Solved

Terminal Services Home Folder path does not inherit the parent folder permissions in Windows Server 2003

Posted on 2008-10-03
4
1,008 Views
Last Modified: 2012-05-05
The subject says it all. What happence is i create a new user in AD ad the first time they log on to citrix there profile is created in \\server1\citrixprofiles

These newly created folders are not checked to inherit permisions and are help desk tech needs access to thes profiles. the help desk tech is has permisions set at citrixprofiles. There is a MS artical on this # 875535 http://support.microsoft.com/kb/875535/en-us

But when i spoke to MS on this they said the hotfix should gave been included with SP1 and I am running SP2. They also said to go ahead and run it IT SHOULDN'T hurt anything. That makes me feel real comfortable. I was wondering if anyone else has had any similar problems and can lead me on the path to fix this. I know that i can just go on to the system and check inherit permisions on my own but we would really like this resolved
0
Comment
Question by:mystics7
  • 2
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Ron9909
ID: 22641575
Hmm - this article is about TS Home directories...are you trying to give your technicians access to the profile or the home dir?  

If profile, the behaviour you are seeing is by design - the system will create the TS Profile with permissions suitable for the user, meaning not inheriting permissions from the parent folder.  If you want your helpdesk staff to have permissions to the user's profile, you can set the "Add the Administrator security group to the roaming user profile share" setting in the GPO that applies to the user/server.  
[Computer Configuration\Administrative Templates\System\ User Profiles]

There is also another setting under Windows Components\Terminal Server that allows you to set a location for TS Profiles (i.e. the parent folder) - this means you don't have to set a location in the user object, and may save you time if you are manually creating users...

Hope this helps!

0
 
LVL 9

Author Comment

by:mystics7
ID: 22651637
I'm trying to give them access to the profile that is created when the end user first logs on. The first time the user logs on the profile fodler is created only with the local admin, system and the users account having permisions, The check box to inherit permisions is not checked by default and i must go in and manually check this. are help desk techs are not part of the domain or local admin groups on any server. We have a Group called PC Support for are techs and they have access at the parent folder of profiles. If i put that click the check box then all permisions are then applied to the end users profile folder. I know the article from MS says home folder but it is the same exact problem only on the profile folder
0
 
LVL 2

Accepted Solution

by:
Ron9909 earned 500 total points
ID: 22655127
Ok - the problem is that yout techs aren't admins.  If they were you could use the GP setting Imentioned before.  The behaviour you are seeing with profile creation is by design.  When the system creates the profile folder, it won't inherit permissions from the parent.  I think what you will need to do is create a script to either replace permissions on all the newly created profile directories (Xcacls will allow you to grant an additional user permissions to a folder  - http://support.microsoft.com/kb/318754), or you could script creation of the profile directories in advance and allocate whatever permissions you wanted.
0
 
LVL 9

Author Closing Comment

by:mystics7
ID: 31502817
Thank you for your help! that worked
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question