Local cached profile security

Posted on 2006-04-04
Medium Priority
Last Modified: 2012-05-05

Hopefully someone can help me with this question (its probably something simple!)

All users on our Windows 2003 domain are using roaming profiles. When they logon to a machine a local cached copy of the profile is created. This is fine as we have some remote users and it does help speed things up in regards to logging on.

The problem is that when that local profile folder is created under C:\Documents and Settings\username it is accessible to anyone else who logs in to the system afterwards! I don’t remember this happening on our 2000 domain. As mentioned I don’t want the folder to be deleted I just want it to be locked to all other users.

Thanks in advance.
Question by:meilec
LVL 51

Accepted Solution

Netman66 earned 2000 total points
ID: 16371681
It should not be accessible to anyone other than the Administrators Group (local) and the user.

Check the security on the profile folder.

If your user's have local Admin or Power User rights (if specifically added) then they can access the profiles.

Also, check "Documents and Settings" folder to make sure it's not inheriting permissions from the parent and that each subfolder for each profile is also not inheriting.

LVL 12

Expert Comment

ID: 16372618
I agree it sounds like the domain users or all local users have been added to the local administrators group.  By default only the domain admin account is added to the local admin group.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question