Solved

Terminal Services Home Folder path does not inherit the parent folder permissions in Windows Server 2003

Posted on 2008-10-03
4
1,012 Views
Last Modified: 2012-05-05
The subject says it all. What happence is i create a new user in AD ad the first time they log on to citrix there profile is created in \\server1\citrixprofiles

These newly created folders are not checked to inherit permisions and are help desk tech needs access to thes profiles. the help desk tech is has permisions set at citrixprofiles. There is a MS artical on this # 875535 http://support.microsoft.com/kb/875535/en-us

But when i spoke to MS on this they said the hotfix should gave been included with SP1 and I am running SP2. They also said to go ahead and run it IT SHOULDN'T hurt anything. That makes me feel real comfortable. I was wondering if anyone else has had any similar problems and can lead me on the path to fix this. I know that i can just go on to the system and check inherit permisions on my own but we would really like this resolved
0
Comment
Question by:mystics7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Ron9909
ID: 22641575
Hmm - this article is about TS Home directories...are you trying to give your technicians access to the profile or the home dir?  

If profile, the behaviour you are seeing is by design - the system will create the TS Profile with permissions suitable for the user, meaning not inheriting permissions from the parent folder.  If you want your helpdesk staff to have permissions to the user's profile, you can set the "Add the Administrator security group to the roaming user profile share" setting in the GPO that applies to the user/server.  
[Computer Configuration\Administrative Templates\System\ User Profiles]

There is also another setting under Windows Components\Terminal Server that allows you to set a location for TS Profiles (i.e. the parent folder) - this means you don't have to set a location in the user object, and may save you time if you are manually creating users...

Hope this helps!

0
 
LVL 9

Author Comment

by:mystics7
ID: 22651637
I'm trying to give them access to the profile that is created when the end user first logs on. The first time the user logs on the profile fodler is created only with the local admin, system and the users account having permisions, The check box to inherit permisions is not checked by default and i must go in and manually check this. are help desk techs are not part of the domain or local admin groups on any server. We have a Group called PC Support for are techs and they have access at the parent folder of profiles. If i put that click the check box then all permisions are then applied to the end users profile folder. I know the article from MS says home folder but it is the same exact problem only on the profile folder
0
 
LVL 2

Accepted Solution

by:
Ron9909 earned 500 total points
ID: 22655127
Ok - the problem is that yout techs aren't admins.  If they were you could use the GP setting Imentioned before.  The behaviour you are seeing with profile creation is by design.  When the system creates the profile folder, it won't inherit permissions from the parent.  I think what you will need to do is create a script to either replace permissions on all the newly created profile directories (Xcacls will allow you to grant an additional user permissions to a folder  - http://support.microsoft.com/kb/318754), or you could script creation of the profile directories in advance and allocate whatever permissions you wanted.
0
 
LVL 9

Author Closing Comment

by:mystics7
ID: 31502817
Thank you for your help! that worked
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
change home folder path 4 68
why user can't see mapped share folder 8 69
how can I practice with windows server os 2 88
ticket bloat 3 79
So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question