Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows Can not update your roaming profil

Posted on 2011-09-02
5
Medium Priority
?
521 Views
Last Modified: 2012-08-13
please help me it very urgent
I have Active Directory 2003 and XP machines
every log In I have this error:
""Windows Can not update your roaming profile. as possible causes of this error include network or Problems Insufficient security rights. If this problem persists, contact your network administrator""
by cons I can access on the profile of direct chemein \\Server\Profiles$\user

Thank you for helping me
0
Comment
Question by:DRRAM
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36476660
Make sure you don't inherit security settings from the parent folder, and copy all settings down to all the subs under the Profile folder.

Removed the inherited settings down the directory tree, give minimal rights where possible on the share(Administrators - full control, Users and Everyone - read and execute, but give each individual user full control on their individual profile folders.
0
 
LVL 6

Expert Comment

by:joeyfaz
ID: 36478675
Were there any changes made to the path of the roaming profile updates? Any security changes in the share? or the physical share on the server? Does this happen on a fresh xp workstation where the user has never logged onto?
0
 

Author Comment

by:DRRAM
ID: 36479026
No, no change concernong points you list and No, user was logged onto already  
the probleme arrived after the substitution of file server  which contains the users profiles
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 2000 total points
ID: 36479341
It seems to be the permission issue on the server check the permission on the profile created.
http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx.

As the server is substituted check that roaming profile policy is configured correctly.Check the profile path and permission on the server.
http://support.microsoft.com/kb/316353


********************
General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)

2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.

3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field

4. Have each user log into the domain once - if this is an existing user
with a profile you wish to keep, have them log in at their usual
workstationand log out. The profile is now roaming.

5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
profiles permissions. Do this *before* the users' roaming profile folders
are created - it isn't retroactive.

********************
0
 

Author Closing Comment

by:DRRAM
ID: 36557001
thx
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question