Roaming Profiles Share

Error is:

Product:      Windows Operating System
Event ID:      1505
Source:      Userenv
Version:      5.2
Symbolic Name:      EVENT_ADMIN_OVERRIDE
Message:      Windows cannot load the user's profile but has logged you on with the default profile for the system.


Microsoft says:

The system is unable to load any of the following: the user's local user profile, the user's roaming user profile, or a temporary profile. As a result, the system logged the user on with the system profile if the user is a member of the Administrators group.
Possible causes include: insufficient computer memory, low disk space, or corruption of the user profile and default profile, or the system's inability to access the system profile for security reasons such as incorrect permissions.

I am trying to figure this out and although I have read the technotes for roaming and reviewed the system for memory/disk space and permissions - I still get this message when I logon?

I need some help sorting this out.  
Who is Participating?
Kevin HaysIT AnalystCommented:
Well I would remove the everyone group and add in authenticated users instead and give them full control for the share permissions only.  Remove anything else in there.  You really don't want to be messing with the permissions on the users folder themselves.  Leave the permissions alone on those.  By default the only person that will have full control is the creator owner which should be the actual user.  


I would have full control over the folder "kevin" and nobody else would.  Not even the administrator.  Now granted the administrator can take control over the folder though if he/she wishes to.

On the"userprofiles$" folder itself for starters just remove all groups out of the NTFS and add authenticated users and give them full control for now.  You will want to of course test this structure with a few test accounts and a test shared profile folder.

Kevin HaysIT AnalystCommented:
Roaming profiles.

Steps that need to be taken from the top of my head if I can remember correctly :)

1. Create a folder say "Profiles" on a network drive other than the DC or at least another volume.
2. Share it and give authenticated users full control for share permissions.
Authenticated users should only be in the "share" permissions.
The NTFS permissions, have you checked those settings?  This is where you would control access to the shared folder.
3.  In the profile tab in ADUC key in the following:  \\servername\profiles\%username%
This will create the folder and give the user object explicit rights to that directory.
4. Make sure no quotas are on the volume, if so then you will need to adjust them accordingly.
5. Make sure the volume is large enough to hold the data.

It sounds like there are just permission problems here.

victoriatechAuthor Commented:
The userprofiles$ share itslef is setup and accounts are generating correctly through the %username% in ADUC

I did some looking and this is where it starts to get messy and confusing:

THe Share permissions show Everyone Full

The folder (NTFS) permissions vary as I go down the long list.  Some folders show Administrators=F, User Account=F and System=F

Other folders show Everyone inherited=F and Administrators inherited=F

Then there are other folders where I cannot see anything as I am denied access (I am the administrator)

I looked at ownership and can see many folders where the owner is unknown.  Many show domainname\username and others show builtin\administrators

I think I have a mess on my hands.  What do I do next?
victoriatechAuthor Commented:
I am going to work on this task Monday afternoon or Tuesday morning and will post back.

Kevin HaysIT AnalystCommented:
Ok, no problem.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.