Roaming Profiles Share

Posted on 2006-05-05
Last Modified: 2012-05-05
Error is:

Product:      Windows Operating System
Event ID:      1505
Source:      Userenv
Version:      5.2
Symbolic Name:      EVENT_ADMIN_OVERRIDE
Message:      Windows cannot load the user's profile but has logged you on with the default profile for the system.


Microsoft says:

The system is unable to load any of the following: the user's local user profile, the user's roaming user profile, or a temporary profile. As a result, the system logged the user on with the system profile if the user is a member of the Administrators group.
Possible causes include: insufficient computer memory, low disk space, or corruption of the user profile and default profile, or the system's inability to access the system profile for security reasons such as incorrect permissions.

I am trying to figure this out and although I have read the technotes for roaming and reviewed the system for memory/disk space and permissions - I still get this message when I logon?

I need some help sorting this out.  
Question by:victoriatech
    LVL 16

    Expert Comment

    Roaming profiles.

    Steps that need to be taken from the top of my head if I can remember correctly :)

    1. Create a folder say "Profiles" on a network drive other than the DC or at least another volume.
    2. Share it and give authenticated users full control for share permissions.
    Authenticated users should only be in the "share" permissions.
    The NTFS permissions, have you checked those settings?  This is where you would control access to the shared folder.
    3.  In the profile tab in ADUC key in the following:  \\servername\profiles\%username%
    This will create the folder and give the user object explicit rights to that directory.
    4. Make sure no quotas are on the volume, if so then you will need to adjust them accordingly.
    5. Make sure the volume is large enough to hold the data.

    It sounds like there are just permission problems here.


    Author Comment

    The userprofiles$ share itslef is setup and accounts are generating correctly through the %username% in ADUC

    I did some looking and this is where it starts to get messy and confusing:

    THe Share permissions show Everyone Full

    The folder (NTFS) permissions vary as I go down the long list.  Some folders show Administrators=F, User Account=F and System=F

    Other folders show Everyone inherited=F and Administrators inherited=F

    Then there are other folders where I cannot see anything as I am denied access (I am the administrator)

    I looked at ownership and can see many folders where the owner is unknown.  Many show domainname\username and others show builtin\administrators

    I think I have a mess on my hands.  What do I do next?
    LVL 16

    Accepted Solution

    Well I would remove the everyone group and add in authenticated users instead and give them full control for the share permissions only.  Remove anything else in there.  You really don't want to be messing with the permissions on the users folder themselves.  Leave the permissions alone on those.  By default the only person that will have full control is the creator owner which should be the actual user.  


    I would have full control over the folder "kevin" and nobody else would.  Not even the administrator.  Now granted the administrator can take control over the folder though if he/she wishes to.

    On the"userprofiles$" folder itself for starters just remove all groups out of the NTFS and add authenticated users and give them full control for now.  You will want to of course test this structure with a few test accounts and a test shared profile folder.


    Author Comment

    I am going to work on this task Monday afternoon or Tuesday morning and will post back.

    LVL 16

    Expert Comment

    Ok, no problem.


    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now