Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Roaming Profiles - User folder "Taking ownership"

Posted on 2004-08-26
4
Medium Priority
?
834 Views
Last Modified: 2012-08-13
I've established that to view/edit contents of a user's roaming profile folder i need to take ownership as administrator. However i can't seem to give ownership of this folder back to the user. I’ve entered the username into the ownership filed and everything seems to be updated. for example i can't view the contents of the file as administrator however, when i try to login as the user i get the Access Denied roaming profile error?

i'm sure there's a simple soulution to this but there dosn't seem to be much documentation i can find on the subject of giving back ownership.

Thanks in advance,
Jon
0
Comment
Question by:jonbillingsley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Expert Comment

by:littlebuddah
ID: 11903270
You don't need to give the user ownership, just full rights, leave ownership with the admin account.  To negate this problem pre-create the base folder in the location you have specified and give the user full rights before they log on for the first time.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 11909709
Not so...   The owner of the profile directory, for TS, needs to be either the ADMINISTRATORS group, or it needs to be the user who's profile it is.

In our environment, we do the following:

Use subinacl to give ownership, and use xcacls to grant access to the file to both SYSTEM and Domain Admins.

Subinacl is a freely downloadable tool from MS, as is XCACLS.  I believe they are both part of the support tools.

example usage for subinacl:

subinacl /noverbose /file c:\profiles\%username% /SETOWNER=%username%

Replace %username% with the username who's profile you are trying to fix...

Also make sure they the NTFS and Share permissions are set correctly on the parent share folder...

HTH,
exx1976
0
 

Author Comment

by:jonbillingsley
ID: 11911566
thanks exx1976,

would you be able to tell me these permissions?
0
 
LVL 18

Accepted Solution

by:
exx1976 earned 600 total points
ID: 11913889
Sure thing.  Here are the EXACT permissions that I grant in my environment, as well as the correct syntax to use XCACLS.

xcacls \\server\share\%USERNAME% /T /G SYSTEM:F "%DOMAIN%\DOMAIN ADMINS":F %USERNAME%:C /Y

The line above, if you change %USERNAME% and %DOMAIN% to be correct for your environment, will grant full access to the SYSTEM, full access to the DOMAIN ADMINS group, and change permissions to the user.

On the parent share, you should have the share permissions set to everyone full control, and the NTFS permissions should be set to READ for Domain Users, and FULL CONTROL for SYSTEM and DOMAIN ADMINS.

Then, they are able to list the directory structure of the profiles directory, and then with the change permissions on their own directory, they are able to access it.

Let me know if there's anything else I can do to help.

exx
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question