Specifying Default Permissions for roaming profiles and documents folders

Posted on 2012-08-22
Last Modified: 2012-08-27
Currently GP only gives the user permissions to his/her "profiles" and "documents" folders when he/she logs in for the first time and the folders are created.  How can I specify the permissions I want GP to give the folders when it creates them?  I want both the local administrators group and the domain admins group to have permissions along with the user.  I tried the following setting ...
"config/policies/admin templates/system/user profile:add the admin security group to roaming user profiles"
But that didn't do what I want it to do.  I also tried setting inheritable permissions on the parent folder of these folders, but the folders got added without "inherit permissions" checked, and I had to take ownership of the folders to check the "inherit permissions" boxes and then set ownership back to the user.
Question by:Declan_Basile
    LVL 12

    Accepted Solution

    Hi ,

    I see what you issue that you facing. Ideally inherit permission from parent would work when a new folder is created underneath it, i would say test it once again in a test environment.

    Another option is to use script and make use of setACL.exe and TakeOwn.exe (may not be required) resource kit tools and run at specific intervals to grant the required permissions.

    Navdeep [v-2nas]
    LVL 1

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    I came across this issue when setting up a two way forest level trust. so here's the scenario: A company wildcards acquired another company, bizworks ( both Fictitious). Wild cards: windows 2003 Domain & forest functional levels - Ad domain na…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now