Where do I restrict the permissions on local copies of roaming profiles folders that will be created in the future?
I have SBS2003 and approx ten WinXP Pro Clients, folder redirection and roaming profiles are both on.
So user X goes to user Y's workstation, logs on with his account x and then logs off.
Now user Y logs on his workstation with his account y and has reading rights to the profile from account x now on his drive under C:/Documents and Settings/UserXaccount
The folder on the server which holds the profiles have really tight permissions, not event the SBS2003 administrator can access it, though it backups and restores nicely from backup.
So the permissions from the server doesn't transmit nicely to the workstations. A local admin will always have the possiblity to take ownership of the files, I can live with that, I need my users to be local admins unfortunately.
Where do I restrict the permissions on local copies of romaing profiles folders that will be created in the future?