• Hi Graham,

    very useful post for users who wish to track daily spend proactively. thanks.

    One question, on this topic. AWS organizations with multi account setup and have centralised billing. In such cases, If we setup this daily spend alerts at root account, Is it going to send consolidated spend of all member accounts including root account?

    Regards
    Ganesh

  • How is this? Rather than try to grant permissions to a folder when it becomes created, what about just giving authenticated users full-control of the outer folder which already is there?

    How do I define “all users”appdatalocal? That is all I need. I can grant full control to the local folder with inheritable permissions inward. I just can’t figure out the correct syntax to define the all-usersappdatalocal folder.

  • Hello,
    I haven’t tried this. However, I will check and let you know. This is the link where they explain about advanced hunting query language.

  • I used this to get the OU:

    Get-ADComputer -Filter {OperatingSystem -Like “*Server*”} -Properties * | select Name, @{n=’OU’;e={$_.canonicalname -replace “/$($_.cn)”,””}}, Enabled

  • I ran this as a task step. It creates the appdatafolder regardless of whether the app has been launched or not. The folder should only get created when the app is opened (that is working within the exe). After the app is launched, then in the userappdata location, the folder will exist, but by default the permissions do not contain authenticated users.
    So the batch is forcing the creation of the folder, rather than the app launch…and the authenticated user properties are still missing. I’d need a way for the job to see “when” the folder exists, add authenticated users…on a userprofile basis.

  • Thanks for the reply. I’m going to simply run this in MDT only on the task sequence that has this app installed. Not everyone who gets this image will be using that specific app, but once they open it, it creates the folder and my objective is to have authenticated users have full control of that newly created folder.
    I look at it kind of like staging the admin acct. The administrator account gets created in MDT, along with a password you give it. Someone can sign onto that pc and keep it for 10 yrs and never sign on as admin. But, once they do, the admin acct is automatically activated and has the p/w you’ve stashed in the unattend 10 yrs ago.
    The same with this app. A user may never sign onto this app for months, but once they do and the folder is auto created, authenticated users will get full control of it. It’s early Monday morning and my brain isn’t fully firing yet, but that’s the scenario I’m looking to create.

  • Can this batch file just be implemented in MDT as a task step….
    staged for any user who signs on in the future? Or must it be run per user on startup?

  • I can try that method. As of right now,

    for /d %%a in (C:Users*) do (
    icacls “%%aappdatalocalfoldername” /grant:r “authenticated users”:(OI)(CI)F /t
    )

    This seems to create the folder immediately, with no permissions added other than the usual computer user names. This method was suggested to me, as I am not even sure what the %%a refers to without looking it up.
    I’m just hoping the foldername gets created when the user launches the app (which it does) but ideally it would have authenticated users with full control. That is the only goal.

  • Sorry to say your way does not work in newer versions of Windows 11 as they have disabled ALL windows from piping up on top of the setup windows so NONE of your options will work anymore. Seems Microsoft has fixed that loophole so we need a new work around. Seems this method is out dated.
    I’m a 35 year computer tech.

  • Sorry to say your way does not work in newer versions of Windows 11 as they have disabled ALL windows from piping up on top of the setup windows so NONE of your options will work anymore.
    Seems Microsoft has fixed that loophole so we need a new work around. Seems your method is out dated. But this one I just figured out works as of June 26th 2022 I just used.

    1. A working way get to the create new account then click accessibility icon little man on bottom of screen.

    2. Then bring up Bluetooth and devices.
    Find the wifi adapter and disable it

    3. Close window and continue the setup new account. Leave password blank if you wish.

    4. Continue with setup and your done with an OFFLINE account.

    5. Then go back into settings and tenable your wifi adapter and connect to your internet and your all done

    Toss one up to us little guys to come up with a new fix.
    I’m a 35 year computer tech.

  • Then ways mentioned above no longer works as Microsoft has stopped the command widows from keyboard from popping up.

    YES YOU CAN!

    Windows 11 as they have disabled all popup windows from popping up from keyboard commands in newer versions
    But luckily for you today June 26th 2022 I found a work around. Just follow these steps and have an OFFLINE account.

    Must Connect to internet to work.
    1. Start setup and create new account, add an email doesn’t matter which click next.

    2. Then click accessibility icon, little man on bottom of screen. It brings up some settings.

    3. Then bring up Bluetooth and devices.
    Find the wifi adapter and disable it

    4. Close window and continue the setup new account. Leave password blank if you wish.

    5. Continue with setup and your done with an OFFLINE account to desktop.

    6. Then go back into settings and re enable your wifi adapter and connect to your internet and your all done

    Toss one up to us little guys to come up with a new fix.
    I’m a 35 year computer tech.

  • Sir we are having user1 in server1. We want to collect logs of server1 from server2 using credentials of user1. Surprisingly even after entering the credentials of user1 in event viewer it is taking loggedin credentials of the user logged into server2.

  • No worries Joshua, if you ever cover third party let me know. I’ve worked with the STIGs for 18 years, honestly we don’t have the tools we need without going to third parties.

  • Can this be done on a folder that only gets created once a user signs on? Each user, in their own appdata folder, will have a folder created once a certain app is launched.
    My hope is to have that folder have authenticated users have full control upon creation.

  • Run the netsh command from an admin elevated command prompt.

  • We don’t use ADFS, but we do use Azure AD. Can vCenter 7.0 directly use Azure AD as an IdP, or does it require ADFS as an intermediary?

    Same situation – Any luck

  • What are the Powershell commands for enabling shared config and adding additional servers?

  • Load More
© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account