I am not sure when this actually started, but I am seeing the issue on all the current macOS. I suspect it may be one of the rapid security releases.
The issue I am seeing is this. I have an Automator file that helps students connect to a server share where the students can share large files with their instructors. Another set of files are preferences for various applications. Historically, I have used the User Template to make sure all new users get these files in the various labs that use them. We use Active Directory user accounts for all users on our district computers. Also, our lab computers clear out any student accounts upon restarting as their user accounts can fill up a hard drive in less than a week. What is happening is the file permissions are getting set incorrectly, which is making the files not usable by users.
So I have a policy that deploys these files that I have created in Composer and have the FEU and FUT boxes checked. When the policy runs, existing accounts (locally created accounts, as well as any AD accounts that might be already on the computer) get the files with proper permissions applied. The problem happens with new users, the permissions for all of these files are incorrect when copied over to the new user folder. All these files are in the User Template (all locations) with the correct permissions. When they are copied over to the new folder, the permissions on these files change to the user having rw and everyone having custom. This renders the file unusable. I have no idea why this is happening and have been scratching my head trying to get around this. The files should have user as rw, admin as r, and everyone as r. Anyone else seeing this? Any clean way to get around it?
