You may experience that your domain users start to complain about not being able to access to their own files/documents in home folders. The problem could be triggered by a help desk or a file migration operation, and it may be solved by fixing/resetting permissions. Here is a recipe:

• Make sure that the HOME root directory has permissions below:

SYSTEM - Full - This folder, subfolders and files only
Domain Admins - Full - This folder, subfolders and files only
CREATOR OWNER - Full - Subfolder and files only
Domain Users - Traverse folder ... + List folder ... + Read attributes + Create folders ... + Read permissions - This folder only

ICACLS output for HOME root directory:

HOME NT AUTHORITY\SYSTEM:(OI)(CI)(F)
DOMAIN\Domain Admins:(OI)(CI)(F)
DOMAIN\Domain Users:(Rc,S,RD,AD,X,RA)
CREATOR OWNER:(OI)(CI)(IO)(F)

• Set proper permissions on user's home folders. The batch file below sets a user as the owner of her/his home directory, and resets permissions to inherit from the home root (assuming that user names are used for naming home directories and you run the script within HOME root):

@echo off
for /d %%d in (*.*) do icacls %%d /setowner DOMAIN\%%d /t
for /d %%d in (*.*) do icacls %%d /reset /t