Profile Folder Permissions on Server 2003

By Dennisfp ·
We have a folder named Profiles on our 2003 Server R2 where our domain users'
profile info (subfolder for each user) is stored.

Currently, it appears that any domain user can browse to any of the profile folders like \\server\profiles\bobsmith and have read only access to Bob Smith's profile folder.

This can't be right, and must have been misconfigured, yes?

The current security permissions settings are as follows for a typical User Profile folder like bobsmith:

Administrators (Domainname\Administrators) has full permissions. (inherited from \)

Creator Owner has Special Permissions. (inherited from \)

System has full permissions, no special. (inherited from \)

Users (Domainname\Users) has Read & Execute, List Folder Contents, and Read. (inherited from \)

Bobsmith@domain.local is not listed in the Security Tab at all.

What permissions settings need to be changed for each user subfolder (or the main Profiles folder) so that this be locked down properly with the standard set of permissions for each User's profile folder?

For that matter, the only "share" is on the main Profiles folder, and it is shared for "Everyone" with full control. Does this need changing?

Thanks for any feedback!


P.S. The main Profile folder has similar permissions to the subfolders -- (inherited from \).

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

permissions propagating

by mike.walker In reply to Profile Folder Permission ...

Users (Domainname\Users) has Read & Execute, List Folder Contents, and Read. (inherited from \)

If this inherits to all the subfolders as well, then anyone in Users has access to read every folder.

Try this: "Security Recommendations for Roaming User Profiles Shared Folders"**31-78924af776551033.mspx?mfr=true

Related Discussions

Related Forums