Hello everyone!

I am looking at configuring a fresh set of directories for user home folders & documents redirection. I have a few questions about the finer permissions of this process. In the past, I have always followed the Microsoft TechNet “Security Recommendations for Folder Redirection” guide (Security Recommendations for Folder Redirection: Group Policy). However, I have noticed that an increasing number of sources recommend “Read Attributes” and “Traverse Folder/Execute File” permissions for users at the root of the share, in addition to “Create Folder/Append Data” & “List Folder/Read Data”. I have also noticed a couple of sources recommending adding further permissions, such as “Read Extended Attributes” & “Read Permissions”. Which of these is the best option? What considerations are there for taking the various approaches?

Second of all, most sources indicate that “Creator Owner” should be given full control of subfolders and files from the root of the documents share. This should give users the ability to change ownership and permissions on their files – do they actually need full control or would modify permissions suffice?

Thanks in advance for any help with this issue.