I'm reconfiguring roaming profiles on my network to use proper NTFS security settings according to this article. I have reset the following permissions on the roaming profile parent folder:
CREATOR OWNER, Full Control, Subfolder and files only
User group with profiles, List folder, Create folders, This folder only
System, Full Control, This folder, subfolders, and files
Then I select one of the actual roaming profile folders and follow these steps to fix the NTFS settings:
Click Security, Advanced
Uncheck "Allow inheritable permissions..."
Choose "Remove..."
Recheck "Allow inheritable permissions..."
Click "Apply"
After I choose apply, I get the following permissions listed on the roaming profile folder:
Administrators (MYDOMAIN\Administrators) Full Control, This folder only
CREATOR OWNER, Full Control, Subfolders and files only
System, Full Control, This folder, subfolders, and files
Where is the Administrators entry coming from!? There is an entry on the root of the drive for Administrators to have full control, but the Roaming Profile Parent folder is not set to inherit any permissions, and it does not have the administrators permission.