Change is realistically all that is needed. You can give them all but FC with no real harm.
Rick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Patrick.Jackson > Sent: Thursday, July 04, 2002 2:04 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] folder permissions > > > Thanks for the your response Rick, > > When you say Share permissions - authenticated users - change > does that > include the read permission as well? Or just the change permission? > > Thanks again. > > I must say I have only been getting emails for about a week > now, but find the people very friendly and helpful. > > Good to know..... > > -----Original Message----- > From: Rick Kingslan [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 04, 2002 11:29 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] folder permissions > > > Peter, > > We've implemented roaming profiles for some of our users and > have set up the share as such: > > Share permissions: Authenticated Users - Change > > By default, as I'm sure you know, it's Everyone - Full control. > > Your profile path should read > \\<youservername>\<profilepath>\%username% > > Her's where you need to exercise some caution. If you allow > the profile path to be automatically created, then the user > will be the only one that will have read and modify access to > the folder. In fact Admins and Domain Admins by default, > will have no rights. > > Do yourself a favor - setup permissions up front on the > folders. Give the user READ and MODIFY (effectively, > everything BUT full control) and give the Domain Admins group > minimally READ and MODIFY. I give our Domain Admin group > full control, but I have an upper management that backs our > group in the view that the company owns the data - not the > user. This is not a currently very popular belief. > > If you don't do it this way, you willhave to go back as a > Domain Admin group member and take ownership of the folder > the first time a user needs help with their stuff. > > Good luck! > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > Microsoft Certified Trainer > MCSA, MCSE+I - Windows NT / 2000 > > "Any sufficiently advanced technology > is indistinguishable from magic." > --- Arthur C. Clarke > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of > > Patrick.Jackson > > Sent: Thursday, July 04, 2002 10:52 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] folder permissions > > > > > > > > Good Morning, > > > > We are setting up AD in our Domain and will be using roaming > > profiles. I am trying to find a good document that outlines > > the permissions (share and > > ntfs) that should exist on the folder structure, especially > > the share on the main folder ie users and then the %username > > folder. > > > > Any help would be appreciated. > > > > Thank you > > > > > > Patrick Jackson > > [EMAIL PROTECTED] > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
