Solved

Group policy settings for a roaming profile

Posted on 2008-10-27
13
2,241 Views
Last Modified: 2012-06-27
Hello,
I am running a windows server 2008 enviornment with Active directory. I have created my OU and put and added a group policy. I have a file server that houses all roaming profiles. I have gone into group policy settings and enabled under computer config/admin templates/system/user profiles, the add administrators security group to roaming user profiles. When I create a user and login the first time it creates the roaming profile folder yet as the administrator cannot access it. It still shows the owner as the user. I have researched this and done GPUDATE through command line before the user is created so it is not an existing user issue. Any help would be appreciated!
0
Comment
Question by:itsgroupinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
  • +1
13 Comments
 
LVL 4

Expert Comment

by:darkjedi213
ID: 22815981
In group policy under "Administrative Templates\System\User Profiles" there is a setting called "Add the Administrators security group to the roaming user profile share".
0
 
LVL 4

Expert Comment

by:darkjedi213
ID: 22816023
I would also like to add, using redirected folders instead of roaming profiles will save you lots of headache and increase performance (especially at login) in almost all situations.
0
 

Author Comment

by:itsgroupinc
ID: 22816068
I tried that setting in Group Policies, that is why I am so confused... I turned it on and ran GPUPDATE, and then created a user, and it still says access denied...
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:darkjedi213
ID: 22816306
Doh, sorry, was doing two things at once and only half read your situation. Have you tried manually editing the file security for the folder that contains all your profiles and adding Administrators for "This folder, subfolders, and files"? As long as you leave CREATOR OWNER alone, it should not mess up your users' access.
0
 

Author Comment

by:itsgroupinc
ID: 22816353
Yes I did try that and still no luck....
0
 

Author Comment

by:itsgroupinc
ID: 22816384
All of my other group policy settings are working that i have enabled except this one, so I know the group policy is working somewhat at least. Very odd...
0
 

Expert Comment

by:ybgrmisteam
ID: 22826496
I am currently still working on a solution to the exact same problem on a 2003 domain. The only thing I have so far is a work around. Create the local profile on a computer and copy it to the roaming profile server, then set the profile as roaming in AD.
0
 
LVL 6

Accepted Solution

by:
llman earned 250 total points
ID: 22827861
Is the GPO applied on the client computer (where first login occurs)?
Per explain tab: "Note: The setting must be configured on the client computer, not the server, for it to have any effect, because the client computer sets the file share permissions for the roaming profile at creation time."
0
 

Author Comment

by:itsgroupinc
ID: 22832013
I am a little confused about how to set the GPO on the client computer. Maybe that is what I am doing wrong. Can you point me in the right direction for setting this on the client computer please?
Thank you!
0
 

Assisted Solution

by:ybgrmisteam
ybgrmisteam earned 250 total points
ID: 22832869
On the roaming profile server run gpedit.msc and go to administrative templates->system->user profiles and then configure the "add the administrators security group to the roaming user profiles.
0
 

Author Comment

by:itsgroupinc
ID: 22832993
I went into the server that will hold all of the roaming profiles, ran the gpedit.msc and made the changes. I then did a gpupdate and created a new user in active directory. It is still giving me access denied on the server. Permissions never changed.
0
 

Author Comment

by:itsgroupinc
ID: 22833078
Okay I figured it out. On the user computer you need to set the same thing in GPEDIT.MSC
I enabled it and worked fine. Thank you so much!!!!
0
 

Expert Comment

by:ybgrmisteam
ID: 22833307
You're right! It didnt work for me either, but  then I tried manually setting the policy using gpedit.msc on a test computer (the one I used to logon as the user to create the roaming profile) and it worked. From there I went into AD and set gp for each individual organizational unit (bottom level that contained the users) and now it is finally working for all computers. Thanks llman for the suggestion.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question