Group policy settings for a roaming profile

Hello,
I am running a windows server 2008 enviornment with Active directory. I have created my OU and put and added a group policy. I have a file server that houses all roaming profiles. I have gone into group policy settings and enabled under computer config/admin templates/system/user profiles, the add administrators security group to roaming user profiles. When I create a user and login the first time it creates the roaming profile folder yet as the administrator cannot access it. It still shows the owner as the user. I have researched this and done GPUDATE through command line before the user is created so it is not an existing user issue. Any help would be appreciated!
itsgroupincAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

darkjedi213Commented:
In group policy under "Administrative Templates\System\User Profiles" there is a setting called "Add the Administrators security group to the roaming user profile share".
0
darkjedi213Commented:
I would also like to add, using redirected folders instead of roaming profiles will save you lots of headache and increase performance (especially at login) in almost all situations.
0
itsgroupincAuthor Commented:
I tried that setting in Group Policies, that is why I am so confused... I turned it on and ran GPUPDATE, and then created a user, and it still says access denied...
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

darkjedi213Commented:
Doh, sorry, was doing two things at once and only half read your situation. Have you tried manually editing the file security for the folder that contains all your profiles and adding Administrators for "This folder, subfolders, and files"? As long as you leave CREATOR OWNER alone, it should not mess up your users' access.
0
itsgroupincAuthor Commented:
Yes I did try that and still no luck....
0
itsgroupincAuthor Commented:
All of my other group policy settings are working that i have enabled except this one, so I know the group policy is working somewhat at least. Very odd...
0
ybgrmisteamCommented:
I am currently still working on a solution to the exact same problem on a 2003 domain. The only thing I have so far is a work around. Create the local profile on a computer and copy it to the roaming profile server, then set the profile as roaming in AD.
0
llmanCommented:
Is the GPO applied on the client computer (where first login occurs)?
Per explain tab: "Note: The setting must be configured on the client computer, not the server, for it to have any effect, because the client computer sets the file share permissions for the roaming profile at creation time."
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
itsgroupincAuthor Commented:
I am a little confused about how to set the GPO on the client computer. Maybe that is what I am doing wrong. Can you point me in the right direction for setting this on the client computer please?
Thank you!
0
ybgrmisteamCommented:
On the roaming profile server run gpedit.msc and go to administrative templates->system->user profiles and then configure the "add the administrators security group to the roaming user profiles.
0
itsgroupincAuthor Commented:
I went into the server that will hold all of the roaming profiles, ran the gpedit.msc and made the changes. I then did a gpupdate and created a new user in active directory. It is still giving me access denied on the server. Permissions never changed.
0
itsgroupincAuthor Commented:
Okay I figured it out. On the user computer you need to set the same thing in GPEDIT.MSC
I enabled it and worked fine. Thank you so much!!!!
0
ybgrmisteamCommented:
You're right! It didnt work for me either, but  then I tried manually setting the policy using gpedit.msc on a test computer (the one I used to logon as the user to create the roaming profile) and it worked. From there I went into AD and set gp for each individual organizational unit (bottom level that contained the users) and now it is finally working for all computers. Thanks llman for the suggestion.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.