Solved

What permissions are necessary on the Roaming Profile Folder?

Posted on 2013-05-21
7
335 Views
Last Modified: 2014-07-28
I am having to set up my Roaming Profile folder manually as this is not automated in SBS2011.  I appear to have got as far as the folder being created but when you log into the share as the user, they can view all other profiles - this is not right.

I have followed this article - http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx

But this did not help create the folder.  

I followed another article which suggested adding Authenticated Users, I am not sure if this is what helped create the folder.  What I need is somebody who has this working in their environment to tell me what permissions they have on both the share and the folder.  Unfortunately, articles are not helping me.
0
Comment
Question by:fuzzyfreak
  • 5
  • 2
7 Comments
 
LVL 5

Expert Comment

by:Robert_Turner
ID: 39184203
I presume you have setup a new share for this purpose, something along the lines of \\Server\Profiles

Users should have the permissions to be able to view the folder with the profiles in, that is a requirement, or the desktop will not be able to see the folders, the permissions should let the user in question have the permission to work with that folder and subfolders.

The articles are correct and they are the permissions you should use, although I tend to from this article for reference.

http://technet.microsoft.com/en-us/library/cc757013(v=ws.10).aspx

If the folders are created allready, you may have to manually make the user the owner of that folder, as the permissions as designed to the Creator/Owner full control of subfolders, in the profile share, that they are creator or owner of.
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 39184537
First thing I should point out is that my profile folder sits beneath the Users folder. This folder has no permissions associated to it, however it is where my folder redirections are too and these work perfectly.  Having checked that I do indeed have the permissions stated in that article, it is still not working.  The Event Viewer states Access Denied and if you try to create a file on the share from the user's login, you can't.
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 39184568
The problem with table 7.8 is the part that says "Security group of users needing to put data on share" - it is not specific - what permissions should the share have?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 4

Author Comment

by:fuzzyfreak
ID: 39187063
Has anybody got any more ideas on this as I am now reverting back to giving Domain Users read/write/create permissions on the profile folder to resolve this, thus giving them the ability to view/change any folder within the profile folder - not good security practice.
0
 
LVL 5

Expert Comment

by:Robert_Turner
ID: 39244209
You say your existing user folder has no permission on it, have you forced through the permissions so that the subfolders use inheritance.  You may have to force ownership on each subfolder to each user to sort the permissions out, as typically the permissions would be assigned when the user is created.
0
 
LVL 4

Accepted Solution

by:
fuzzyfreak earned 0 total points
ID: 39244909
I think I sussed this out -

Top level profile folder needs the following security -

Domain Users - traverse, list, read, read extended, create files, create folders, write attributes, write extended
Domain Admins/system/creator owner - full control

Individual user profile folder -
User/system/domain admins - full control

User profile share -
Domain admins full control
Domain users change

Still needs tidying up but this seemed to work.
0
 
LVL 4

Author Closing Comment

by:fuzzyfreak
ID: 40223700
I worked this out myself.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now