Link to home
Start Free TrialLog in
Avatar of kblackwel
kblackwel

asked on

Writing profile back to terminal server

We currently have a terminal server environment. It's set up wrong, but it does work. In trying to correctly set it up, I'm running into a problem.

I have a nfs share located at

\\domain\Home\company01\user01

\\domain\Profile\company01\user01

The company01 directories for Home and and Profile are shared to Everyone and have  Full Control

NTFS permissions are

CREATOR OWNER & System

Full Control on \\domain\Home and \\domain\Profile

Users has

Read & Execute & under special Create files, folder, write data, append data

The actual user01 directory has

Pretty much full control for user01, Creater owner, System. Users has Read & Execute & under special Create files, folder, write data, append data.

The error

EventID 1509

Windows cannot copy file C:\Documents and Settings\user01\ntuser.pol to location \\domain\Profile\company01\user01\ntuser.pol. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.

 DETAIL - Access is denied.

I only get this when I logout and attempt to write back to the nfs share.

I cannot figure out what I am doing wrong with permissions.

Thanks in advance.

Avatar of chakko
chakko
Flag of United States of America image

Here are a couple things to check.  Is the user the OWNER of the folder/files?

Users Configuration > Policies > Administrative Templates > Systems > User Profiles

    Do not check for users ownership of Roaming Profile Folders

from a MS page, maybe can help.

If you must create folders for users, make sure that you set the correct permissions. Then, clear the Grant exclusive rights to check box on the Settings tab of the Folder RedirectionProperties page. If you do not clear this check box, Folder Redirection first checks preexisting folders to determine if the user is the owner. If the administrator previously created the folder, the check fails, and redirection is cancelled. Folder Redirection logs an event in the Application event log indicating that redirection failed and that the new directories for the redirected folder cannot be created due to not being able to assign a security ID as the owner of the folder (Event ID 101).
Avatar of kblackwel
kblackwel

ASKER

Do not check for users ownership of Roaming Profile Folders

I had that not configured. Enabling or not configured produse same results.

Grant exclusive rights for My documents

Was unchecked. Checked or unchecked produce same results.
ASKER CERTIFIED SOLUTION
Avatar of chakko
chakko
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Just a reminder, when you get this sorted out make sure an admin account can still access the folders for backup purpose.
If you enable the 'Grant exclusive rights...' then it will probably block a backup access.