Admin cannot access user profile folder.

Posted on 2010-01-05
Last Modified: 2012-06-27
When we recently created a profile for a user they could login fine however we could not access their folder as admin within the server. If we added admin priviledges to the folder we could access it however the user could then no longer login correctly. Finally if we delete the folder and the user logs in then a new folder appears to which we as admin cannot access yet the user successfully logs in.

Any suggestions what this could be?

Regards, Rob
Question by:alumwell
    LVL 17

    Expert Comment

    What are the permission on the root folder (folder above the user home folder).
    You should give admin permissions to the root folder and propagate to every subfolder/files beneath it.
    LVL 27

    Expert Comment

    Hi there,

    We're talking romain profiles right? This is by design. The folder is created giving the user sole access to the folder for security reasons. If you take ownership and grant yourself access it wipes all previous permissions.

    You can pre-create the folder with the required permissions and that will stop the system creating it with exclusive access to the user.

    LVL 33

    Expert Comment

    "Finally if we delete the folder and the user logs in then a new folder appears to which we as admin cannot access yet the user successfully logs in. "  Are you trying this when the admin logs locally on the server?  or through a share?  

    I would agree, this sounds like a permissions problem... I would guess that there is a share that is preventing the admin for accessing the data through the share.  However, if you try to access the data through an admin share (or locally), I think you might have access.  i.e. \\servername\d$ instead of \\servername\usershare.
    LVL 27

    Expert Comment

    romain = roaming (!)
    LVL 28

    Accepted Solution

    Admins have no default access to roaming profiles. This is by design. To change that, read quinla01's tip:


    Author Comment

    We have found that you cannot pre-create the folder itself. PeakPeak points to the fact that it appears to be the workstations that create the profile folder in which permission would have to be granted there for the admins.

    Is there any other solutions else I will accept peakpeaks answer, many thanks.
    LVL 27

    Expert Comment

    You  can pre-create the folder in the share if you wish before the profile is created. If the folder already exists the computer will not create one or change permissions.

    This will work to grant you access to one folder. If you want to grant yourself access to ALL users folders then use the GPO setting linked above.

    I'm not sure that this will afftect existing folders as the permissions are set at creation time.

    LVL 7

    Assisted Solution


    I am assuming that we are talking about roaming profiles:
    When the user profile is loaded, the owenership is checked. If the user is not the owener of the folder, the profile is not loaded and an error is displayed "The profile could not be loaded". You can controll this behaviour by a group policy :

    Also, if you want to just see the contents of the folders, just do this: Take ownership of the folder,  (Make sure that the user does not log in during this), give yourself full rights on the folder and then give the ownership back to the original user. (Now the user can log in).
    BUT: This is a bit risky as it created some issues 1 out of ten times when I did it in my test labs.



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now