Solved

Can't access Roaming Profiles folders as an administrator

Posted on 2011-09-27
5
2,167 Views
Last Modified: 2012-05-12
Hey everyone,

I have an issue that I haven't really found a direct answer to yet.  I have a server 2008 setup with roaming profiles but I cannot access the profile folders on the server with the administrator, only the user can access the folder.  This is obviously an issue when tryign to backup the roaming folders.  If I take ownership of the folder then it prevents the user from accessing it when they log on and gives them a temporary profile.  I added administrator priviges in group policy for roaming profiles but they are currently using their systems.  I figured Id' try it tonight once they logged off but I'm not holding out hope since the folders are already created.  Even after gpuopdate /force I dont' have access.  Do I need to recreate the roaming folders now that the GPO has changed?  Am I doing something wrong?

This site has helped me so many times I love it, and as always thanks in advance!
0
Comment
Question by:blue92lx
  • 2
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 125 total points
ID: 36712726
This is a very common problem.  I'm afraid to say that you've left off a really important flag in the GPO.  I'll screenshot it.

 User Pofiles
I'm afraid to say that you will need to recreate their profiles in order for this new change to become effective.
0
 
LVL 10

Assisted Solution

by:abhijitwaikar
abhijitwaikar earned 125 total points
ID: 36714172
Are you using a GPO to assign the location of the roaming profile?
If so, then this behavior is expected. there's a GPO setting to allow the user exclusice rights (admin denied access) to the roaming profile that is enabled by default. You have to disable this option in order for the admin to have access. The downside is that this setting takes effect for new profiles only, not existing profiles. My recommendation would be to disable the option, pull whatever you need out of the profile, delete it, and let Windows recreate it with the appropriate permissions for the user and the administrator.

Take a look : http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 

Author Comment

by:blue92lx
ID: 36716672
I see, that's what I figured is that I'm going to have to recreate their roaming profiles.  I didn't add the GPO that Lester has circled until after the profiles were saved to the server.

Also right now I'm doing a per user setup in Active Directory, but if I use the Default Domain Policy and set it up in the "Set roaming profile path for all users logging onto this computerā€ that will be applied to each computer correct?  If so I'll just change it to GPO instead of Per User setup.
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36718161
Unfortunately, per user setup in Active Directory cannot obtain the benefit of the GPO I've highlighted.  You will need to do some careful planning and maybe even implementing a loopback policy, because this setting can only be applied at computer level.  A carefully placed GPO can affect workstations or terminal servers, or both :)
0
 

Author Comment

by:blue92lx
ID: 36907407
unfortunately I do not work for the company anymore that had this client.  I will accept both solutions since it did help, however I didn't ever get a chance to test it
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā€¦
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question