Having created a Group Policy for TS roaming profiles (and home directories) and having set the appropriate NTFS permissions as said by MS, I find that, if there's a user that is smart enough to find the hidden share, the user can create his/her own directory in the profile directory. After the user has created this directory he/she has full access to that directory.
Is there a way to prevent this?
Share is hidden, but seen for every user that has a share to the home directory.
Another minor detail: All profile & home directories are made with the .domainname extended to it, why? The profiles & directories are all new, so it isnt a matter of corruption or transition.