Solved

How do I get roaming profile to ignore user cookies

Posted on 2007-12-04
6
4,168 Views
Last Modified: 2011-08-18
More complicated than title implies--
We have kiosks which automatically login using a roaming profile.  Using GPO Computer Config|admin templates|system user profiles| we prevent roaming profile changes from propagating to the server, except for one kiosk which we use for setting the single user profile.
Upon login, the kiosks are showing an error-- can't copy the cookies\index.dat file centrally to the
local cookies directory.
If I delete the index.dat file from the roaming profile\cookies directory on the server, the kiosks login fine.  But if I logout and in on the one kiosk allowed to propogate to the server, the other kiosks fail with the same error because index.dat is rewritten to the roaming profile\cookies directory.
1.  I've deleted all temporary internet files on the workstation that we use to define the roaming profile.  The same index.dat file and the other cookie files still get remade on the server when this one workstation logs out.  I've searched for this index.dat file on the workstation that is sending the cookies to the roaming profile--- there are index files but not this index.dat file-- which is always exactly the same and the same date (3 weeks old).

2.I thought that the default was that temporary internet files are not written to the roaming profile.

Thanks in advance.

0
Comment
Question by:dakota5
  • 3
  • 3
6 Comments
 
LVL 7

Expert Comment

by:mcse2007
ID: 20409801
Have you try  DENYING  the user access to the cookies folder from ACL? Will you still get the error?
0
 

Author Comment

by:dakota5
ID: 20417131
The cookies folder on the server (sysvol\sysvol\domain-name\user profiles\user\cookies) is peculiar.
Unlike the rest of the folders in the user profile, cookies does not have sharing and security settings.  I tried to remove rights to the file index.dat but nothing works.

I noticed that on the computer that is propagating the roaming profile, the cookies directory only appears in the user profile when that user is logged in.  And when that user is logged in, the index.dat file can't be deleted-- it is being used.
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20417312
You have to DENY the user through ACL from the COOKIES folder and not on the index.dat file !
0
 

Author Comment

by:dakota5
ID: 20417410
The cookies folder in the roaming profile does not have an Access Control List.  As I mentioned, it is the only one of the folders whose right-click option does not include "Sharing and Security" in the drop down.  I guess I could try to recreate the folder, but that would be complicated.

In addition, if I succeed in blocking access to the folder, the copying of the folder that is attempted on user login will fail and still give me an error, won't it?  I need to keep the propagating workstation from writing the index.dat file in the first place, but probably not by denying access to the directory-- because that will also generate an error.

Any idea how to get the propagating workstation to stop trying to copy it's cookies directory back to the roaming profile?  There is an administrative GPO for login that allows you to block directories from being written to the profile, but doing so creates other login errors reading other temporary internet files.
0
 
LVL 7

Accepted Solution

by:
mcse2007 earned 500 total points
ID: 20417483
o.k I see what you mean.

Go into the server hosting the roaming profile, find a particular user profile and look for cookies folder. Right click on it and select properties then select the 'Security' tab. Here set the DENY modify everyone.
This will deny anyone from writing any files inside the cookies folder.

You have to logon as administrator in the hosting server that service the roaming profiles and have at least full control permission to the partition drive where the roam folders are housed.
0
 

Author Comment

by:dakota5
ID: 20428446
The cookies folder has no security tab on write click.  I think there is something unique about an active roaming profile central cookies folder.  However, I think I solved the problem by deleting the cookies folder on the server-- I should have tried this earlier.
On reboot, the propagating workstation recreated a new cookies folder.  It has the same files in it that the "bad" folder had (same dates, same sizes), but the roaming profile workstations now have no problem.  Incidentally, this cookies folder also does not have a security tab on right click.  Must be something about roaming profiles and cookies folders.
Anyway, problem solved.  Thank you for pushing me in this direction.
0

Join & Write a Comment

The saying goes a bad carpenter blames his tools. In the Directory Services world a bad system administrator, well, even with the best tools they’re probably not going to become an all star.  However for the system admin who is willing to spend a li…
Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now