[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Can't access Roaming Profiles folders as an administrator

Posted on 2011-09-27
5
Medium Priority
?
2,897 Views
Last Modified: 2012-05-12
Hey everyone,

I have an issue that I haven't really found a direct answer to yet.  I have a server 2008 setup with roaming profiles but I cannot access the profile folders on the server with the administrator, only the user can access the folder.  This is obviously an issue when tryign to backup the roaming folders.  If I take ownership of the folder then it prevents the user from accessing it when they log on and gives them a temporary profile.  I added administrator priviges in group policy for roaming profiles but they are currently using their systems.  I figured Id' try it tonight once they logged off but I'm not holding out hope since the folders are already created.  Even after gpuopdate /force I dont' have access.  Do I need to recreate the roaming folders now that the GPO has changed?  Am I doing something wrong?

This site has helped me so many times I love it, and as always thanks in advance!
0
Comment
Question by:blue92lx
  • 2
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 500 total points
ID: 36712726
This is a very common problem.  I'm afraid to say that you've left off a really important flag in the GPO.  I'll screenshot it.

 User Pofiles
I'm afraid to say that you will need to recreate their profiles in order for this new change to become effective.
0
 
LVL 10

Assisted Solution

by:abhijitwaikar
abhijitwaikar earned 500 total points
ID: 36714172
Are you using a GPO to assign the location of the roaming profile?
If so, then this behavior is expected. there's a GPO setting to allow the user exclusice rights (admin denied access) to the roaming profile that is enabled by default. You have to disable this option in order for the admin to have access. The downside is that this setting takes effect for new profiles only, not existing profiles. My recommendation would be to disable the option, pull whatever you need out of the profile, delete it, and let Windows recreate it with the appropriate permissions for the user and the administrator.

Take a look : http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 

Author Comment

by:blue92lx
ID: 36716672
I see, that's what I figured is that I'm going to have to recreate their roaming profiles.  I didn't add the GPO that Lester has circled until after the profiles were saved to the server.

Also right now I'm doing a per user setup in Active Directory, but if I use the Default Domain Policy and set it up in the "Set roaming profile path for all users logging onto this computer” that will be applied to each computer correct?  If so I'll just change it to GPO instead of Per User setup.
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36718161
Unfortunately, per user setup in Active Directory cannot obtain the benefit of the GPO I've highlighted.  You will need to do some careful planning and maybe even implementing a loopback policy, because this setting can only be applied at computer level.  A carefully placed GPO can affect workstations or terminal servers, or both :)
0
 

Author Comment

by:blue92lx
ID: 36907407
unfortunately I do not work for the company anymore that had this client.  I will accept both solutions since it did help, however I didn't ever get a chance to test it
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question