Hi everyone,
we would like to store the roaming user profiles on a NAS share and delegate profile managment to a non-admin AD group.
Current configuration:
1. NAS device member of AD
2. Share and ACL permissions properly configured according the MS best practice guide
3. GPO configured to grant local Administrators group MODIFY access on all profiles
4. GPO "Do not check for user ownership of Roaming Profile Folders" in place
The user profiles gets created. SYSTEM, NAS_device\Administrators and respective user have FULL/MODIFY permissons on the user profile.
We would like to delegate the user profile administration to an AD group which is NOT admin on the NAS device and therefore not member of the local Administrators group which has MODIFY access on all profiles.
Any idea how this could be achieved?
Thank you.
Best Regards,
Thomas