I'm having an issue setting up roaming profiles in Windows Server 2008 R2. The roaming profile is not being created on login/logoff with the user and they constantly have a temporary profile. I have the following permissions set on the folder:
Share Name: profiles$
Permissions:
Authenticated Users - Full
Administrators - Full
SYSTEM - Full
NTFS Settings:
CREATOR OWNER - Full,
SYSTEM - Full,
Administrators - Full,
Authenticated Users - Traverse folder/Execute,
List Contents, Read Permissions
This is how I used to set this up in Server 2003 and I never had an issue like this, but since then MS has changed the wording on some of the permissions settings so I may be overlooking something. I can temporarily fix the problem by just adding the Everyone = Full permission on the NTFS settings, but that is not a solution. Any suggestions?
Update:
I used the guide that was provided below and the profile directory is now being created when the user logs in for the first time, but the profile is never written to it when the user logs off.
Best Answer
If you have Authenticated Users = Full in shared, you don't need any of the others.
Your NTFS permissions have no way for a normal user to create their home folder. As such, you'll have to create the folder yourself. The best way to do this is to create all the home folders, and use chown to set the owner to them. That way they own the folder and you can use the Creater Owner security object to set permissions appropriately.
I highly suggest that Creater Owner does not get Full Control, as this will also allow the users to muck with the permissions of their home folder, something they should never need to do.
The alternative is to grant the "Create Folders" permission on the Profiles folder, and set it to apply to "This folder only". This will allow the users to create the folder, but it will only apply to that single folder. This will also allow any user to create any arbitrary folder.
The permission you have in the question would not have worked on Server 2003. Permissions are almost identical between 2003/2008/2008R2.