From 077bd028316321ecb1962670d574c3ceea29e476 Mon Sep 17 00:00:00 2001 From: bschaper Date: Tue, 14 Jan 2025 11:59:36 -0600 Subject: [PATCH] Removed User Permissions to Scripts Folder --- Patches/Windows/Remove-Permissions.ps1 | 10 ++++++++++ TCSE-Computer-Deploy.bat | 4 ++++ 2 files changed, 14 insertions(+) create mode 100644 Patches/Windows/Remove-Permissions.ps1 diff --git a/Patches/Windows/Remove-Permissions.ps1 b/Patches/Windows/Remove-Permissions.ps1 new file mode 100644 index 0000000..887e5a8 --- /dev/null +++ b/Patches/Windows/Remove-Permissions.ps1 @@ -0,0 +1,10 @@ +$computerName = $env:COMPUTERNAME +$domain = (Get-WmiObject Win32_ComputerSystem).Domain + +$folderPath = "C:\Scripts" +$groupName = "Authenticated Users" + +$acl = Get-Acl -Path $folderPath +$acl.SetAccessRuleProtection($true, $false) +$acl.RemoveAccessRule($acl.Access | Where-Object {$_.IdentityReference -eq "$domain\$groupName"}) +Set-Acl -Path $folderPath -AclObject $acl \ No newline at end of file diff --git a/TCSE-Computer-Deploy.bat b/TCSE-Computer-Deploy.bat index 8ad0fd2..1b334ac 100644 --- a/TCSE-Computer-Deploy.bat +++ b/TCSE-Computer-Deploy.bat @@ -91,6 +91,10 @@ powershell Remove-Item -Path 'C:\Scripts\Software\Office2016' -Recurse -Force powershell Remove-Item -Path 'C:\Scripts\Software\RemoteAgent64-TCSE.exe' powershell Remove-Item -Path 'C:\Scripts\Software\gcpwstandaloneenterprise64.exe' +:: Remove Permissions +echo Removing User Permissions to Scripts Folder... +powershell -ExecutionPolicy Bypass -File "C:\Scripts\Patches\Windows\Remove-Permissions.ps1" + :: Perform Windows Updates powershell -ExecutionPolicy Bypass -File "C:\Scripts\Patches\Windows\Initial-Windows-Updates.ps1"