I've started forcing myself to use PowerShell scripts for GPOs. I have updated GPOs to permit this but I'm seeking to allow Domain Admin access to userprofiles for existing roaming user profiles.
icacls.exe \\sharedpath\user` profiles$\%username%.v2 /grant “domain\Domain Admins”:F /T /Q
This one is for the user profiles. Took some googling to figure out `
deals with spaces in paths. However, I'm really stuck with:
icacls.exe : Invalid parameter "domain\Domain Admins"
I can't seem to find anything related to spaces in parameters. I tried the obvious '
char but that makes no difference.
The powershell way:
Should go without saying that you should test it thoroughly before using it in a logon script.