jjugland
asked on
TS profiles
Hello
We have a lot of ts profiles that the administrator does not have access to. So I used a simple script to take ownership of the folder, and give full access to the user, administrator and system.
When a user tries to log on, they get an error message saying it can't load user profile. A server copy with wrong permissions exists. Either the user or the administrative group must be owner.
I've tried with administrative group and administrator as owner, but still the same message. When I set the user as owner, the message disappears.
My problem is that I can't set user to owner through the batch script. Is there any command line for this? I only seem to be able to set the current logged on user or the administrative group as owner through the command line. Doing this manually is a major job....
Windows 2008 servers
We have a lot of ts profiles that the administrator does not have access to. So I used a simple script to take ownership of the folder, and give full access to the user, administrator and system.
When a user tries to log on, they get an error message saying it can't load user profile. A server copy with wrong permissions exists. Either the user or the administrative group must be owner.
I've tried with administrative group and administrator as owner, but still the same message. When I set the user as owner, the message disappears.
My problem is that I can't set user to owner through the batch script. Is there any command line for this? I only seem to be able to set the current logged on user or the administrative group as owner through the command line. Doing this manually is a major job....
Windows 2008 servers
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Base folders is %username% yes.
I will download the program and try it.
Is there a way to script makeing a user the owner?
This is what I do today:
FOR /F "eol= tokens=1,* delims=/" %%i IN (dirlist.txt) DO echo %%i>>log.txt && takeown /A /F h:\ts\%%i /R /D Y >>log.txt 2>&1
This only makes the administrative group the owner, and then when a user log on to the terminal server, an error message appears stating that it can't load user profile. either administrative o user must be the owner. So even though administrator is the owner, it won't work. It only works when the user is the owner....
I will download the program and try it.
Is there a way to script makeing a user the owner?
This is what I do today:
FOR /F "eol= tokens=1,* delims=/" %%i IN (dirlist.txt) DO echo %%i>>log.txt && takeown /A /F h:\ts\%%i /R /D Y >>log.txt 2>&1
This only makes the administrative group the owner, and then when a user log on to the terminal server, an error message appears stating that it can't load user profile. either administrative o user must be the owner. So even though administrator is the owner, it won't work. It only works when the user is the owner....
ASKER
It looks like subinacl will be able to do the thing I want. Haven't tried it, but:
subinacl /file C:\demofile.doc /setowner=MYDOMAIN\BillG looks promesing
I just need to modify it to take the foldername from the file, and make the user with the same username as folder the owner on the folder and subfolder.
Can anyone of you write that line? You probably make the correct line much faster than me..
subinacl /file C:\demofile.doc /setowner=MYDOMAIN\BillG looks promesing
I just need to modify it to take the foldername from the file, and make the user with the same username as folder the owner on the folder and subfolder.
Can anyone of you write that line? You probably make the correct line much faster than me..
these are roaming profiles? or only redirected Folder like My Documents?
For the roaming profile you can set a GPO policy to ignore the Owner requirement.
Computer Configuration / Administrative Templates / System / User Profiles
Do Not check for ownership of roaming profile folders
For the roaming profile you can set a GPO policy to ignore the Owner requirement.
Computer Configuration / Administrative Templates / System / User Profiles
Do Not check for ownership of roaming profile folders
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
one last thing, I only process user accounts that have an email address in AD
to stop that requirement remove the line
if $userinfo.mail <> ""
and also remove one of the correspondig endif lines near the 'next'
to stop that requirement remove the line
if $userinfo.mail <> ""
and also remove one of the correspondig endif lines near the 'next'
ASKER
Yes they are roaming. I'm one step closer with the subinacl.
subinacl /subdirec h:\ts\jmm /setowner=jjuc\jmm
It changes the owner of the folder jmm, but then it stalls. It doesn't change any owner on the subfolders.
If I do: subinacl /subdirec h:\ts\jmm\subdir /setowner=jjuc\jmm it will change the owner on that folder, but not any subdirs.
Any ideas to why
subinacl /subdirec h:\ts\jmm /setowner=jjuc\jmm
It changes the owner of the folder jmm, but then it stalls. It doesn't change any owner on the subfolders.
If I do: subinacl /subdirec h:\ts\jmm\subdir /setowner=jjuc\jmm it will change the owner on that folder, but not any subdirs.
Any ideas to why
ASKER
Tnx for the script. I'll take a look at it :)
ASKER
Chakko: tnx. Now I am able to do what I wanted.
One line in your scripts is exactly what I needed. I didn't know that icalcs hat the setowner options.
I tried that one, and everything worked like a charm.
Big tnx
One line in your scripts is exactly what I needed. I didn't know that icalcs hat the setowner options.
I tried that one, and everything worked like a charm.
Big tnx
if you use my script it will search AD for a username to match the FolderName and process it. It searches or processes all active/enabled accounts.
In the folder redirection policy, on the Settings tab, remove the check box for 'Grant user exclusive rights...'
In the very top folder add your administrator or group to the permissions. Then check if they inherate / propagate down to the subfolders.
If you can access the sub folder == the user folders then it should be good.
I can help with a script if your folder names === user names