Hello! I have documents and similar folders redirected to disk D, and I did not grant the exclusive access, because I want administrators to have access. But if I don't grant exclusive access, all authenticated users (even guest!) HAVE read-only access. So how do I prevent common users and guests from reading other people's stuff? Or how to allow administrators ONLY to read other people's stuff? Thank you for your time.

This KB article is a good start when it comes to permission problems with folder redirection, http://support.microsoft.com/default.aspx/kb/274443?p=1. Consider setting these ACLs only for testing.Blogging about Windows for IT pros at www.theexperienceblog.com

Took me long, but I got it running. It's pretty universal, everyone should be able to use this script after removing rights for PC Admins (or adding such a group/user). const HKEY_CURRENT_USER = &H80000001 Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv") strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" Set objShell = CreateObject("Wscript.Shell") strValueName = "{374DE290-123F-4565-9164-39C4925E467B}" oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 'Wscript.Echo "Current Downloads Folder: " & strValue' objShell.Run "cacls "& strValue &" /T /E /G ""DOMAIN\Enterprise Admins"":F ""DOMAIN\Domain Admins"":F Administrators:F ""DOMAIN\PC Admins"":F", 0,false strValueName = "{56784854-C6CB-462B-8169-88E350ACB882}" oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 'Wscript.Echo "Current Contacts Folder: " & strValue' objShell.Run "cacls "& strValue &" /T /E /G ""DOMAIN\Enterprise Admins"":F ""DOMAIN\Domain Admins"":F Administrators:F ""DOMAIN\PC Admins"":F", 0,false strValueName = "Desktop" oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 'Wscript.Echo "Current Desktop Folder: " & strValue' objShell.Run "cacls "& strValue &" /T /E /G ""DOMAIN\Enterprise Admins"":F ""DOMAIN\Domain Admins"":F Administrators:F ""DOMAIN\PC Admins"":F", 0,false strValueName = "Favorites" oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 'Wscript.Echo "Current Favorites Folder: " & strValue' objShell.Run "cacls "& strValue &" /T /E /G ""DOMAIN\Enterprise Admins"":F ""DOMAIN\Domain Admins"":F Administrators:F ""DOMAIN\PC Admins"":F", 0,false strValueName = "My Music" oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 'Wscript.Echo "Current My Music Folder: " & strValue' objShell.Run "cacls "& strValue &" /T /E /G ""DOMAIN\Enterprise Admins"":F ""DOMAIN\Domain Admins"":F Administrators:F ""DOMAIN\PC Admins"":F", 0,false strValueName = "My Pictures" oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 'Wscript.Echo "Current My Pictures Folder: " & strValue' objShell.Run "cacls "& strValue &" /T /E /G ""DOMAIN\Enterprise Admins"":F ""DOMAIN\Domain Admins"":F Administrators:F ""DOMAIN\PC Admins"":F", 0,false strValueName = "My Video" oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 'Wscript.Echo "Current My Video Folder: " & strValue' objShell.Run "cacls "& strValue &" /T /E /G ""DOMAIN\Enterprise Admins"":F ""DOMAIN\Domain Admins"":F Administrators:F ""DOMAIN\PC Admins"":F", 0,false strValueName = "Personal" oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 'Wscript.Echo "Current My Documents Folder: " & strValue' objShell.Run "cacls "& strValue &" /T /E /G ""DOMAIN\Enterprise Admins"":F ""DOMAIN\Domain Admins"":F Administrators:F ""DOMAIN\PC Admins"":F", 0,false