File & Folder Attributes on Roaming Profiles
Hi,
I support Roaming Profiles for my employer. I recently discovered that user did not have Full Control permissions on their own profiles on the servers nor was the local system account on the ACL for Full Control either. I am in the midst of fixing this as it was set like this before my time. My question is that many files and folders are in read-only and hidden in their profiles. I read that they are supposed to be read-only but when the users log-off and the workstation syncs up to the server I would think this would cause issues. I noticed this when we would get some corrupted profiles. It is happening semi-often. Thanks for your assistance.
I support Roaming Profiles for my employer. I recently discovered that user did not have Full Control permissions on their own profiles on the servers nor was the local system account on the ACL for Full Control either. I am in the midst of fixing this as it was set like this before my time. My question is that many files and folders are in read-only and hidden in their profiles. I read that they are supposed to be read-only but when the users log-off and the workstation syncs up to the server I would think this would cause issues. I noticed this when we would get some corrupted profiles. It is happening semi-often. Thanks for your assistance.
ASKER
Local workstation will give the error message that it cannot locate their roaming profile and they get the default "Temp" profile that is missing a lot of course. In the roaming profile the ntuser.dat file is truncated to 256K. We end up rebuilding their Windows profile by renaming both their local and roaming profile and have them log in again.
I have recently got approval for UPH Clean to be deployed enterprise-wide and that is out there now. I have some problem people who log into public machines with dozens of other people. I have experimented with the local not propagating back up to the server and the local profile getting deleted after every logout.
I think the root cause is most likely the Full Control and the System account missing from the ACL. If you think the read-only and hidden attributes are fine I won't worry about it. What do you think ?
I have recently got approval for UPH Clean to be deployed enterprise-wide and that is out there now. I have some problem people who log into public machines with dozens of other people. I have experimented with the local not propagating back up to the server and the local profile getting deleted after every logout.
I think the root cause is most likely the Full Control and the System account missing from the ACL. If you think the read-only and hidden attributes are fine I won't worry about it. What do you think ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
oBdA,
Thanks. I am going to double-check your other recommendations as well. Hopefully I can get the roaming profiles as smooth as possible.....as well all know they are a chore to deal with !
Thanks. I am going to double-check your other recommendations as well. Hopefully I can get the roaming profiles as smooth as possible.....as well all know they are a chore to deal with !
The Read-Only attribute on folders can be ignored, it's just a flag that it's customized:
You cannot view or change the Read-only or the System attributes of folders in Windows Server 2003, in Windows XP, or in Windows Vista
http://support.microsoft.com/kb/326549
Neither would be a reason for sync problems.
What are the symptoms of the profiles getting corrupt?