diff --git a/redirected-profiles-folder-permissions.ps1 b/redirected-profiles-folder-permissions.ps1
new file mode 100644
index 0000000..5e659ef
--- /dev/null
+++ b/redirected-profiles-folder-permissions.ps1
@@ -0,0 +1,51 @@
+#zebra - 10/20/23
+#assigns NTFS permissions to the child folders of a given folder defined in $rootFolder according to the folder name.
+#this script can be used to fix NTFS permissions for redirected profiles.
+#e.g. if a folder is named jdoe, it will give NTFS permissions to contoso\jdoe
+#can be configured to specify a domain or workgroup.
+
+# Define the root folder where you want to perform the permission changes
+$rootFolder = "C:\temp\Permissions Test"
+
+# Get a list of subfolders in the root folder
+$subfolders = Get-ChildItem -Path $rootFolder -Directory
+
+# Iterate through each subfolder
+foreach ($subfolder in $subfolders) {
+    $folderName = $subfolder.Name
+    $accountName = "IZEBRA\$folderName"  # For domain accounts, add the netBIOS domain name before $folderName. 
+                                         # For example, CONTOSO\$foldername will make the script add permissions for CONTOSO\bob for folder "bob". 
+
+                                         # For local accounts, remove the domain name and the trailing slash so that $accountName = $folderName.
+
+        # Remove existing NTFS permissions and get a list of removed permissions
+        $acl = Get-Acl $subfolder.FullName
+        $removedPermissions = @()
+
+        $acl.SetAccessRuleProtection($true, $true)  # Disable inheritance and remove inherited permissions
+
+        $acl.Access | ForEach-Object {
+            if ($_.IdentityReference.Value -ne "BUILTIN\Administrators") {  # Exclude Administrators group if needed
+                $removedPermissions += $_
+                $acl.RemoveAccessRule($_)
+            }
+        }
+
+        # Apply new NTFS permissions, and skip if it fails
+        try {
+            $permission = New-Object System.Security.AccessControl.FileSystemAccessRule($accountName, "FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
+            $acl.AddAccessRule($permission)
+            Set-Acl -Path $subfolder.FullName -AclObject $acl
+            Write-Host "Permissions updated for folder $folderName. $accountName now has Full Control."
+        } catch {
+            Write-Host "Failed to update permissions for $folderName. Skipping the folder."
+        }
+
+        # Print the removed permissions
+        if ($removedPermissions.Count -gt 0) {
+            Write-Host "Old permissions for $folderName go as follows: "
+            $removedPermissions | ForEach-Object {
+                Write-Host ("{0} - {1}" -f $_.IdentityReference, $_.FileSystemRights)
+            }
+        }
+}