Windows Server 2003
--
Questions
--
Followers
Top Experts
Roaming profile not accessable
I changed a users client profile to roaming and logged the client onto a win2003 server. When logging off I had an error message that the profile could not be written to.
(At this point all user login's are being done from one client machine.)
On the server, the users directory was created (which was not there before the login).
As administrator, on the server, I could not gain access to the client's profile. Get "you do not have permission to view or edit the current permission settings for...."
When I continue into the security properties for that folder I find:
Security - no shown groups nor the ability to add any
Advanced - no permissions nor the ability to add any
Owners - shows the administrator(s)
Effective permissions - will not accept
I even tried making the user an administrator for a login but no difference.
Cannot delete the directory. User not showing active on the server. Re-booted the server, still cannot gain access to directory.
Do have other users with roaming directories.
Anyone have any thoughts?
Paul
(At this point all user login's are being done from one client machine.)
On the server, the users directory was created (which was not there before the login).
As administrator, on the server, I could not gain access to the client's profile. Get "you do not have permission to view or edit the current permission settings for...."
When I continue into the security properties for that folder I find:
Security - no shown groups nor the ability to add any
Advanced - no permissions nor the ability to add any
Owners - shows the administrator(s)
Effective permissions - will not accept
I even tried making the user an administrator for a login but no difference.
Cannot delete the directory. User not showing active on the server. Re-booted the server, still cannot gain access to directory.
Do have other users with roaming directories.
Anyone have any thoughts?
Paul
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Unless you create the empty folder for the user's profile, it will be created by the user upon logoff.
The issue is unless you have a GPO set to add the Administrators group to the roaming profile, even an administrator will not be able to view the contents nor the security settings. The administrator however, can take ownership of the files add the administrators group and then transfer the ownership back to the user.
The GPO is computer configuration\administrati
add the administrators security group to the roaming profiles.
If you do not have GPMC, you should consider getting it at http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
A user that logs into a workstation and then into a server, using roaming profiles will run into trouble.
If access to the server is via terminal service, a separate terminal service profile should be used.
The issue is unless you have a GPO set to add the Administrators group to the roaming profile, even an administrator will not be able to view the contents nor the security settings. The administrator however, can take ownership of the files add the administrators group and then transfer the ownership back to the user.
The GPO is computer configuration\administrati
add the administrators security group to the roaming profiles.
If you do not have GPMC, you should consider getting it at http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
A user that logs into a workstation and then into a server, using roaming profiles will run into trouble.
If access to the server is via terminal service, a separate terminal service profile should be used.
I understand.
The problem is the directory was created on exit, but the system says it cannot write to it, which is strange as other users I have created have not had a problem.
As administrator, I cannot take ownership to it as I have with other profiles.
Please expand on what you are saying by "A user that logs into a workstation and then into a server, using roaming profiles will run into trouble." This was an existing user with a local profile where it was changed to roaming, logged out of the local mode, and onto the server.
Paul
The problem is the directory was created on exit, but the system says it cannot write to it, which is strange as other users I have created have not had a problem.
As administrator, I cannot take ownership to it as I have with other profiles.
Please expand on what you are saying by "A user that logs into a workstation and then into a server, using roaming profiles will run into trouble." This was an existing user with a local profile where it was changed to roaming, logged out of the local mode, and onto the server.
Paul
The ntuser.dat will get "corrupted" and will cause issues accessing network resources when on the workstation/server.
you have \\server\userprofiles\%use
What are the permission settings on the \\server\userprofiles?
The problem might be that \server\userprofiles has a restricrtive policy.
Previously you created the \\server\userprofiles\%use
This time, the system to which the user is logged in is trying to create the directory upon logout with the user's permissions and this is a problem if the user does not have write rights to \\server\userprofiles\ to create the %username% directory.
Double check what the share permissions and the security permissions are on the \\server\userprofiles directory.
you have \\server\userprofiles\%use
What are the permission settings on the \\server\userprofiles?
The problem might be that \server\userprofiles has a restricrtive policy.
Previously you created the \\server\userprofiles\%use
This time, the system to which the user is logged in is trying to create the directory upon logout with the user's permissions and this is a problem if the user does not have write rights to \\server\userprofiles\ to create the %username% directory.
Double check what the share permissions and the security permissions are on the \\server\userprofiles directory.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
arnold i had the same problem and i had to escalate the problem. I had exactly the same problem and i checked the sharing and security permissions and every thing looked alright to me, but couldn't. I asked my admin how he fixed same story I am busy I will tell you later. nothing every thing sort of greyed out
pathing for profile is fine including %username%
Profile directory:
Permissions
Administrators = F C R
System = F C R
Users = F C R
Security
Administrators = F M R&E L R W
System = F M R&E L R W
Users = F M R&E L R W
This is a new system, so at this point, I am the only one with access to it.
Note: The directory structure is created, the problem seems to be when (some) data is being written to it.
I took ownership and tried to delete the profile on the server. Everything deleted except one file, ntuser.pol, which will not delete. The system will not let me change any attributes to that file. What can I do to get rid of it?
My thought at this point was to blow the profile completely away and try again on the possibility of something being corrupted.
I do have the profile directory two deep in the structure which has not been a problem with other users I have tested. Ie: \\server\userdata\profiles
Paul
Profile directory:
Permissions
Administrators = F C R
System = F C R
Users = F C R
Security
Administrators = F M R&E L R W
System = F M R&E L R W
Users = F M R&E L R W
This is a new system, so at this point, I am the only one with access to it.
Note: The directory structure is created, the problem seems to be when (some) data is being written to it.
I took ownership and tried to delete the profile on the server. Everything deleted except one file, ntuser.pol, which will not delete. The system will not let me change any attributes to that file. What can I do to get rid of it?
My thought at this point was to blow the profile completely away and try again on the possibility of something being corrupted.
I do have the profile directory two deep in the structure which has not been a problem with other users I have tested. Ie: \\server\userdata\profiles
Paul
Double check and make sure that the security permissions on the profiles directory matches the security settings on the c:\documents and settings directory.
Add to the sharing permissions the Everyone group with FCR
The other user's account you copied from an existing system.
Add to the sharing permissions the Everyone group with FCR
The other user's account you copied from an existing system.
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Arnold,
How do I delete the ntuser.pol?
Paul
How do I delete the ntuser.pol?
Paul
ntuser.dat, you just delete it an the ntuser.log from the user's roaming profile directory.
The ntuser.dat if missing is recreated upon logon. If you want to take some precautions, change the name from ntuser.dat to ntuser.back and the same with the ntuser.log.
The server's ntuser.dat could prevent the update from a workstations update to ntuser.dat.
The ntuser.dat if missing is recreated upon logon. If you want to take some precautions, change the name from ntuser.dat to ntuser.back and the same with the ntuser.log.
The server's ntuser.dat could prevent the update from a workstations update to ntuser.dat.
Arnold,
The problem is the ntuser.pol will not delete. I keep getting "cannot delete ntuser.pol access is denied"
It is sitting there as a HSR and will not allow me to change attributes or delete.
User is not logged in, and I have rebooted, still no go.
Paul
The problem is the ntuser.pol will not delete. I keep getting "cannot delete ntuser.pol access is denied"
It is sitting there as a HSR and will not allow me to change attributes or delete.
User is not logged in, and I have rebooted, still no go.
Paul
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Arnold,
I found zap.exe which allowed me to delete ntuser.pol. But the empty directory is still being used by a process. Any thoughts on getting it deleted?
Paul
I found zap.exe which allowed me to delete ntuser.pol. But the empty directory is still being used by a process. Any thoughts on getting it deleted?
Paul
On the server where the share is? What is using it? You could through computer management see what is using that share and has the particular file/directory open. You could then disconnect that session and see if there is a difference.
Do you have an anti-virus on the server that might also be what is trying to scan those documents before they are written.
Do you have an anti-virus on the server that might also be what is trying to scan those documents before they are written.
Arnold,
As I sit here with a red face........ Working remotely but found a session left open on the local server.....by me!
Will not be able to get back to the profile creation issue for a day or so, will update then.
Paul
As I sit here with a red face........ Working remotely but found a session left open on the local server.....by me!
Will not be able to get back to the profile creation issue for a day or so, will update then.
Paul
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Windows Server 2003
--
Questions
--
Followers
Top Experts
Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).