Which minimum Share & NTFS permissions do you need for the use of Offline Files and Folder Redirection in Windows 2008 / 2008 R2

In Microsoft Windows Server 2008 and Windows Server 2008 R2, as an administrator, you can share Folders which can be mapped as Network Drives on a Windows Vista or a Windows 7 Client.

Also you can customize desktops by using Folder Redirection.

Those mapped Drives you can make available offline by using the Offline Files Feature. You can configure the Offline Files Feature via GPO or manually:

You can find more Information how to configure the offline Files Feature by searching the Microsoft TechNet.

You can find more information about Folder Redirection by searching Windows Help for Folder Redirection.

Create security-enhanced offline Files Folder, UNC path like \\ServerName\Share$\Folder1\Folder2  

To make sure that only the user and the domain administrators have permissions to synchronize / open and dynamically create folders for the user during the redirection process

to the offline available Files with the Server Share, do the following:

1. Select a central location in your environment where you would like to store the User Files, and then share this folder.

2. Set Share Permissions for the Everyone group to change.

3. Use the following settings for NTFS Permissions for the root folder Share$ :


 - Creator Owner - Full Control, Subfolders and Files Only
 - Local System - Full Control This Folder, Subfolders and Files

 - Administrators - "no permissions"

 - Everyone - "no permissions" 

 - Security group of users that need to put data on share - This Folder Only

+ Travers folder / execute file

+ List Folder/Read Data

+ Read attributes

+ Read extended attributes

+ Create Files / write Data


4. NTFS permissions needed for the folders Folder1 and Folder2 for offline file synchronization:


- %Username% - Full Control, Owner Of Folder

- Local System  - Full Control

- Administrators - "no permissions"

- Everyone - "no permissions"