Forum Discussion
Is it possible to disable search location in file explorer voa intune
Hi all, Is it possible to disable the file search bar which allows users to search for locations ie Appdata via intune?
I just referenced that post because it showed you ("In the Get the SID of an Azure Active Directory group" section) how to retrieve the SID. The SID of the group is known for an Azure AD joined machine. It will translate it to the group with no problem.
Hi Harm,
I have managed to use Account protection to get the SID of a group in Users group on the machine. So now need a script that reads the sid to set the permissions?
I have managed to use Account protection to get the SID of a group in Users group on the machine. So now need a script that reads the sid to set the permissions?
ABill1 This should do all folders in c:\users:
foreach ($folder in Get-ChildItem -Path c:\users -Directory) { $folderPath = "C:\Users\$($folder.Name)\appdata\Local\Microsoft\Edge\User Data\Default\Extensions\dlcaglefdlidioooijnigjhfcndlncfp" # Define the account for which you want to deny permissions $account = "AzureAD\A SPECIFIC USERNAME" # Get the current ACL $acl = Get-Acl -Path $folderPath # Create a rule to deny deletion and deletion of subfolders $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($account, "Delete, DeleteSubdirectoriesAndFiles", "Deny") # Add the rule to the ACL $acl.AddAccessRule($rule) # Apply the modified ACL to the folder Set-Acl -Path $folderPath -AclObject $acl }(No checks if the folder exists and not tested)
But... Like I asked before, a few comments back... Why do you NEED the plugin for secure internet access, and why can people browse the internet without it?! Could they use another browser, too? You have to setup your firewall so the content blocking is done there... That would be better.
- With this script I can set it per user however not for all users on the machine and it sets permission for the folder: dlcaglefdlidioooijnigjhfcndlncfp with
$folderPath = "C:\Users\A SPECIFIC USERNAME\appdata\Local\Microsoft\Edge\User Data\Default\Extensions\dlcaglefdlidioooijnigjhfcndlncfp"
# Define the account for which you want to deny permissions
$account = "AzureAD\A SPECIFIC USERNAME"
# Get the current ACL
$acl = Get-Acl -Path $folderPath
# Create a rule to deny deletion and deletion of subfolders
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($account, "Delete, DeleteSubdirectoriesAndFiles", "Deny")
# Add the rule to the ACL
$acl.AddAccessRule($rule)
# Apply the modified ACL to the folder
Set-Acl -Path $folderPath -AclObject $acl
I also cant get it to set this policy to sub folders as these can still be deleted. Any ideas? - Now, you can use a script that sets the correct permissions on the folder for the Users group.