?
Solved

NTFS Permissions user accounts and roaming profiles

Posted on 2012-09-11
6
Medium Priority
?
698 Views
Last Modified: 2012-10-17
Hello Experts,

I do not understand the security settings for roaming profiles and users accounts.  I am using Server 2008 R2 with Active directory.  While setting up roaming profiles I setup the "Profiles" folder, shared it.  When the user logs in for the first time the profile gets created and the ownership is for the user and the user has security rights.  My domain administrator account does NOT have access via security.

It appears my backup processes do NOT copy these files because my special domain admin account that I setup does not have rights....

Shouldn't the domain administrators have access?

If I create a new user will I have to go through some manual process to give access to my domain admins?

I also see this with user folders redirected.

Please elaborate and/or point to links.
0
Comment
Question by:tucktech
  • 3
  • 3
6 Comments
 
LVL 16

Accepted Solution

by:
Kevin Hays earned 1200 total points
ID: 38389476
On the shared folder, under security add domain admins with full control and propagate all subfolders with that permissions.

Here is an article also.  If you don't give the admin full control you will have to take ownership if you need to access their files for whatever reason.

http://www.windowsnetworking.com/articles_tutorials/profile-folder-redirection-windows-server-2003.html
0
 

Author Comment

by:tucktech
ID: 38391473
Hello kshays,

I went to the RDS Server which is also serves the shared folders.  For the PROFILES folder I made sure that EVERYONE had full control on the share.  I then went to security and I checked Domain Admins has ownership and full control of that folder and it has "applies to, this folder, subfolders and files."

I then try to open up a folder below it with a user name for example, Sam.  I see in security it also has the same settings and Full Control has a check mark but is grey versus black.  The folders under this user's folder, "PROFILE.V2" does not allow any permissions and I cannot view it.

I also verified the id I am using, administrator, is a member of domain admins.

What am I missing?
0
 

Author Comment

by:tucktech
ID: 38392269
Also when I try to give full control to domain admins for my Home folders it give me an error, "An error occured while applying security informaiton to f:\users\username\....", Access Denied.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 16

Assisted Solution

by:Kevin Hays
Kevin Hays earned 1200 total points
ID: 38393332
Hi,

Have you tried to create a new user and login under the new login, then see if you can access it with your DA account?  I've seen where you have to take ownership of the folders first then add the DA account into folders such as favorites, desktop, my docs, etc....

Kevin
0
 

Author Closing Comment

by:tucktech
ID: 38505443
I found that my administrator was a local id not a domain id. I just need to look a little closer at the problem.  Thanks.
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 38505816
Hi,
Yeah that would present a problem then if he wasn't a DA :)  Glad you found it.

Kevin
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question