Solved

Profile Security Permissons on Server 2008 for Folder Sync/Roaming

Posted on 2011-03-22
1
558 Views
Last Modified: 2012-05-11
Hey everyone,

I've recently setup a new DC with roaming profiles & folder synchronization (through group policy).

Everything is working great, when a new user logs in, it generates everything right away.. and I have it going to the following location .... \\SERVER1\Profiles\user

The only problem is, all the users are able to see eachothers Desktop, Documents, Favorites, etc...

Right now the seucirty is set to Everyone, it's the only way I could get it to work and write the permissions to all the files.. I tried going individually and changing each user folder with full access to their corresponding user name, and it didn't work..

On the Profiles (parent) folder here is what the security is set to presently..

Creator Owner > Subfolders and Files only
Authenticated Users > This folder only
Everyone > Full
SYSTEM > Full
Administrator > Full
Domain Admins > Full

What do I need to change it to so they can only view their personal folders? Will I need to go to each user folder and set it manually?
0
Comment
Question by:barbs1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 250 total points
ID: 35195161

1.  I would create a security group for users that have profiles in profiles folder and then limit access to just these users.

NTFS PERMISSIONS for parent folder should be:

Creator Owner -Full Control, Subfolders and Files Only
 Administrator-None
Security group of users needing to put data on share-List Folder/Read Data, Create Folders/Append Data - This Folder Only
Everyone-No permissions
Local System-Full Control, This Folder, Subfolders and Files

Share-Level Permissions should be:

Everyone-no permissions  
 
Security group of users needing to put data on share-Full Control
 
----

NTFS PERMISSIONS FOR EACH USER'S ROAMING PROFILE FOLDER

%username&-Full control, owner of folder
local system - full control
Administrators- no permissions ( this is the default unless the "Add the Administrator security group to the roaming user profile share) policy setting is set in which case administrators has full control
Everyone-no permissions

Security reccommendations for roaming user profiles shared folders
http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx
 
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question