ntfs user redirected folder root share must have the following permissions for the group of users who should have access (full control/ownership) of their own documents
if given "full control" it works fine...
But MS's recommendation (which doesn't work) is to only give List Folder / Read Data and Create Folder / Append data
I've found through trial and error that the following is the minimum (best security but still allows offline files)
(Security-> Advanced -> special permissions to "Domain Users" for "This Folder Only")
traverse list foldr create folder read permissions
with the above I can right click and make something go offline & synch but stupid built in MS offline wizard gives "access is denied" error!
unfortunately the MS sh.. only works ...
no full control, take control, take ownership, or delete...
I will investigate further
MS recommends making the root share hidden $
so we should change users to users$