Solved

Terminal Services Home Folder path does not inherit the parent folder permissions in Windows Server 2003

Posted on 2008-10-03
4
1,006 Views
Last Modified: 2012-05-05
The subject says it all. What happence is i create a new user in AD ad the first time they log on to citrix there profile is created in \\server1\citrixprofiles

These newly created folders are not checked to inherit permisions and are help desk tech needs access to thes profiles. the help desk tech is has permisions set at citrixprofiles. There is a MS artical on this # 875535 http://support.microsoft.com/kb/875535/en-us

But when i spoke to MS on this they said the hotfix should gave been included with SP1 and I am running SP2. They also said to go ahead and run it IT SHOULDN'T hurt anything. That makes me feel real comfortable. I was wondering if anyone else has had any similar problems and can lead me on the path to fix this. I know that i can just go on to the system and check inherit permisions on my own but we would really like this resolved
0
Comment
Question by:mystics7
  • 2
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Ron9909
Comment Utility
Hmm - this article is about TS Home directories...are you trying to give your technicians access to the profile or the home dir?  

If profile, the behaviour you are seeing is by design - the system will create the TS Profile with permissions suitable for the user, meaning not inheriting permissions from the parent folder.  If you want your helpdesk staff to have permissions to the user's profile, you can set the "Add the Administrator security group to the roaming user profile share" setting in the GPO that applies to the user/server.  
[Computer Configuration\Administrative Templates\System\ User Profiles]

There is also another setting under Windows Components\Terminal Server that allows you to set a location for TS Profiles (i.e. the parent folder) - this means you don't have to set a location in the user object, and may save you time if you are manually creating users...

Hope this helps!

0
 
LVL 9

Author Comment

by:mystics7
Comment Utility
I'm trying to give them access to the profile that is created when the end user first logs on. The first time the user logs on the profile fodler is created only with the local admin, system and the users account having permisions, The check box to inherit permisions is not checked by default and i must go in and manually check this. are help desk techs are not part of the domain or local admin groups on any server. We have a Group called PC Support for are techs and they have access at the parent folder of profiles. If i put that click the check box then all permisions are then applied to the end users profile folder. I know the article from MS says home folder but it is the same exact problem only on the profile folder
0
 
LVL 2

Accepted Solution

by:
Ron9909 earned 500 total points
Comment Utility
Ok - the problem is that yout techs aren't admins.  If they were you could use the GP setting Imentioned before.  The behaviour you are seeing with profile creation is by design.  When the system creates the profile folder, it won't inherit permissions from the parent.  I think what you will need to do is create a script to either replace permissions on all the newly created profile directories (Xcacls will allow you to grant an additional user permissions to a folder  - http://support.microsoft.com/kb/318754), or you could script creation of the profile directories in advance and allocate whatever permissions you wanted.
0
 
LVL 9

Author Closing Comment

by:mystics7
Comment Utility
Thank you for your help! that worked
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now