• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 437
  • Last Modified:

Specifying Default Permissions for roaming profiles and documents folders

Currently GP only gives the user permissions to his/her "profiles" and "documents" folders when he/she logs in for the first time and the folders are created.  How can I specify the permissions I want GP to give the folders when it creates them?  I want both the local administrators group and the domain admins group to have permissions along with the user.  I tried the following setting ...
"config/policies/admin templates/system/user profile:add the admin security group to roaming user profiles"
But that didn't do what I want it to do.  I also tried setting inheritable permissions on the parent folder of these folders, but the folders got added without "inherit permissions" checked, and I had to take ownership of the folders to check the "inherit permissions" boxes and then set ownership back to the user.
1 Solution
Hi ,

I see what you issue that you facing. Ideally inherit permission from parent would work when a new folder is created underneath it, i would say test it once again in a test environment.

Another option is to use script and make use of setACL.exe and TakeOwn.exe (may not be required) resource kit tools and run at specific intervals to grant the required permissions.

Navdeep [v-2nas]
Declan_BasileAuthor Commented:

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now