Solved

Can't access Roaming Profiles folders as an administrator

Posted on 2011-09-27
5
2,277 Views
Last Modified: 2012-05-12
Hey everyone,

I have an issue that I haven't really found a direct answer to yet.  I have a server 2008 setup with roaming profiles but I cannot access the profile folders on the server with the administrator, only the user can access the folder.  This is obviously an issue when tryign to backup the roaming folders.  If I take ownership of the folder then it prevents the user from accessing it when they log on and gives them a temporary profile.  I added administrator priviges in group policy for roaming profiles but they are currently using their systems.  I figured Id' try it tonight once they logged off but I'm not holding out hope since the folders are already created.  Even after gpuopdate /force I dont' have access.  Do I need to recreate the roaming folders now that the GPO has changed?  Am I doing something wrong?

This site has helped me so many times I love it, and as always thanks in advance!
0
Comment
Question by:blue92lx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 125 total points
ID: 36712726
This is a very common problem.  I'm afraid to say that you've left off a really important flag in the GPO.  I'll screenshot it.

 User Pofiles
I'm afraid to say that you will need to recreate their profiles in order for this new change to become effective.
0
 
LVL 10

Assisted Solution

by:abhijitwaikar
abhijitwaikar earned 125 total points
ID: 36714172
Are you using a GPO to assign the location of the roaming profile?
If so, then this behavior is expected. there's a GPO setting to allow the user exclusice rights (admin denied access) to the roaming profile that is enabled by default. You have to disable this option in order for the admin to have access. The downside is that this setting takes effect for new profiles only, not existing profiles. My recommendation would be to disable the option, pull whatever you need out of the profile, delete it, and let Windows recreate it with the appropriate permissions for the user and the administrator.

Take a look : http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 

Author Comment

by:blue92lx
ID: 36716672
I see, that's what I figured is that I'm going to have to recreate their roaming profiles.  I didn't add the GPO that Lester has circled until after the profiles were saved to the server.

Also right now I'm doing a per user setup in Active Directory, but if I use the Default Domain Policy and set it up in the "Set roaming profile path for all users logging onto this computer” that will be applied to each computer correct?  If so I'll just change it to GPO instead of Per User setup.
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36718161
Unfortunately, per user setup in Active Directory cannot obtain the benefit of the GPO I've highlighted.  You will need to do some careful planning and maybe even implementing a loopback policy, because this setting can only be applied at computer level.  A carefully placed GPO can affect workstations or terminal servers, or both :)
0
 

Author Comment

by:blue92lx
ID: 36907407
unfortunately I do not work for the company anymore that had this client.  I will accept both solutions since it did help, however I didn't ever get a chance to test it
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question