NTFS Permissions for root share that houses Home Directories Windows Server 2008 R2
I am using the AD Profile Tab to Auto create Home Directories at \\server\home
, so that the permissions are automatically created.
What should the NTFS permissions be for the actual folder that the home directories are created in (\\server\home
)?
Also, share permissions are always Everyone :: Full Access since I control actual access with NTFS permissions; is that the correct method?
Solution 1:
This is what I have in my favourites for reference:
http://blogs.technet.com/b/migreene/archive/2008/03/24/3019467.aspx
- CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
- System - Full Control (Apply onto: This Folder, Subfolders and Files)
- Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
- Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
- Everyone - List Folder/Read Data (Apply onto: This Folder Only)
- Everyone - Read Attributes (Apply onto: This Folder Only)
- Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)
It also recommends setting share permissions as:
- Everyone - Full Control
Solution 2:
It's documented here:
https://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx
Administrators: Full Control
System: Full Control
Creator Owner: Full Control
Authenticated Users: Read & Execute, List Folder Contents, Read
And you must further edit the ACE for Authenticated Users so that it only applies to This Folder Only.