We help IT Professionals succeed at work.

Rights for Roaming Profiles

Medium Priority
398 Views
Last Modified: 2012-06-21
We have a site running 2003 Server with XP and Windows 7 PC's. They run roaming profiles and be default the administrator account doesn't have access, but if we take ownership and then reassign the user to have access as well as the administrator, it breaks the profile altogether.

Is there a nice way to ensure the administrator has access to the roaming profiles AND the user?

Is there a special rights assignment we should be assigning?

Thanks in advance.
Comment
Watch Question

Felix LevenSenior System and Databaseadministrator

Commented:
You can use group poliy to add the administrators:
Computer Configuration -> Administrative templates -> System -> User Profiles -> Add the Administrators security goup to the romaing user profile share

I think the share must be deleted and will will be recreated on next Log on/off

Author

Commented:
So best practices would be to configure this BEFORE we create profiles?

Would this affect the NTFS rights too?
Felix LevenSenior System and Databaseadministrator

Commented:
Yes GPO first and then the GPO will set access rights as needed.

Author

Commented:
Is there a way to put this in place retrospectively without trashing the existing profiles?
Felix LevenSenior System and Databaseadministrator

Commented:
Note: If the setting is enabled after the profile is created, the setting has no effect.

1) Backup local and roaming profile
2) Delete/Rename Server/Roaming Profile
3) Set the GPO to add Administrators permission to access the profiles
4) Log on to the client, Log off Client

Author

Commented:
MrGraves, sorry for the delay in my response.

Is there a step missing? As I understand it, if I followed these instructions, the profile on the local machine would be overwritten by the profile on the server and that would then get uploaded (blank profile) to the server in step 4?

After step 5 would we need to copy back the profiles from backup?

Would it not be easier to use calcs.exe or whatever it's called to take ownership of the profile directories, add administrator and the user and then login and log off? Would that work?
Senior System and Databaseadministrator
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for your help!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.