1

Users are sharing their password. As you know, this is bad! The big reason why they do that is to allow a colleague to access theirs files when they are away. Yes, they can plan this in advance, but this is not always doable.

I'm looking to find a way I could give access to theses files to a team leader with no need of password sharing and no need to ask IT to reset user's password. All files are locally stored. User's directory are not stored on network share.

I tried to create a GPO to add a read access permission to the team leader on C:\Users, but the permission doesn't propagate to the user's directory.

I'm more a Linux admin than a Windows one. In the Linux world, I would just use sudo, but I don't think something like that exist for Windows.

Do you see another way to achieve what I'm trying to do?

Francis
  • 381
  • 2
  • 6
  • 17
  • 2
    _All files are locally stored_ this is the main problem. It's quite unusual to be honest. Trying to modify the _Users_ structure in a Windows environment is just as problematic. Use a file server and domain groups to use fine-grained ACLs for files etc. – Lenniey Jan 15 '19 at 15:22

1 Answers1

0

I found a solution. I created a GPO that set a logon script that define the right permissions on %USERPROFILE% with icacls.

Francis
  • 381
  • 2
  • 6
  • 17