File & Folder Attributes on Roaming Profiles


I support Roaming Profiles for my employer.  I recently discovered that user did not have Full Control permissions on their own profiles on the servers nor was the local system account on the ACL for Full Control either.  I am in the midst of fixing this as it was set like this before my time.  My question is that many files and folders are in read-only and hidden in their profiles.  I read that they are supposed to be read-only but when the users log-off and the workstation syncs up to the server I would think this would cause issues.  I noticed this when we would get some corrupted profiles.  It is happening semi-often.  Thanks for your assistance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Some profile folders are hidden by default, as you can easily check by looking at a regular local profile.
The Read-Only attribute on folders can be ignored, it's just a flag that it's customized:
You cannot view or change the Read-only or the System attributes of folders in Windows Server 2003, in Windows XP, or in Windows Vista
Neither would be a reason for sync problems.
What are the symptoms of the profiles getting corrupt?
pizzaman7ConsultantAuthor Commented:
Local workstation will give the error message that it cannot locate their roaming profile and they get the default "Temp" profile that is missing a lot of course.  In the roaming profile the ntuser.dat file is truncated to 256K.  We end up rebuilding their Windows profile by renaming both their local and roaming profile and have them log in again.

I have recently got approval for UPH Clean to be deployed enterprise-wide and that is out there now.  I have some problem people who log into public machines with dozens of other people.  I have experimented with the local not propagating back up to the server and the local profile getting deleted after every logout.

I think the root cause is most likely the Full Control and the System account missing from the ACL.  If you think the read-only and hidden attributes are fine I won't worry about it.  What do you think ?
If the Read-Only checkbox is "full", don't worry about it--it's not the "real" attribute for folders, you can just use it to set/reset the attribute on files in or below the folder, as explained in the article above.
The UPHCleanup service should help some.
Some other things that might help:
* Do NOT use redirected folders that are pointing into a folder in the profile folder. Use different shares and a different folder structure for redirected folders/home drive and profiles.
* On the profile folder share, disable the "Make available offline" property.
The Cache Option for Offline Files Must Be Disabled on Roaming User Profile Shares

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pizzaman7ConsultantAuthor Commented:

Thanks.  I am going to double-check your other recommendations as well.  Hopefully I can get the roaming profiles as smooth as well all know they are a chore to deal with !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IT Administration

From novice to tech pro — start learning today.