Variations on a theme
That last script I posted wasn't exactly what I needed. I had to rewrite it to leave existing permissions in-tact. The one below accomplishes the same goal without deleting all existing ACLs. There are a few assumptions in place. First that the local admins group will be given full control to anything we touch. Second, the TrustedInstaller account will be given full control, even if it only had read access before. This just makes life easier. I also fixed the logging so that everything is logged, just in case. The application of the new ACLs is done individually instead of via a function so that things can be better customized. There is a reference section at the bottom that lists some permissions options available. It's not needed by the script. I tested this script against my PC and a few test PCs. There don't appear to be any ill effects. Again, use at your own risk and watch for line wrapping. #============...