Question : Folder redirection permission question

Im playing with a test Windows Server 2003 domain controller with romaing profiles and folder redirection. I have a folder C:\Users\username where it stores the desktop and my documents contents etc. How do I set the permissions so that the users can only see whats in their folder when they browse the network? If I take permissions off of the Users folder then the files dont get copied to thier username folder. But if I leave permissions as is on the Users folder then they can see each others files.

Do I have to go to each username folder and change the permissions so that only that particular user can see his files? I would think you can do it all at once.

Answer : Folder redirection permission question

When you create home folders or profile folders through AD Users and Computers in the properties of the user, the permissions are automatically set for you so that the user owns the folder and has full rights, but no one else has any rights to that folder.  If you created the folders manually yourself, you would have to set these permissions manually as well.  

If you are using the folders for any kind of redirection (of My Documents for example), then the user MUST be the owner of the folder.  If you take ownership as Administrator so that you can change the security settings, then you have to set the ownership back to the user after you've made your changes so that the folder redirection will work properly.

When you set the user's home folder in the AD user properties, this folder is automatically mapped as the root of whatever drive letter you set as the home drive.  So, the easiest way to create a set of folders where the user can see only the contents of his/her own folder and cannot even see anyone else's folder is to make that folder the user's home folder.  Otherwise, you would have to share each user's folder separately and create a separate mapping to that folder.  That's the only way to make it so that other users can't even see the other folders at the same level.

Roaming profile folders, OTOH, are usually in a common shared folder, which means that other users can see all of the folders but they can only actually open and browse inside their own folder.

Hope this helps!