The appropriate permissions must be configured on the ProfileUnity storage path in order for ProfileUnity to operate properly.
Home Share Permissions for Portability/ProfileDisk Without CAC
NTFS Permissions
The following table lists the recommended NTFS permissions for each user account for the storage path.
| User Account | Recommended Permissions | Folder |
|---|---|---|
| Administrator | Full Control | This folder, subfolders, and files |
| Authenticated User | Modify | This folder only |
| Creator/Owner | Modify | Subfolders and files only |
Alternatively, you can specify Everyone Full Control for testing purposes.
Share Permissions
The recommended share permissions for the storage path are Everyone Full Control.
Redirected or Home Folders
Additionally, the Microsoft Support article entitled, "How to dynamically create security-enhanced redirected folders or home folders," suggests using the following steps for configuring settings for security-enhanced redirected folders or home folders:
- Select a central location in your environment where you would like to store Folder Redirection, and then share this folder.
- Set Share Permissions for the Everyone group to Full Control.
- Use the following settings for NTFS Permissions:
- CREATOR OWNER—Full Control (Apply onto: Subfolders and Files Only)
- System—Full Control (Apply onto: This Folder, Subfolders and Files)
- Domain Admins—Full Control (Apply onto: This Folder, Subfolders and Files)
- Everyone—Create Folder/Append Data (Apply onto: This Folder Only)
- Everyone—List Folder/Read Data (Apply onto: This Folder Only)
- Everyone—Read Attributes (Apply onto: This Folder Only)
- Everyone—Traverse Folder/Execute File (Apply onto: This Folder Only)
- Pay attention when configuring the home directory or folder redirection policies. If you enable the setting to give the user exclusive access to the folder, you will override the inherited permissions and you will need to reset the ACL.
FlexApp DIA Share Permissions
NTFS Permissions
Listed below are the recommended to level NTFS permissions for the storage path.
| User Account | Recommended Permissions | Folder |
|---|---|---|
| Administrators, FlexApp Packaging Account(s) | Full Control | This folder, subfolders, and files |
| Authenticated User | Read and Execute | This folder, subfolders, and files |
Alternatively, you can specify Everyone Full Control for testing purposes.
Share Permissions
The recommended share permissions for the storage path are Everyone Full Control.
ProfileDisk Share Permissions With CAC and Secondary Logon Service Enabled
NTFS Permissions
Listed below are the recommended to level NTFS permissions for the storage path.
| User Account | Recommended Permissions | Folder |
|---|---|---|
| Administrators | Full Control | This folder, subfolders, and files |
| ProfileUnity As a Service Account | Full Control | This folder, subfolders, and files |
Share Permissions
The recommended share permissions for the storage path are Everyone Full Control.
ProfileDisk Share Permissions Secondary Logon Service Disabled
NTFS Permissions
Listed below are the recommended to level NTFS permissions for the storage path.
| User Account | Recommended Permissions | Folder |
|---|---|---|
| Administrators | Full Control | This folder, subfolders, and files |
| Domain Computers | Full Control | This folder, subfolders, and files |
Share Permissions
The recommended share permissions for the storage path are Everyone Full Control.
Console Service Account Permissions
| User Account | Recommended Permissions | Target |
|---|---|---|
| ProfileUnity Console Service Account | Full Control | Deployment Paths |
| ProfileUnity Console Service Account | Read Only Access | Active Directory, Users, Groups, OUs |
| ProfileUnity Console Service Account | Read Only Access | File shares for printers and importing shortcuts or registry keys. |
