Horizon Persona Management and Windows roaming profiles require a specific minimum level of permissions on the user profile repository. Horizon Persona Management also requires that the security group of the users who put data on the shared folder must have read attributes on the share.

Set the required access permissions on your user profile repository and redirected folder share.

Table 1. Minimum NTFS Permissions Required for the User Profile Repository and Redirected Folder Share

User Account

Minimum Permissions Required

Creator Owner

Full Control, Subfolders and Files Only

Administrator

None. Instead, enable the Windows group policy setting, Add the Administrators security group to the roaming user profiles. In the Group Policy Object Editor, this policy setting is located in Computer Configuration\Administrative Templates\System\User Profiles\.

Security group of users needing to put data on share

List Folder/Read Data, Create Folders/Append Data, Read Attributes - This Folder Only

Everyone

No permissions

Local System

Full Control, This Folder, Subfolders and Files

Table 2. Share Level (SMB) Permissions Required for User Profile Repository and Redirected Folder Share

User Account

Default Permissions

Minimum Permissions Required

Everyone

Read only

No permissions

Security group of users needing to put data on share

N/A

Full Control

For information about roaming user profiles security, see the Microsoft TechNet topic, Security Recommendations for Roaming User Profiles Shared Folders. http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx