Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

permissions not setting properly on roaming profile directories

Posted on 2008-06-16
1
Medium Priority
?
162 Views
Last Modified: 2010-03-17
Last Friday all of a sudden we had a new issue arise. Whenever we create a new user in active directory and fill in their profile path eg \\fileserver\users\username\profile

the user logs in and everthigng seems to work it creates the profile and saves the prfoile to the network share.

However that indivdual user is the only person that has access to the profile folder. not even domain admins can access it. This causes many issues mostly with backups. I have found that if I take ownership of the profile dirctory and manually set the the permsions when the user then logs on they get an error that windows cannot load thier roaming profile due to insufficent privilages. (even though they have full control to the profile) I have further discovered once they log in it you take ownership again as the user and relog everything works both the user and domain admins now have permissions to the profile and the user is the owner so the profile works.

The issue is prior to friday we never had to do any of this. whenever the user logged in for the first time it created the profile and they where the owner of it and both themselves and domain admins had full control of it automatically be default...

where are the default permisions assisned to a roaming profile set at if anywhere? and how do I go about getting it back so that domain admins have writes by default without me going through all the steps I outlined above?

Thanks!
0
Comment
Question by:mgartley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 2000 total points
ID: 21798044
this is normal, the user is assigned permissions and noone else, the only option you really have, is to set additional permissions at the root folder and copy them down but select the copy rather than remove options when propogating
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question