<div>
redirected folder permissions<br />
c:\share\user$<br />
Allow System Full control this folder,subfolders and files<br />
Allow Administrators Full control this folder only<br />
CREATOR OWNER Full control subfolders and files only<br />
Redirected Users Group This Folder ONLY
</div>


<div>
Thanks. <br />
<br />
In my setup, any idea of why a new user's security permission of his profile was not added when that profile was created
</div>


<div>
Also you can try to use profile management to configure the redirection, for more details <a href="http://www.carlstalhood.com/citrix-profile-management/" rel="ugc">http://www.carlstalhood.com/citrix-profile-management/</a>
</div>


<div>
Thanks. <br />
<br />
If I configured NTFS and security permission that way ( tried that before), as mentioned, everyone will be able to read everyone's profile which is not want we want. &nbsp;<br />
<br />
My share permission settings are same as what is in the article. &nbsp;In NTFS security permission setting, I only have granted the local USERS group (which contains the RDS users) to read-only to &quot;This Folder Only&quot;. This is because I do not want everybody to have access to everybody's profile. <br />
<br />
When a new profile is created, I expected to see the user's is granted Change right in NTFS permission.
</div>


<div>
David Johnson's answer is 100% correct. &nbsp;If you do it that way, then users will not be able to see the contents of other user's profiles. &nbsp;Be sure you only use the permissions that David specified. &nbsp;<br />
<br />
Personally, I tend to just use Authenticated Users instead of a specific user group. <br />
<br />
System:F<br />
Administrators: F (you can make it <i>This Folder Only</i> if you want.. I tend to leave it at full control -- (needed to make it easier to delete the profiles as needed).<br />
Authenticated Users:R, Add Folder/Append Data - <i>This Folder Only</i><br />
Creator Owner:F - <i>Subfolders and files only</i><br />
<br />
Coralon
</div>


<div>
not all of my users have roaming profiles. i.e. administrative and service accounts.
</div>


<div>
Thanks. &nbsp;<br />
<br />
If you dont mind, would you specify again on what exactly I need to add inside the below tags<br />
<br />
1. Sharing&gt;Advanced Sharing<br />
2. Security (NTFS)<br />
<br />
I currently have authentic users (f), system (f), domain admins (f) in 1 and I have system (f), administrators (f), creator owner (f), users (r - this folder only) in 2.
</div>


<div>
Have you checked share permissions?<br />
<br />
In general, when restricting access using NTFS permissions, I would give the EVERYONE group FULL access in Share Permissions (which that Citrix article doesn't mention).<br />
<br />
As this TechNet Article says:<br />

<blockquote>
If you want to manage folder access by using NTFS permissions exclusively, set share permissions to Full Control for the Everyone group. 
</blockquote>
<br />
<a href="https://technet.microsoft.com/en-us/library/cc754178(v=ws.11).aspx" rel="ugc">https://technet.microsoft.com/en-us/library/cc754178(v=ws.11).aspx</a>
</div>


<div>
<div class="content wysiwyg-content">
We have a Windows 2012 RDS environment. &nbsp;We redirect the user appdata and desktop to a centralized network share. &nbsp;<br />
<br />
A new user login to one of a RDS server, his new profile is created in the network share. &nbsp;When I inspect folder permission of his profile in the network share, I do not see he has access at all. &nbsp;Only administrator group. &nbsp;<br />
<br />
The local administrator group of that RDS server contains the domain admins group. &nbsp;The local USERS group of the server contains the domain user group. <br />
<br />
Under the security permission of the network share, I only grant the local USERS group to read only to &quot;This Folder Only&quot;. This is because I do not want everybody to have access to everybody's profile. <br />
<br />
Please advise if you know how to fix this or a better way to handle. &nbsp;<br />
<br />
Thanks a lot.
</div>
</div>


We have a Windows 2012 RDS environment.  We redirect the user appdata and desktop to a centralized network share.  

A new user login to one of a RDS server, his new profile is created in the network share.  When I inspect folder permission of his profile in the network share, I do not see he has access at all.  Only administrator group.  

The local administrator group of that RDS server contains the domain admins group.  The local USERS group of the server contains the domain user group. 

Under the security permission of the network share, I only grant the local USERS group to read only to "This Folder Only". This is because I do not want everybody to have access to everybody's profile. 

Please advise if you know how to fix this or a better way to handle.  

Thanks a lot.

roaming profile security permission issue.

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Windows Server 2012

Citrix is the synonym for the virtualization and application infrastructure systems developed by the company of the same name. Main areas are application virtualization, Software-As-A-Service (SaaS), cloud-computing and networking. The two most well-known are Citrix XenApp or Citrix CloudPlatform.