Hi,
Help me please to understand rights assignment to non-Windows shares in Windows domain.
Let me explain the situation.
1. We want to deploy Roaming profiles with Folder redirection.
2. We bought two network access storages (called QNAP) to set it up in two different datacenters and enable replication between its.
3. On both storages (nas1.domain.local, nas2.domain.local), I have created a share namedprofiles$ and enabled Windows ACL.
4. On both storages, I set share permissions on profiles$ as shown:
- nas1(or nas2, accordingly to dns name)\admin - read\write;
- DOMAIN\domain users - read write;
and NTFS permissions:
- NAS1\admin - full access - only for this folder;
- DOMAIN\Test Roaming profile users (this is a security group for testing purposes, which have 1 member DOMAIN\user01) - list folders/read data, create folders/append data - only for this folder;
- DOMAIN1\Nas Content Managers - full control - only for this folder;
- NAS1\system - full control - for this folder, subfolders and files;
- NAS1\CREATOR OWNER - full control - only for subfolders and files.
(as this is described in http://technet.microsoft.com/ru-ru/library/jj649079.aspx article)
5. On DC, I have a DFS namespace named \\domain.local\$\. I have added to this namespace a folderprofiles with two targets, \\nas1\userprofiles$ and \\nas2\userprofiles$. Options "Exclude targets outside of the client's site" and "Clients fall back to preffered targets" are enabled.
6. I have created Group Policy naming "Test Roaming Profiles with Folder redirection", in it's preferences, I set AppData, Documents and Desktop folder redirection to\\domain\$\profiles, selected an option "Create separate folder for each user". I set security option of this GPO to my test group, "Test Roaming profile users".
7. I logged on my domain PC under DOMAIN\user01 account, said gpupdate /force, and reboot.
8. In event log, there are messages from Folder Redirection and User profile service:
"Unable to create folder "domain\$\profiles\user01\desktop". Access denied" etc.
Which permissions should I set?