Solved

Roaming Profiles - User folder "Taking ownership"

Posted on 2004-08-26
4
832 Views
Last Modified: 2012-08-13
I've established that to view/edit contents of a user's roaming profile folder i need to take ownership as administrator. However i can't seem to give ownership of this folder back to the user. I’ve entered the username into the ownership filed and everything seems to be updated. for example i can't view the contents of the file as administrator however, when i try to login as the user i get the Access Denied roaming profile error?

i'm sure there's a simple soulution to this but there dosn't seem to be much documentation i can find on the subject of giving back ownership.

Thanks in advance,
Jon
0
Comment
Question by:jonbillingsley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Expert Comment

by:littlebuddah
ID: 11903270
You don't need to give the user ownership, just full rights, leave ownership with the admin account.  To negate this problem pre-create the base folder in the location you have specified and give the user full rights before they log on for the first time.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 11909709
Not so...   The owner of the profile directory, for TS, needs to be either the ADMINISTRATORS group, or it needs to be the user who's profile it is.

In our environment, we do the following:

Use subinacl to give ownership, and use xcacls to grant access to the file to both SYSTEM and Domain Admins.

Subinacl is a freely downloadable tool from MS, as is XCACLS.  I believe they are both part of the support tools.

example usage for subinacl:

subinacl /noverbose /file c:\profiles\%username% /SETOWNER=%username%

Replace %username% with the username who's profile you are trying to fix...

Also make sure they the NTFS and Share permissions are set correctly on the parent share folder...

HTH,
exx1976
0
 

Author Comment

by:jonbillingsley
ID: 11911566
thanks exx1976,

would you be able to tell me these permissions?
0
 
LVL 18

Accepted Solution

by:
exx1976 earned 150 total points
ID: 11913889
Sure thing.  Here are the EXACT permissions that I grant in my environment, as well as the correct syntax to use XCACLS.

xcacls \\server\share\%USERNAME% /T /G SYSTEM:F "%DOMAIN%\DOMAIN ADMINS":F %USERNAME%:C /Y

The line above, if you change %USERNAME% and %DOMAIN% to be correct for your environment, will grant full access to the SYSTEM, full access to the DOMAIN ADMINS group, and change permissions to the user.

On the parent share, you should have the share permissions set to everyone full control, and the NTFS permissions should be set to READ for Domain Users, and FULL CONTROL for SYSTEM and DOMAIN ADMINS.

Then, they are able to list the directory structure of the profiles directory, and then with the change permissions on their own directory, they are able to access it.

Let me know if there's anything else I can do to help.

exx
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question