Follow

What are necessary NTFS Permissions on user's home directory? (Storage Path)

Product: ProfileUnity-FlexApp

Product Version: All

Expires on: 365 days from publish date

Updated: March 13, 2019


Problem:
I need to create storage path and I don't know what permissions to set on the folder for my users.
Symptoms:
n/a
Possible Resolution(s):

ProfileUnity needs the appropriate permissions configured on the storage path for proper operation.

Share Permissions:

The recommended share permissions for the storage path are Everyone Full Control.

Example of Share permissions:

NTFS Permissions:

  • User Account: Administrators (Local Administrators)
    • Recommended Permissions: Full Control
    • Folder: This folder, Subfolders, and files
  • User Account: Domain Admins (Optional)
    • Recommended Permissions: Full Control
    • Folder: This folder, Subfolders, and files
  • User Account: SYSTEM
    • Recommended Permissions: Full Control
    • Folder: This folder, Subfolders, and files
  • User Account: Authenticated Users
    • Recommended Permissions:
      • Traverse Folder/execute file
      • List folder/read data
      • Read Attributes
      • Create folders/append data
    • Folder: This folder only
  • User Account: CREATOR OWNER
    • Recommended Permissions: Full Control
    • Folder: Subfolders and files only

Examples of NTFS Permissions:

Share Permissions Summary:

CREATOR OWNER Special Permissions for "Subfolders and files only":

 

Authenticated Users Special Permissions for "This folder only" 

 

FYI, Microsoft recommendation for home shares/redirected folders:

http://support.microsoft.com/kb/274443

Note: Microsoft is using "Everyone" as we used in our example "Authenticated Users" to grant same permissions to the share. 

Steps:

  1. Select a central location in your environment where you would like to store Folder Redirection, and then share this folder.
  2. Set Share Permissions for the Everyone group to Full Control.
  3. Use the following settings for NTFS Permissions:
  • CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
  • System - Full Control (Apply onto: This Folder, Subfolders and Files)
  • Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)
  • Everyone - Create Folder/Append Data (Apply onto: This Folder Only)
  • Everyone - List Folder/Read Data (Apply onto: This Folder Only)
  • Everyone - Read Attributes (Apply onto: This Folder Only)
  • Everyone - Traverse Folder/Execute File (Apply onto: This Folder Only)

If using older Netapp Filer systems:

You have to set the “options cifs.smb2.enable on” previously it could be turned off and only using  using smb version 1.

Note: For more information refer to: ProfileUnity Installation Guide.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.