I am currently testing the use of roaming profiles in our company and I am having some problems with the permissions which allows the users to see another uses profile.
Created a "PROFILES" folder on the root of our storage device and shared as "PROFILES$."
Created 3 test accounts in AD (server 2003) in their own "TEST" OU.
Created a global security group called "Roaming Profiles" which the 3 users are members as well as domain admins group.
PROFILES$ share permissions are set to 'everyone' Change & Read
PROFILES$ NTFS 'everyone' read&execute, list folder contents, read. The 'Roaming Profiles' group has Full Control. Both apply to This folder, subfolders and files.
Enabled the GPO "Add the Administrators security group to roaming user profiles" under COMPUTER-POLICIES-ADMINISTRATIVE TEMPLATES-SYSTEM-USER PROFILES. Assigned and enabled on the "TEST" OU.
Logged on/off as each user to create their roaming user profile folder.
When I browse \\server\PROFILES$\ from any of the logged on test accounts I can browse any of the other 2 available test accounts.
The system created test user profile folder for each user has the following security permissions:
test user - full control
server\administrators - full control
system - full control
The NTFS persmissions show the same three accounts and apply to This folder, subfolders and files.
NTFS permissions always throw me for a loop, but I would figure that server would be smart enough to lock down the profile folders unless I configured PROFILES$ share incorrectly and inheritence is messing everything up.
Thanks for the help.