I am running Windows 2003 Terminal Servers with roaming profiles. I inherited the system and have noticed a script runs at login. It's causing crazy Disk Queue lengths and slowing everyone down as everyone logs into the systems around the same time. The script is called "RomProfEntSec" and the command line is:
icacls \\server\Profilesharename\%username%.domain /grant *S-1-5-21-790525478-1563985344-1801674531-519:(F) /T
Is there a way to identify who the SID belongs to in my domain? Is this really necessary to run upon login? If the user is new, the script runs in a couple seconds. if you've been here for several years it takes 30+ minutes to touch your entire profile including *.tmp and cookies, etc.