Good job, Kent. Not sure I follow what you are trying to say with the OU path example, {AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE}. In my company, when we came up with an OU design, I designed the NetLogon folder structure to follow that same OU tree structure. We delegate rights to OU_Administrators to both their OU and matching folder in NetLogon and to make it simple, we setup a hidden share on their local DC to the NetLogon subfolder for admin access only. OU_Admins are free to choose whether to deploy legacy logon scripts and/or GPO scripts.
I recall from past discussions, that Startup scripts do have limited network access to NetLogon without fiddling with any perms.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
