From 734dee75f7394adf47dbf725e8a95e1f3faefcd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Breuer?= <andre.breuer@ndaal.eu>
Date: Tue, 24 Sep 2024 08:15:39 +0200
Subject: [PATCH] Fix file ownership issue.

---
 sos-stig-compliant-domain-prep.ps1 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sos-stig-compliant-domain-prep.ps1 b/sos-stig-compliant-domain-prep.ps1
index e3f38ce..4a8d91c 100644
--- a/sos-stig-compliant-domain-prep.ps1
+++ b/sos-stig-compliant-domain-prep.ps1
@@ -21,6 +21,7 @@ try {
     # Take ownership of the PolicyDefinitions folder and grant full control to Administrators
     takeown /f "$policyDefinitionsDestination" /r /a /d y | Out-Null
     icacls "$policyDefinitionsDestination" /grant "Administrators:(OI)(CI)F" /t | Out-Null
+    icacls "$policyDefinitionsDestination" /grant "Administrators:F" /t | Out-Null
     # Copy the files to the PolicyDefinitions folder
     Copy-Item -Path "$policyDefinitionsSource\*" -Destination $policyDefinitionsDestination -Force -Recurse -ErrorAction Stop
     # Get all SYSVOL paths
@@ -58,19 +59,19 @@ function Import-GPOs {
             $gpoFiles = Get-ChildItem -Path $gpoCategoryDir.FullName -Directory
 
             Write-Output "Importing GPOs from $($gpoFiles.FullName)"
-    
+
             # Check if any GPO files were found
             if ($null -eq $gpoFiles) {
                 Write-Warning "No GPO files found in $($gpoFiles.FullName)"
                 continue
             }
-    
+
             foreach ($gpoFile in $gpoFiles) {
                 $gpoPath = $gpoFile.FullName
                 $gpoName = $gpoFile.BaseName
                 Write-Output "Importing $gpoName"
                 New-GPO -Name $gpoName -Comment "Created by simeononsecurity.ch"
-    
+
                 try {
                     Import-GPO -BackupGpoName $gpoName -Path $gpoPath -TargetName $gpoName -CreateIfNeeded -ErrorAction Stop
                 }