After creating additional shared folders listed in Table 198, configure the appropriate shared folder permissions. Ensure that unauthorized users are unable to access user state migration information and the deployment logs. Only the target computer creating the user state migration information and the deployment logs should have access to these folders.
To configure the shared folder permissions for the folders listed in Table 198
1. In Windows Explorer, right-click shared_folder (where shared_folder is one of the shared folders listed in Table 198), and then click Properties.
2. On the Security tab, click Advanced.
3. On the Permissions tab, clear the Allow inheritable permissions from the parent to propagate to this object and all child objects check box.
4. In the Security dialog box, click Remove.
5. On the Permissions tab, click Add.
6. In the Enter the object name to select box, type Authenticated Users, and then click OK.
7. In the Permission Entry forshared_folder dialog box (where shared_folder is one of the shared folders listed in Table 198), in the Apply onto list, click This folder only.
8. In the Permission Entry for shared_folder dialog box (where shared_folder is one of the shared folders listed in Table 198), in the Permissions list, click Allow for the Create Folders/Append Data permission, and then click OK.
9. On the Permissions tab, click Add.
10. In the Enter the object name to select box, type CREATOR OWNER, and then click OK.
This action allows domain computers and domain users to access the subfolders they create.
11. In the Permission Entry forshared_folder dialog box (where shared_folder is one of the shared folders listed in Table 198), in the Apply onto list, click Subfolders and files only.
12. In the Permission Entry forshared_folder dialog box (where shared_folder is one of the shared folders listed in Table 198), in the Permissions list, click Allow for the Full Control permission, and then click OK.
13. Repeat steps 10–13 for each group that will receive Administrator privileges.
The permissions set in these steps work for both LTI and ZTI deployments. In some instances, you may want to further restrict the user accounts that can access the shared folder. You can restrict user accounts for:
· LTI deployments by substituting Authenticated Users in the steps above with each account you want to have access
· ZTI deployments by substituting Authenticated Users in the steps above with the network access account in Configuration Manager 2012 or Configuration Manager 2007 R3
Related Topics