Solved

URGENT - Roaming Profiles Issue

Posted on 2006-06-22
10
223 Views
Last Modified: 2010-04-18
We are using W2003 Server and have a folder called RoamingProfiles - we have users folders under that who's security settings are that to give the user listed in the AD full access to their roaming profile.  However it seems to only work if the user is a member of domain admins - it will not work as domain user only - obviously we don't want users to have admin rights across the domain.

HELP!!
0
Comment
Question by:Powerhousecomputing
  • 5
  • 5
10 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16959328
Check the share permissions too.  I imagine they don;t have Full Control at the share level?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16959347
The user may also need to be the owner of their profile directory too (can't remember specifically as it was a few years ago but I know I had to use a script with subinacl.exe from the login script to give the user ownership of their profile directory and home drive, though that may just have been to get quotas working).  I presume you are connectring them through a share "profiles$" or something in which case as long as they have Full Control to share and read access to the next level and you create the profile dir. for them as full control access all should work.

Steve
0
 

Author Comment

by:Powerhousecomputing
ID: 16959569
The RoamingProfiles folder is shared and everyone has full permissions
Each subfolder (each user's profile) is not shared but security is set for the user so that they have full access.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 43

Expert Comment

by:Steve Knight
ID: 16959645
I suggest you try one taking ownerhsip of the directory and files to the user (you can do this as them as they have full control) or take a look at subinacl.exe from the resource kit (downloadble from MS site).

subinacl /noverbose /subdirectories \\server\Profiles\%user%\*.* /setowner=domain\user
subinacl /noverbose /file \\server\Profiles\%user% /setowner=domain\user

Steve
0
 

Author Comment

by:Powerhousecomputing
ID: 16959683
I have take ownership on the subfolder but it makes no difference - still the profiles only work when the user is part of domain admins
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 16959809
Fair enough.  Sounds like you have everything right.  Can the users access other things on the server OK, and if you map a drive to the location and check, as the user, that they do actually have permissions to the area?

When they are domain admins does it actually write their profile back into the directory etc?

http://www.microsoft.com/technet/archive/winntas/tips/techrep/decdown.mspx?mfr=true  is microsoft's "howto" which doesn't really tell us anything we don't know.

Steve
0
 

Author Comment

by:Powerhousecomputing
ID: 16959829
Yes they can access other ares with no problem and yes when they are domain admin they can write back
0
 

Author Comment

by:Powerhousecomputing
ID: 16959991
making them have local admin rights works - thanks!
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16960042
Sounds a bit odd but at least you are working, thanks for the points in any case.

Steve
0
 

Author Comment

by:Powerhousecomputing
ID: 16960349
actually..... it's not now!  i thought it was ok - all is back except for desktops - any ideas?  still only have unrestricted access if domain admins
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
formating cluster disk 6 80
Memory Leak in Windows 2012, Non-Paged pool 8.5GB 25 175
shadow copies 7 81
Robocopy Doesn't Retain Shared Folders After Copying 5 78
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question