Hey i am not a programmer but still i have found something for you and i hope that it will help you to solve your issue. But keep on thing in mind that this program will just help you to create your own so make changes possible and try it out but be careful and consult a concerned or official person regarding the program.
Code:
$User = $(throw ‘$User is Required’,[switch]$CheckBox)
Write-Host
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"","(&(objectcategory=User)(sAMAccountName=$user))")
$MyUser = $Searcher.FindOne().GetDirectoryEntry()
if(!$?){" !! Failed to Get User !!";Return}
if($CheckBox)
{
Write-Host " – Checking Box for User [$($MyUser.distinguishedName)]"
$self = [System.Security.Principal.SecurityIdentifier]‘S-1-5-10′
$ExtendedRight = [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight
$deny = [System.Security.AccessControl.AccessControlType]::Deny
$selfDeny = new-object System.DirectoryServices.ActiveDirectoryAccessRule($self,$ExtendedRight,$deny,‘ab721a53-1e2f-11d0-9819-00aa0040529b’)
$MyUser.psbase.get_ObjectSecurity().AddAccessRule($selfDeny)
$MyUser.psbase.CommitChanges()
}
else
{
Write-Host " – Removing Check Box for User [$($MyUser.distinguishedName)]"
$ACL = $MyUser.psbase.get_ObjectSecurity().GetAccessRules($true,$false, [System.Security.Principal.NTAccount])
$ACEs = $ACL | ?{($_.ObjectType -eq ‘ab721a53-1e2f-11d0-9819-00aa0040529b’) -and ($_.AccessControlType -eq ‘Deny’)}
foreach($ACE in $ACEs){if($ACE){[void]$MyUser.psbase.get_ObjectSecurity().RemoveAccessRule($ACE)}}
$MyUser.psbase.CommitChanges()
}
Write-Host
Bookmarks