I always seem to have some really poorly written applications I’m required to deploy at work. You know, the kind of applications that decide to write their temporary files right to the Program directory INSTEAD OF user writable space. You know, like their profile?! Please don’t judge me. This small little Admin’s voice doesn’t get heard too often when it comes to software selection. I’d much rather work with software companies that follow security standards and don’t give me “The user needs to be an Administrator on the box.” blanket statements.
Either way, my voice gets drowned out and I need to find a way to get these programs to function without adding the user to the Administrators group. This can usually be accomplished by granting the local “Users” group on the PC Read and Write permissions to the application’s folders.
Below is a VBScript that does just that. Technically, the script actually shells out to a Command Prompt and runs CACLS but putting it in this script allows me to adjust permissions on multiple folders. I can then apply this VBScript to a Group Policy (GPO) in order to install these stupid applications using a managed install.
In order to use this script you need to modify the folders in the strFolders array. All the folders in this array will have Read/Write (RW) permissions granted to the local NT Group located in strNTGroup.