Profiles Directory - No Administrator Right to individual's profiles
Posted on 2006-06-09
Orginization is using 105 Blade PC's with 350 thin clients.
DC Holds Profiles Directory
Profiles Directory (The directory itself)
Administrators - Full Control
Domain Users - Modify (currently)
If I go into the the profile directory, and pick one of the folders at random, say John Smith, guess what, the administrator doesn't have rights to it.
I go into GP, set on both the Default DC GPO & Business Policy the following
Add the Administrators security group to roaming user profiles - Enabled
The only way for me to get into their directories is to take ownership, then assign them modify rights individually. I do not have time to do this to 350 AD users. Plus from what I understand, if I do this, it would be bad for Quota usage as well (which I am not using currently but do not want to screw it up if I decide to later).
So there is my problem, I have tried FILEACL, from Microsoft (but not really), and it will not let me set permissions on those folders either (by adding).
I maybe mistaken, but I can not afford to go into the security tab, and FORCE it to accept Administrators, as that would remove the individual users Access Rights Correct?
I would really like to kick M$ in the #$%#$%#$@^%$^#%^%#^%$^%$#^!@#$!$#@$ for making a parent directory with Administrative Rights not have full rights to its children, without my jumping through some hoops.