How do I restrict users to read-only access to their Home Directories?

You can restrict users to read-only access to their Home Directories through the Active Directory Users and Computers console on the AD controller, or via PowerShell.

This article provides a sample script that can be used to help with this process.

Prerequisites

  • Create a CSV file containing all the usernames (SAMAccountName).
  • Install the required AD module on the machine that you're running the script from.

Example Script

Import-Module 'ActiveDirectory'
import-csv E:\usersname.csv | foreach-object{
$homeDrive = (Get-ADUser -Identity $_.name -Properties homedirectory).homedirectory #Query AD for the HomeDirectory attribute
$ACL = Get-Acl $homeDrive
$ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Read", "ContainerInherit,ObjectInherit", "none", "allow")))
Set-Acl $homeDrive $ACL
}

Was this article helpful?
1 out of 1 found this helpful