****
*
*
*
*







*
*
                                      
*
*
Windows Server



    

NTFS and Share Permissions Needed for User Home Directories, Roaming Profiles, and Folder Redirection.    

*
*

*
*

NTFS and Share Permissions Needed for User Home Directories, Roaming Profiles, and Folder Redirection.



Apr
13

NTFS and Share Permissions Needed for User Home Directories, Roaming Profiles, and Folder Redirection.

 

NTFS and Share Permissions Needed Roaming Profiles and Folder Redirection - SOX040906700033

 

NTFS and Share Permissions Needed for User Home Directories, Roaming Profiles, and Folder Redirection.

Number         :           SOX040906700033

 

TITLE: NTFS and Share Permissions Needed for User Home Directories, Roaming Profiles, and Folder Redirection.

 

Problem: Windows 2000 Server

 

ID: SOX040906700033 CRT: Sep 6 2004 MOD: Sep 6 2004

 

Problem Description

Customer wanted to configure:

 

User Home Directories, Roaming Profiles, and do Folder Redirection of (Application

Data, Desktop, My Documents, and Start Menu)

 

I have had several customers and engineers ask me about the proper configuration to have the system and user to be able to self-create all the proper directory structures instead of the Administrators create and manually configure the NTFS permissions.

 

 

 

Resolution:

 

Here are the Share and NTFS Permissions needed on the File Server Shares:

 

NOTE: The $ symbol should be used to hide the existence of the share.

------------------------------------------------------------------------------------

------------------------------------------------------------------

User Home Share Configuration:

-------------------------------------------------

Here are the Share and NTFS Permissions needed for Home Directories:

a. The Share permissions (Sharing Tab): Share Named: <HOME>$

Administrators: Full Control

System: Full Control

Authenticated Users: Full Control

b. Offline file caching of the <HOME> share needs to be turned on. On the Sharing Tab, click on the "Offline Settings", then select "Only the files and programs that users specify will be available offline".

Click OK

c. NTFS Folder Permissions (Security Tab): Turn off inheritance on the Folder named <HOME>, and copy the permissions. (Uncheck "Allow inheritable permissions to propagate to this object")

Administrators: Full Control

System: Full Control

Creator Owner: Full Control

Authenticated Users: Read & Execute, List Folder Contents, Read

d. On the NTFS Folder Permissions Click the Advanced Button. Then highlight Authenticated Users, Select View/Edit

e. On the Permissions Entry for <HOME>, "the Apply onto" change to: "This folder

only"

f. Click OK

g. Click OK again.

 

------------------------------------------------------------------------------------

------------------------------------------------------------------

 

Roaming Profile Share and NTFS Permissions:

------------------------------------------------------------------------

a. The Share permissions (Sharing Tab): Share Named: <PROFILE>$

Administrators: Full Control

System: Full Control

Authenticated Users: Full Control

b. Offline file caching of the <Profile> share needs to be turned off. On the Sharing Tab, click on the "Offline Settings", then select "Files or programs from the share will not be available offline".

Click OK

c. NTFS Folder Permissions (Security Tab): Turn off inheritance on the Folder named <PROFILE>, and copy the permissions. (Uncheck "Allow inheritable permissions to propagate to this object")

Administrators: Full Control

System: Full Control

Creator Owner: Full Control

Authenticated Users: Modify,Read & Execute, List Folder Contents, Read, Write

d. On the NTFS Folder Permissions Click the Advanced Button. Then highlight Authenticated Users, Select View/Edit

e. On the Permissions Entry for <PROFILE>, the "Apply onto" change to: "This folder only"

f. Click OK

g. Click OK again.

 

------------------------------------------------------------------------------------

------------------------------------------------------------------

 

Folder Redirection Share and NTFS Permissions: (In Best Case scenarios this should be the users Home Directory with a Directory for each Folder that is Redirected. But in case this is not here are the permissions needed)

----------------------------------------------------------------------------

a. The Share permissions (Sharing Tab): Share Named: <FOLDER_REDIR>$

Administrators: Full Control

System: Full Control

Everyone: Full Control

b. Offline file caching of the <FOLDER_REDIR>$ share needs to be turned on. On the Sharing Tab, click on the "Offline Settings", then select "Only the files and programs that users specify will be available offline".

Click OK

c. NTFS Folder Permissions (Security Tab): Turn off inheritance on the Folder named <FOLDER_REDIR>, and copy the permissions. (Uncheck "Allow inheritable permissions to propagate to this object")

Administrators: Full Control

System: Full Control

Creator Owner: Full Control

Everyone: Read & Execute, List Folder Contents, Read

d. On the NTFS Folder Permissions Click the Advanced Button. Then highlight Everyone, Select View/Edit

e. On the Permissions Entry for <FOLDER_REDIR>, the "Apply onto" change to: "This folder only"

f. Click OK

g. Click OK again.

 

h. In the Group Policy Management Console, we need to edited the <Group Policy> and changed Folder Redirection for:

Application Data = \\<ServerName>\<FOLDER_REDIR>$\%UserName%\Application Data

Desktop = \\<ServerName>\<FOLDER_REDIR>$\%UserName%\Desktop

My Documents = \\<ServerName>\<FOLDER_REDIR>$\%UserName%\My Documents

Start Menu = \\<ServerName>\<FOLDER_REDIR>$\%UserName%\Start Menu

On each Folder Redirection we went into the Settings Tab, and unchecked: "Grant the user exclusive rights to"

 

Here is an article that discusses this:

 

291087 Event ID 101 and Event ID 1000 Messages May Be Displayed When Folder

http://support.microsoft.com/?id=291087

Here is an article that discusses the permissions needed:

274443 How to dynamically create security-enhanced redirected folders by using

http://support.microsoft.com/?id=274443

Keywords: How to create shares for User Home Directory, Roaming profile

 

 

This article was as taken from Microsoft Knowledge Base.

If you find this article helpful then please share it with others.

We appreciate you saying a Thank You message in the comments if the article helped you.

 

For any further queries, please ask questions in the support forum here: http://www.skar.us/forum/

 

 

 

 

 



No TrackBacks

TrackBack URL: http://www.skar.us/site/mt-tb.cgi/3121

Leave a comment








*
*

administrator
Author Bio          ★★★★★

Author Name:         administrator
Author Location:    India
Author Rank:          Writer
Author Status:        
The Green leave stands!!


*
*
*
*
****



*****



    Desktop
  • eBooks
  • Games
  • Softwares
  • Tools
  • Tweaks
  • Wallpapers
  • Warez
    PDA
  • Games
  • Tools
  • Wallpapers
    System Administration
  • dll Center
  • Scripts
  • Tools
  • .extensions database
  • Write-up
    more...
  • Download Database
  • Jobs
  • Lists
  • Polls
  • Glossary

01000011 01110010 01100001 01100011 01101011 01111010 01101000 01100001 01100011 01101011