• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

User Profile Rights

We have an interesting problem.  When a user first has his roaming profile created on the server, a directory is created that the user has ownership over.  The administrator is given no rights whatsoever.  In order to properly manage these folders, we need to add the administrator to the rights list, however, we have no right to do so.  That leaves us with only the choice (as far as we can tell) to take ownership over the folder and then assign rights.  Unfortunately, when we do that, the user can no longer use the folder until we give them rights.   Clearly a bit of a mess.

Can anyone tell me if this is really the way windows 2003 is supposed to work and if so, how do you get around it?
0
Robing66066
Asked:
Robing66066
  • 6
  • 5
1 Solution
 
Chris DentPowerShell DeveloperCommented:

There's a Group Policy object for adding the Administrators group to Roaming profile folders.

You can find it under:

Computer Configuration / Administrative Templates / System / Logon
Add the Administrators security group to roaming user profiles

Taking ownership of the Roaming profiles with Administrator generally breaks them - not too helpful.

HTH

Chris
0
 
Robing66066Author Commented:
Yeah, we noticed the breaking thing.  We'll check out the group policy item.  Is there any way to add a non-administrative group to the rights for the profiles?
0
 
Robing66066Author Commented:
Oh.  Nevermind.  Once we're added as administrators, the non-admin group can be done with a batch file...  Duh.  :)
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Chris DentPowerShell DeveloperCommented:

:)
0
 
Robing66066Author Commented:
Hi.

OK.  That got most of it, but the terminal services user roaming profiles didn't respond to that setting.  Any idea what needs to be done for those?
0
 
Chris DentPowerShell DeveloperCommented:

It's a Computer account based setting, so if you can load rsop.msc on the terminal server and see if the policy has been applied there.

It may be just that the policy isn't touching the terminal server.
0
 
Robing66066Author Commented:
We went directly to the server using group policy edit and changed the setting directly on the terminal server and still no change.
0
 
Chris DentPowerShell DeveloperCommented:

If the Terminal Server is also 2003 try running try running rsop.msc and verify that the policy setting is there and not being overridden. Group Policy always overwrites local, so that would be a good place to start.
0
 
Robing66066Author Commented:
I'm on holiday this week.  I'll check back with you when I get back after.

Thanks.
0
 
Robing66066Author Commented:
Worked fine.  Thanks!
0
 
Chris DentPowerShell DeveloperCommented:

Pleasure :)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now