Last week a windows admin asked if I knew what the permissions should be for the root level share of home directories or redirected folders. It has been a few years since I looked this up and I wanted to be certain I had all necessary ACLs, so I committed to researching the question and posting what I found to my blog.
I knew this KB article existed but it is not terribly easy to find since you have to search for "folder redirection" instead of "home directory". This includes the full description for the root ACL.
These are the two steps I was most interested in finding:
2. Set Share Permissions for the Everyone group to Full Control.
3. Use the following settings for NTFS Permissions:
Pay attention when configuring the home directory or folder redirection policies. If you enable the setting to give the user exclusive access to the folder, you will override the inherited permissions and need to reset the ACL.
: Failed to apply policy and redirect folder "RoamingAppData" to "C:\Users\administrator.PQNET\AppData\Roaming".