We help IT Professionals succeed at work.

File shares permissions roaming profiles

Medium Priority
Last Modified: 2008-05-30
Can someone please help me out here.

Our file server properties are
Full computer name: CHSLabSrv1
Domain Name: NUACS.local
Roaming Profile Path: \\chslabsrv1\students\2008\student#

Folder Structure: E:\
                                                    misc folders and files
                                                    misc folders and files
                                                   misc folders and files
                                                   misc folders and files
                                                                    misc folders and files
                                                                    misc folders and files
                                                                   misc folders and files
                                                                    misc folders and files
                                                                    misc folders and files
                                                                   misc folders and files

We are using roaming profiles for our students. When some students login they recieve "profile cannot be found", "can't save roaming profile". It also seems to take forever for a student to login. We would like to get rid of this error. Also when a student does login and go to network neihborhood, the only folder we would like them to have access to is StudentLab and MPPro. Is this possible? How would I perform this? I guess the big problem I am having is what share permissions do I need in the parent folder to have full control of the child folder. I don't want each student to have full control of the Students folder if I can help it, do they have to have any permissions to the Students folder at all?

Watch Question

You will most likely want to start by inplementing folder redirection of the mydocs and desktop folders.  There is a setting in AD which will allow you to redirect these folders to central share points other that the user profile.  This will dramatically speed up the time it takes to load and save the profile, and give them access to these files even if their profile can't be found or loaded.

As to share permissions, you will typically share with full control.  This does not mean you are giving full control, as you will them manage permissions with NTFS permissions.  With all of the features we have just discussed windows will automajically setup the NTFS permissions for you.
On second thought I can't recall if the redirection feature is available in 2000 AD.    Is there any good reason why you have not changed to 2003 AD?


With all the testing I am assuming the permissions are incorrect. How do I correct them?
They have to have "list" permissions at the student (the root of your profiles) folder at a minimum to support roaming profiles.  

Network neighborhood is netbios based and all systems with the computer browser server will populate the list.  Disabling the computer browser service will prohibit that machine from being able to browse as well as advertising itself.

try going into the share and seeing if you can open on of the other users profiles....  Typically ntfs permissions are setup in a manner where even a domain admin can't access them without first taking ownership.  Everyone will have access to the share point but only the individual users should be able to access what's in thier folders.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.