Solved

Changing NTFS permissions on Roaming share

Posted on 2011-03-23
6
879 Views
Last Modified: 2012-05-11
So I have inherited this network from another service company and it appears that the former admin didn't really understand group policy and NTFS permissions when it came to roaming profiles and such.  
There is an existing GPO in place that points the terminal server profiles to this share.  The profiles under this top share are all messed up as far as NTFS permissions go.  Most profiles are not inheriting, the whole thing is just broken.  My plan is to modify the actual profile share, with the proper settings, and push the settings down.  Will this have any negative effect on the existing profiles?  I have never had to correct something quite like this before.  
Once I fix this I want to enable folder redirection for documents and desktop most likely.  This part I'm not really concerned with.  It's the first part of changing so many permissions on the profile share level.  I can't afford to destroy everyone's profiles.  

Does anyone see any problems with doing this?  

The users are gettings errors when logging on sometimes about loading profiles and it looks like this is the first step to correct that.  

Any other thoughts are welcomed.
0
Comment
Question by:kloux
  • 2
  • 2
  • 2
6 Comments
 
LVL 31

Accepted Solution

by:
DrUltima earned 500 total points
ID: 35202939
As you have explained it, it should work.  I emphasized "should" because there is always room for unexpected errors.  On the other hand, you can always restore from backup or return here for further assistance if it is needed.

DrUltima
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35203084
Profile directories SHOULDN'T inherit all there permissions! Otherwise how do you say its ONLY user A's or USER B's data. Work on what the errors are that you get, give us some info.

The last this you want to do is change the permissions on the base and push them down over all the profile directories!
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 35203100
My assumption was that the "pushed" change would take place on each user's root folder, not the share root.

DrUltima
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 4

Author Comment

by:kloux
ID: 35203263
I have enabled roaming profiles before with these permissions.

- Administrators: Full Control; This folder, subfolders and files
- SYSTEM: Full Control; This folder, subfolders and files
- Authenticated Users: Create Folders/Append Data; This folder only

What if I changed the top share to these permissions and forced inheritance on the profiles folders beneath?  You don't think this would work?  What other permissions would you use for a roaming profile?  You can't be creating the profile manually every time you create a new user.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35203331
When you create the user and the profile directory it is given user specific permissions.



0
 
LVL 4

Author Comment

by:kloux
ID: 35203954
So you think changing the permission at the share level won't work?  What would I have to do to correct this issue then? It's a big mess right now and I don't want to make things worse but I need to get this functioning as it should.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remove the ability to reboot servers from helpdesk user's. 14 58
AD Replications issues 12 84
User profile Size Report 3 63
Can’t delete a file 14 136
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now