Rights for Roaming Profiles

We have a site running 2003 Server with XP and Windows 7 PC's. They run roaming profiles and be default the administrator account doesn't have access, but if we take ownership and then reassign the user to have access as well as the administrator, it breaks the profile altogether.

Is there a nice way to ensure the administrator has access to the roaming profiles AND the user?

Is there a special rights assignment we should be assigning?

Thanks in advance.
Who is Participating?
Felix LevenConnect With a Mentor Senior System and DatabaseadministratorCommented:
Yes an new pofile is created on the profile share (server) and administrators are allowed to access it.

The profile on the Server is older then the local profile and if the client logs off/shuts down his computer the first time, the newest versions is saved to the profile share on the server (if no profile is available, it is created).

The User needs to be the owner of the Profile Folder!
Felix LevenSenior System and DatabaseadministratorCommented:
You can use group poliy to add the administrators:
Computer Configuration -> Administrative templates -> System -> User Profiles -> Add the Administrators security goup to the romaing user profile share

I think the share must be deleted and will will be recreated on next Log on/off
networknAuthor Commented:
So best practices would be to configure this BEFORE we create profiles?

Would this affect the NTFS rights too?
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Felix LevenSenior System and DatabaseadministratorCommented:
Yes GPO first and then the GPO will set access rights as needed.
networknAuthor Commented:
Is there a way to put this in place retrospectively without trashing the existing profiles?
Felix LevenSenior System and DatabaseadministratorCommented:
Note: If the setting is enabled after the profile is created, the setting has no effect.

1) Backup local and roaming profile
2) Delete/Rename Server/Roaming Profile
3) Set the GPO to add Administrators permission to access the profiles
4) Log on to the client, Log off Client
networknAuthor Commented:
MrGraves, sorry for the delay in my response.

Is there a step missing? As I understand it, if I followed these instructions, the profile on the local machine would be overwritten by the profile on the server and that would then get uploaded (blank profile) to the server in step 4?

After step 5 would we need to copy back the profiles from backup?

Would it not be easier to use calcs.exe or whatever it's called to take ownership of the profile directories, add administrator and the user and then login and log off? Would that work?
networknAuthor Commented:
Thanks for your help!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.