Welcome to the blog of Andreas Dieckmann
So I needed a quick way to check a few folders for correct permissions. We had Windows Virtual Desktop/FSLogix user profile containers in an Azure Files share. Some of these profile folders had wrong permissions.
The correct storage permissions are:
User Account | Folder | Permissions |
---|---|---|
Users | This Folder Only | Modify |
Creator / Owner | Subfolders and Files Only | Modify |
Administrator (optional) | This Folder, Subfolders, and Files | Full Control |
Official FSLogix documentation: Configure storage permissions for use with Profile Containers and Office Containers
In this environment every user has their own subfolder in the share. The user created the subfolder (at their first logon to Windows Virtual Desktop), so theyâre the owner. Since theyâre owner, they have âModifyâ rights to (sub-)subfolders and files in their subfolder. FSLogix creates a profile container vhd(x)-file in the userâs folder.
You can check Permissions using PowerShell with Get-Acl
.
I created a quick-and-dirty PowerShell script to check the permissions. Itâs not attempting any automatic fixes. It just lists the folders and states any faulty permissions. You could either manually fix the permissions using the GUI, or take the ACL-Object of the subfolder and apply it to the files using Set-Acl
.
CheckProfileStoragePermissions.ps1 (Github)
Diecknet ist der IT-Blog von Andreas Dieckmann.
#windowsvirtualdesktop (1) #ntfs (2) #iphone (1) #about (1) #exchange2010 (1) #acl (1) #exchangehybrid (1) #trial (1) #exchangeonline (2) #selfservice (1) #activedirectory (2) #office365 (7) #azureadconnect (2) #fslogix (1) #hybrid (2) #exchange (5) #powershell (4) #hybrididentity (2) #ios (1) #oauth (1) #microsoft365 (5) #apple (1) #powershellsnips (1) #diecknet (1) #licensing (2) #accessrights (1) #azuread (3) #exchange2013 (3) #windowsserver (1)