User profiles folder and ntfs and share permissions best practices "Windows 2000 server"
Posted on 2004-07-30
For a Windows 2000 server.
This is really a multipart question.
First: What are the best practices setup of permissions for shared folders, specifically profiles.
To begin with, if I have my profiles folder on drive d:, I won't have the root of d: shared except for the administrative share d$. In the root I remove the everyone full access ntfs permissions and make sure that administrator and system have full access. Should I also include backup and service full access? Any other full access. Am I missing anything important?
SIDE NOTE: I had learned the hard way that the system account needed full access to the d drive root because my Active Directory info was in the D and only had administrators full access the system would not load windows.
Now I create a profiles folder with NTFS permissions to administrators full access, authenticated users full access, backup account full access and Share permissions full access to everyone.
Is this correct so far or is there a more appropriate method?
Next: When I look at the profiles on my server most of them say 0 bytes or you only have permission to view the info, something to that effect. If I take ownership of the folder, then I can see the contents etc. What is going on here, is that normal? Please explain the theory and real world concepts.