wcoil
asked on
Locked profiles on sbs 2003 domain.
I'm looking at an Sbs 2003 domain. The domain has a mix of xp and windows 7 machines, with roaming profiles enabled. The users who use primarily xp are unable to log onto their domain profiles, instead given the old "you are logging onto a cached local profile" message. When they delete an item from their profile, it returns upon logging off and logging back on. Their profile folders are read only on the server, when I attempt to change this I receive an error stating that a folder named "D@1."something is not accessible. The something changes, thus far it's been either *.lnk and *.docx. I've logged onto the profile and run a search for the file, it comes up with a test file placed on the desktop, literally named test.
Any thoughts?
Any thoughts?
ASKER
D@1 is the actual name of the file, not folder. Profile folders do all have proper names. Some of these individuals do have Profile.v2 folders, some do not. The problem lies in the non-.v2 folder. Ntfs Domain Users had no rights. I modified this, still the same issue. It's worth noting that the raid array on this server crashed last week and everything on it was rebuilt from backup.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We just ended up recreating the profiles on the server and that fixed the issue
Sounds like the first thing you'll have to do is take ownership of the folder(s). Then you will be able to change the NTFS security settings so that they are appropriate. The usual profile security settings would be like this:
Top level shared folder:
Share permissions: Administrators Full, Users (or Domain Users) Change
NTFS permissions: Administrators and System Full, Users (or Domain Users) Modify (This folder only)
Individual profile folders, NTFS permissions: Administrators, System and the individual user should all have Full permission. (Not everyone gives the Administrators group permissions, but I've found that not doing this can cause problems managing these folders when problems arise, as you're experiencing right now.)