Roaming profiles are great for mobile users and VDI users, but managing the profile folders can present extra challenges. By default, newly created profile folders gives access to the local system and the user. You can add Administrator access using group
policy [Link] but it does not have the ability to add other security prinicpals such as Help Desk users.
The sample script below does the following:
This script can be enhanced or modified to suit other purposes.
DISCLAIMER: This sample script is provided AS-IS with no warranties and confers no rights.
This script was based off Don Jone's blog post "Automate changes to Permissions".
Automate changes to Permissions
Security Considerations when Configuring Roaming User Profiles
Roaming Profile Folders Do Not Allow Administrative Access