A earlier question links to this Microsoft document about roaming profile permissions. I want to know if you can lock the permissions down even further then what is recommended. Do I really have to give users full control? A couple comments in the earlier question suggested that Microsoft was being more generous with access then what was really needed.
Asked
Active
Viewed 346 times
2 Answers
2
I can't comment on 2K8 but on prior versions my users never have full control and have never experienced an issue because of it.
John Gardeniers
- 27,262
- 12
- 53
- 108
1
Users need "change" permissions on the roaming profile folders located on the file server.
Change permissions are defined like this:
FILE_LIST_DIRECTORY | FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA | FILE_TRAVERSE | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES | READ_CONTROL | DELETE
Helge Klein
- 2,031
- 1
- 15
- 22