I have a Windows Server 2008 Terminal Server and a separate Windows 2008 File Server. The User Profile and Home directories are specified in the Server Group Policy to a DFS share that is on the File Server. When the user logs into the Terminal Server for the first time, it creates the profile and home directory for the user only if the folder parent Home and Profile folders on the file server have create folder permissions for Authenticated Users. I don't want the user to be able to create files/folders at the root home and profile folder level. What account is used by the server to create the user profile and home directories?
The parent folders "Homes" and "Profiles" have the following security settings
SYSTEM - Full
Domain Admins - Full
Administrators (on local file server) - Full
CREATE OWNER - Full on SubFolders and Files
Domain Users - Read Permissions, Read Attributes, List Folder -
--User Home directory location
--Roaming Profile location
If I also set
Authenticated Users - Create Folder (This Folder Only)
The directories are created fine when the user logs into the Terminal Server but the user also has the ability to create other folders/files in their home root folder which I don't want
What account is the Windows Server 2008 using to create the user home/profile folders so I can specifically assign the create folder permissions to this account and not the users?
Thanks in advance for any help