I am using a combination of Home Folder and Folder Redirection:
Home Folder (set in profile tab of AD) = \\Server\User\%username%
Redirected My Documents (via Group Policy) = \\Server\User\%username%\My Documents
I am trying to set it so that both the user and administrators group have access to both the user's home folder and the redirected my documents. The problem is that the root directory \\server\users has to have full control for domain users to allow folder redirection to work. With that being the case the home folder created by AD when the user is created inherates the full control for all users. I can then limit exclusive access to the user for the redirected folder, but then admin can't get to it.
I am not using the same directory for both home and redirected my docs because I want to enable offline file access for my docs and save database files in the root of the home drive. If I use the same directory file sync fails.
Does anyone know how to setup the home folder and folder redirection to work so that it limits access to both to the user and admin group?