part of the following groups:
- Administrators (builtin)
- Enterprise Admins
- Domain Admins
- Domain Users
- Group Policy Creator Owners
- Scan Operators
- Schema Admins
Unfortunately, I cannot create any files within the following folder:
\\domain\SYSVOL\domain\{policy}\Machine\Scripts\Startup
And yet, if I log on using the original Administrator account which was used to set up the domain in the first place, I can! In fact, the original Admin account can do a lot that the (apparently) identical special-purpose superadmin account can’t. I mean, WTF?? Both accounts are absolutely identical in terms of the groups they belong to, as well as the organizational unit they are a part of, so I am unsure as to what the frakking difference is.
In fact, the only way to actually place a script there is to go through the drive itself:
C:\Windows\SYSVOL\sysvol\domain\Policies\{policy}\Machine\Scripts\Startup
Best Answer
Take ownership, preferably in gpmc.