This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 7.000000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I wrote a powershell script that helpdesk uses to give user temporary access to a lockdown computer. We have a local temporary access group on the computer. A time stamp(file) is created. when a user is added.
I wrote a second script to remove the user from the group if timestamp is older than a day. The second script is added to a Group Policy at logon.
If I login to the workstation, users in the group older than a day are removed from the local group. I have admin rights. I am able to remove.
I would like the group to be cleaned up even if a non admin. Thanks for your help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Are your timestamp files inheriting permissions from the directory, or are they assigned specific permission at the time they're created?
If they're inheriting the permissions, change the permissions at the directory. If you're assigning them specific permissions at creation time, change the code that creates the files.
Thank you. The file is inheriting permissions from the directory on the C drive. Users can read the file. The issue is that the Powerhell Script to remove members from a local group at logon does not work for a non admin user. We have the local group on 800+ computers.
I don't think a non admin user has permissions to remove members from a group. Trying to figure out how to get around this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 56.00000000000001%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHJ%3C/text%3E%3C/svg%3E)
I think you are right, permissions might be the issue here as deletion requires permissions.
You could consider setting up the 2nd script locally (push) or make it available through a share followed by creating a scheduled task which runs under the systems account with trigger "upon signin > each and every user"
Please let me know if this would work for you.
----------
If this helps, please accept the answer and upvote
