[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

AD profile path problem

Scenario: W2K3 Ent Ed server with TS, AD and GPO. Each user has a profile path in AD of d:\profiles\company.  GPO limits the icons on the desktop and menu as well as access to the control panel, run and shutdown commands.

Problem: The user logs in and picks up a copy of the profile from the correct path and GPO appears to be working correctly, BUT only if the user is a member of the Administrators group.  If not, then the user picks up a default profile and GPO doesn't seem to apply any restrictions.

The d:\profiles directory has full access to all users.  We are moving this new server in the next couple of days and need to get this issue resolved soon.  The AD, GPO and profilespaths  are identical to the server we are migrating from which works fine but it's not Ent Ed.
0
dananorman
Asked:
dananorman
  • 2
  • 2
1 Solution
 
winthropjCommented:
Check the permissions on the .dat or .man file.
Not sure why GPO will not apply.
0
 
chrishudson123Commented:
This is permission related issue
First give "Everyone" read,write "share level permission to Ur profile share.Then when you updatethe profile path please use the below syntax
\\<serverName>\<ProfileShareName>\%username%
If you add %username%,when the user logs in the new profille will be created and the logged in user will be the owner of that folder.


0
 
dananormanAuthor Commented:
The .dat file has full control permission to everyone, domain users and users.  The profile path directory is not set up as a share and I am not creating individual directories for roaming profiles.  There are only 5 profile directories and each user picks up one of them depending on the company they work for.
0
 
chrishudson123Commented:
then this is not roaming profile....bit confused of logins...so U have only one computer????????..roaming profile means the profile settings are stored n one central location and users will pullout it from that share..any way let me try to find a work around...change the ownership of the profile directories to corresponding Users..you can use subinacl to change the ownership
refer http://support.microsoft.com/kb/265360 for subinacl syntax
0
 
dananormanAuthor Commented:
Sorry for the delay on this question.  I ended up calling (and paying for) Microsoft to troubleshoot the profile/GPO policy.  As it turns out, Group Policy Management had to be reinstalled, the default policy re-generated and then reapplied to the authenticated users.  Also, need to make sure the profile paths are populated by using the 'Copy to' button under System Properties\User Profiles in My Computer.  Be sure to set the correction group or user in the permissions before hitting the copy button!  Do no just copy the files from directory to directory.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now