roaming profile security permission issue.
Posted on 2016-08-27
We have a Windows 2012 RDS environment. We redirect the user appdata and desktop to a centralized network share.
A new user login to one of a RDS server, his new profile is created in the network share. When I inspect folder permission of his profile in the network share, I do not see he has access at all. Only administrator group.
The local administrator group of that RDS server contains the domain admins group. The local USERS group of the server contains the domain user group.
Under the security permission of the network share, I only grant the local USERS group to read only to "This Folder Only". This is because I do not want everybody to have access to everybody's profile.
Please advise if you know how to fix this or a better way to handle.
Thanks a lot.