Solved

How do I get roaming profile to ignore user cookies

Posted on 2007-12-04
6
4,175 Views
Last Modified: 2011-08-18
More complicated than title implies--
We have kiosks which automatically login using a roaming profile.  Using GPO Computer Config|admin templates|system user profiles| we prevent roaming profile changes from propagating to the server, except for one kiosk which we use for setting the single user profile.
Upon login, the kiosks are showing an error-- can't copy the cookies\index.dat file centrally to the
local cookies directory.
If I delete the index.dat file from the roaming profile\cookies directory on the server, the kiosks login fine.  But if I logout and in on the one kiosk allowed to propogate to the server, the other kiosks fail with the same error because index.dat is rewritten to the roaming profile\cookies directory.
1.  I've deleted all temporary internet files on the workstation that we use to define the roaming profile.  The same index.dat file and the other cookie files still get remade on the server when this one workstation logs out.  I've searched for this index.dat file on the workstation that is sending the cookies to the roaming profile--- there are index files but not this index.dat file-- which is always exactly the same and the same date (3 weeks old).

2.I thought that the default was that temporary internet files are not written to the roaming profile.

Thanks in advance.

0
Comment
Question by:dakota5
  • 3
  • 3
6 Comments
 
LVL 7

Expert Comment

by:mcse2007
ID: 20409801
Have you try  DENYING  the user access to the cookies folder from ACL? Will you still get the error?
0
 

Author Comment

by:dakota5
ID: 20417131
The cookies folder on the server (sysvol\sysvol\domain-name\user profiles\user\cookies) is peculiar.
Unlike the rest of the folders in the user profile, cookies does not have sharing and security settings.  I tried to remove rights to the file index.dat but nothing works.

I noticed that on the computer that is propagating the roaming profile, the cookies directory only appears in the user profile when that user is logged in.  And when that user is logged in, the index.dat file can't be deleted-- it is being used.
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20417312
You have to DENY the user through ACL from the COOKIES folder and not on the index.dat file !
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:dakota5
ID: 20417410
The cookies folder in the roaming profile does not have an Access Control List.  As I mentioned, it is the only one of the folders whose right-click option does not include "Sharing and Security" in the drop down.  I guess I could try to recreate the folder, but that would be complicated.

In addition, if I succeed in blocking access to the folder, the copying of the folder that is attempted on user login will fail and still give me an error, won't it?  I need to keep the propagating workstation from writing the index.dat file in the first place, but probably not by denying access to the directory-- because that will also generate an error.

Any idea how to get the propagating workstation to stop trying to copy it's cookies directory back to the roaming profile?  There is an administrative GPO for login that allows you to block directories from being written to the profile, but doing so creates other login errors reading other temporary internet files.
0
 
LVL 7

Accepted Solution

by:
mcse2007 earned 500 total points
ID: 20417483
o.k I see what you mean.

Go into the server hosting the roaming profile, find a particular user profile and look for cookies folder. Right click on it and select properties then select the 'Security' tab. Here set the DENY modify everyone.
This will deny anyone from writing any files inside the cookies folder.

You have to logon as administrator in the hosting server that service the roaming profiles and have at least full control permission to the partition drive where the roam folders are housed.
0
 

Author Comment

by:dakota5
ID: 20428446
The cookies folder has no security tab on write click.  I think there is something unique about an active roaming profile central cookies folder.  However, I think I solved the problem by deleting the cookies folder on the server-- I should have tried this earlier.
On reboot, the propagating workstation recreated a new cookies folder.  It has the same files in it that the "bad" folder had (same dates, same sizes), but the roaming profile workstations now have no problem.  Incidentally, this cookies folder also does not have a security tab on right click.  Must be something about roaming profiles and cookies folders.
Anyway, problem solved.  Thank you for pushing me in this direction.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question