File & Folder Attributes on Roaming Profiles


I support Roaming Profiles for my employer.  I recently discovered that user did not have Full Control permissions on their own profiles on the servers nor was the local system account on the ACL for Full Control either.  I am in the midst of fixing this as it was set like this before my time.  My question is that many files and folders are in read-only and hidden in their profiles.  I read that they are supposed to be read-only but when the users log-off and the workstation syncs up to the server I would think this would cause issues.  I noticed this when we would get some corrupted profiles.  It is happening semi-often.  Thanks for your assistance.
Who is Participating?
oBdAConnect With a Mentor Commented:
If the Read-Only checkbox is "full", don't worry about it--it's not the "real" attribute for folders, you can just use it to set/reset the attribute on files in or below the folder, as explained in the article above.
The UPHCleanup service should help some.
Some other things that might help:
* Do NOT use redirected folders that are pointing into a folder in the profile folder. Use different shares and a different folder structure for redirected folders/home drive and profiles.
* On the profile folder share, disable the "Make available offline" property.
The Cache Option for Offline Files Must Be Disabled on Roaming User Profile Shares
Some profile folders are hidden by default, as you can easily check by looking at a regular local profile.
The Read-Only attribute on folders can be ignored, it's just a flag that it's customized:
You cannot view or change the Read-only or the System attributes of folders in Windows Server 2003, in Windows XP, or in Windows Vista
Neither would be a reason for sync problems.
What are the symptoms of the profiles getting corrupt?
pizzaman7ConsultantAuthor Commented:
Local workstation will give the error message that it cannot locate their roaming profile and they get the default "Temp" profile that is missing a lot of course.  In the roaming profile the ntuser.dat file is truncated to 256K.  We end up rebuilding their Windows profile by renaming both their local and roaming profile and have them log in again.

I have recently got approval for UPH Clean to be deployed enterprise-wide and that is out there now.  I have some problem people who log into public machines with dozens of other people.  I have experimented with the local not propagating back up to the server and the local profile getting deleted after every logout.

I think the root cause is most likely the Full Control and the System account missing from the ACL.  If you think the read-only and hidden attributes are fine I won't worry about it.  What do you think ?
pizzaman7ConsultantAuthor Commented:

Thanks.  I am going to double-check your other recommendations as well.  Hopefully I can get the roaming profiles as smooth as well all know they are a chore to deal with !
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.