permissions not setting properly on roaming profile directories
Posted on 2008-06-16
Last Friday all of a sudden we had a new issue arise. Whenever we create a new user in active directory and fill in their profile path eg \\fileserver\users\username\profile
the user logs in and everthigng seems to work it creates the profile and saves the prfoile to the network share.
However that indivdual user is the only person that has access to the profile folder. not even domain admins can access it. This causes many issues mostly with backups. I have found that if I take ownership of the profile dirctory and manually set the the permsions when the user then logs on they get an error that windows cannot load thier roaming profile due to insufficent privilages. (even though they have full control to the profile) I have further discovered once they log in it you take ownership again as the user and relog everything works both the user and domain admins now have permissions to the profile and the user is the owner so the profile works.
The issue is prior to friday we never had to do any of this. whenever the user logged in for the first time it created the profile and they where the owner of it and both themselves and domain admins had full control of it automatically be default...
where are the default permisions assisned to a roaming profile set at if anywhere? and how do I go about getting it back so that domain admins have writes by default without me going through all the steps I outlined above?