Now I know some of what I am asking has been covered, but I am very new to Server 2008 (coming from Novell NetWare) and am trying to learn the permissions for the folder redirections. What I have/want is a folder structure as follows: D:\Users -Faculty -%username% -Desktop -My Documents -Application Data -Students -%username% -Desktop -My Documents I would like the base share to be \\Server\Users$ and each subfolder under that would be branched either by Faculty or Students followed by the %username% and then its subfolders. Now with this structure I want only Administrators and the user who is logged in to have access to the folders. I don't want User A to be able to view User B's directory. However as an Admin I want to be able to read and write into that folder. I have set in my GPO to redirect the folders listed in the structure under the username. In my attempts I have made it create the directories when the user logs in if they do not exist and I can read/write but so can every user in the domain. So I want to lock that down and need some help. With the structure I have, how do I get those permissions to be applied each time a new user is created without doing it manually?

Hello,use following GPO: Computer Configuration\Administrative Templates\System\ User Profiles and in the right pane choose "Add the Administrator security group to the roaming user profile share"Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

That doesn't answer my question. What happens is after a users folder is created in the \\Server\Users$\Students folder I can browse to that with any user account and get to all directories. I need to be able to have User A not access User B's folder in the \\Server\Users$\Students folder. I only want Administrators to see all folders and only the currently logged in user gets their own user directory. Applying the GPO doesn't solve everyone one else on the network from being denied access.

Hello,sorry misunderstood it. What are the NTFSpermissions on the folders and the share permissions?Also check this article:http://technet.microsoft.com/en-us/library/cc757013.aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Meinolf, You asked "What are the NTFSpermissions on the folders and the share permissions?", this is what I am trying to find out what they should be for my environment. I am new to the Windows Server platform and don't what the permissions should be to properly secure the directories. I just want to have my share folder be secure. I have a share at \\Server\Users$ and within that share I have a Faculty and a Students folder. Within the Faculty and Students folders is a folder automatically created by a GPO (I am assuming) if it doesn't exist for the current user or %username%. The folder structure created within the %username% folder contains Application Data, Desktop, My Documents and Favorites. Now I want to have it so when a user who is in the Student group logs in they can only get to the \\Server\Users$\Students\username wher username is their username and only their username. Same applies for Faculty members and access to only their folder within the Facutly folder. As for the Administrators group, I want them to be ablet o access all the Facutly user folders and Student user folders. I hope that is a little more clear. I just don't know what the Share/NTFS permissions shouls be for the folders/subfolders as I am very new and need some help.

Hello here is more detail steps for you:Make sure in the folder redirection GPO: select clear the Grant the user exclusive rights to My Documents check box and then follow the guidelines below: Log on as an administrator to the server that can host the user's redirected folders. Locate the top-level folder that can hold the user's redirected documents (for example, D:\Redirected, which is shared as \\Server\Redirected\) by using Windows Explorer. Right-click the folder, and then click Properties. Click the Security tab. Click Advanced. Click to clear the Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here. check box. When you are prompted to copy or remove permissions, click Remove. If the Administrators group is not present, click Add, type Administrators, and then click OK. Select the Administrators group, and then click Edit. Verify that the Full Control permission is set to Allow, and then click OK. Click Add, and add System and Creator Owner to the Permissions entries. Verify that the System and Creator Owner objects have the Full Control / Allow permission. Click Add, add Authenticated Users, and then set the following permissions to Allow: Create Folders / Append Data Read Permissions Read Attributes Read Extended Attributes

Hello,sorry for being so late. Isaac already pointed out the neededpermissions for the folder you have to create.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.