Local cached profile security

Posted on 2006-04-04
Last Modified: 2012-05-05

Hopefully someone can help me with this question (its probably something simple!)

All users on our Windows 2003 domain are using roaming profiles. When they logon to a machine a local cached copy of the profile is created. This is fine as we have some remote users and it does help speed things up in regards to logging on.

The problem is that when that local profile folder is created under C:\Documents and Settings\username it is accessible to anyone else who logs in to the system afterwards! I don’t remember this happening on our 2000 domain. As mentioned I don’t want the folder to be deleted I just want it to be locked to all other users.

Thanks in advance.
Question by:meilec
    LVL 51

    Accepted Solution

    It should not be accessible to anyone other than the Administrators Group (local) and the user.

    Check the security on the profile folder.

    If your user's have local Admin or Power User rights (if specifically added) then they can access the profiles.

    Also, check "Documents and Settings" folder to make sure it's not inheriting permissions from the parent and that each subfolder for each profile is also not inheriting.

    LVL 12

    Expert Comment

    I agree it sounds like the domain users or all local users have been added to the local administrators group.  By default only the domain admin account is added to the local admin group.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now