Profile Folder Permissions on Server 2003

0 Votes

Profile Folder Permissions on Server 2003

We have a folder named Profiles on our 2003 Server R2 where our domain users'
profile info (subfolder for each user) is stored.

Currently, it appears that any domain user can browse to any of the profile folders like \\server\profiles\bobsmith and have read only access to Bob Smith's profile folder.

This can't be right, and must have been misconfigured, yes?

The current security permissions settings are as follows for a typical User Profile folder like bobsmith:

Administrators (Domainname\Administrators) has full permissions. (inherited from D:\)

Creator Owner has Special Permissions. (inherited from D:\)

System has full permissions, no special. (inherited from D:\)

Users (Domainname\Users) has Read & Execute, List Folder Contents, and Read. (inherited from D:\)

Bobsmith@domain.local is not listed in the Security Tab at all.

What permissions settings need to be changed for each user subfolder (or the main Profiles folder) so that this be locked down properly with the standard set of permissions for each User's profile folder?

For that matter, the only "share" is on the main Profiles folder, and it is shared for "Everyone" with full control. Does this need changing?

Thanks for any feedback!


P.S. The main Profile folder has similar permissions to the subfolders -- (inherited from D:\).