I would like to have a local folder on all of my domain connected computers kept in sync with a share on one of my servers.
Only Domain Admins and the SYSTEM account should have Modify permissions to the local folder and the share, everyone else should have Read/Execute.
Any suggestions are welcome.
My first thought was to use a GPO to create the local folder, set it’s permissions and create a scheduled task to run RoboCopy.
Getting RoboCopy to run with the right permissions seems to be the trick. I believe it would need to run as the local system account (so that someone being logged in is not necessary), but it also needs to use the computer account for network access.
Which account would I use when creating the Scheduled Task?
Should this work?
Is there a better way?