Can't access Roaming Profiles folders as an administrator

Hey everyone,

I have an issue that I haven't really found a direct answer to yet.  I have a server 2008 setup with roaming profiles but I cannot access the profile folders on the server with the administrator, only the user can access the folder.  This is obviously an issue when tryign to backup the roaming folders.  If I take ownership of the folder then it prevents the user from accessing it when they log on and gives them a temporary profile.  I added administrator priviges in group policy for roaming profiles but they are currently using their systems.  I figured Id' try it tonight once they logged off but I'm not holding out hope since the folders are already created.  Even after gpuopdate /force I dont' have access.  Do I need to recreate the roaming folders now that the GPO has changed?  Am I doing something wrong?

This site has helped me so many times I love it, and as always thanks in advance!
blue92lxAsked:
Who is Participating?
 
Lester_ClaytonCommented:
This is a very common problem.  I'm afraid to say that you've left off a really important flag in the GPO.  I'll screenshot it.

 User Pofiles
I'm afraid to say that you will need to recreate their profiles in order for this new change to become effective.
0
 
abhijitwaikarCommented:
Are you using a GPO to assign the location of the roaming profile?
If so, then this behavior is expected. there's a GPO setting to allow the user exclusice rights (admin denied access) to the roaming profile that is enabled by default. You have to disable this option in order for the admin to have access. The downside is that this setting takes effect for new profiles only, not existing profiles. My recommendation would be to disable the option, pull whatever you need out of the profile, delete it, and let Windows recreate it with the appropriate permissions for the user and the administrator.

Take a look : http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 
blue92lxAuthor Commented:
I see, that's what I figured is that I'm going to have to recreate their roaming profiles.  I didn't add the GPO that Lester has circled until after the profiles were saved to the server.

Also right now I'm doing a per user setup in Active Directory, but if I use the Default Domain Policy and set it up in the "Set roaming profile path for all users logging onto this computer” that will be applied to each computer correct?  If so I'll just change it to GPO instead of Per User setup.
0
 
Lester_ClaytonCommented:
Unfortunately, per user setup in Active Directory cannot obtain the benefit of the GPO I've highlighted.  You will need to do some careful planning and maybe even implementing a loopback policy, because this setting can only be applied at computer level.  A carefully placed GPO can affect workstations or terminal servers, or both :)
0
 
blue92lxAuthor Commented:
unfortunately I do not work for the company anymore that had this client.  I will accept both solutions since it did help, however I didn't ever get a chance to test it
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.