Solved

Roaming Profile.v2 folder copying

Posted on 2013-06-21
14
2,572 Views
Last Modified: 2013-07-02
We have a Windows Server 2008 R2 AD Domain Infrastructure with Roaming profiles through Group Policy. The permissions for the user folders where the profile.v2 folder resides is not owned by the users for replication/backup reasons. However whenever we run a Robocopy on the users directory share we cannot copy the profile.v2 folders.
We'll be moving all of our shares including the roaming profiles over to a SAN device later this year; so I'll need to know how to resolve this issue. Not sure if I need to take ownership of this folder as I do not want to break permissions on the user's end.

Does anyone know of a way to effectively copy/backup the profile.v2 folder?
0
Comment
Question by:nti1999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
14 Comments
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39265977
Have you tried adding the account the backup runs under to the "Backup Operators" user group? That should give it the required permissions.
0
 

Author Comment

by:nti1999
ID: 39265993
BlueCompute,

Yes the account we're using for the backups/robocopy is a member of the Backup Operators group.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39266022
Does the system account have permissions on the user folders? If so, the easiest solution's probably to run a script using the SYSTEM account that adds permissions for the backup user to each folder. There's a GPO setting that will add the adminstrator to the ACLs for any new roaming profiles, but it won't help with the existing ones.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:nti1999
ID: 39266087
A workaround that I've been able to come up with is to have the owner of the profile.v2 folder in each user profile give full control to the Domain Admins group which the backup account is also a member of. This has effectively resolved the issue; but there's got to be a more central way of achieving this solution.
0
 

Author Comment

by:nti1999
ID: 39266336
Bluecompute,

I'll attempt adding the SYSTEM account to the ACL in the GPO: but I don't have much experience with a script that'll make the change for existing accounts. Do you know of any tutorials that I could use to accomplish/try this?
0
 
LVL 14

Assisted Solution

by:BlueCompute
BlueCompute earned 500 total points
ID: 39266439
Hi nti1999,

I had one open earlier, I'm not at my normal PC right now but when I'm back there I'll find the link for you - off the top of my head I'd create a schedule task, running under the SYSTEM account, that does
icacls [your roaming profile root folder]  /grant [your backup user/group]:RX /T

Open in new window


eg

icacls E:\profiles\ /grant backupuser:RX /T

Open in new window


The /T should make it recurse through subfolders, and grant the backup user read and traverse access.
0
 
LVL 14

Accepted Solution

by:
BlueCompute earned 500 total points
ID: 39266451
The alternative, if the SYSTEM user doesn't have the right permissions to make the changes, would be to add a startup script for all your users that runs the ICACLS command under their account when they log on and adds the permissions we need.
0
 
LVL 14

Assisted Solution

by:BlueCompute
BlueCompute earned 500 total points
ID: 39266476
Once you're done, it's probably also worth applying the Group Policy setting "Add the Administrator security group to the roaming user profile share" as described here: http://technet.microsoft.com/en-us/library/cc758768(v=ws.10).aspx - this will mean new users get suitable permissions applied when their profiles are created.
0
 

Author Comment

by:nti1999
ID: 39267026
Thanks for the info and assist. I'll try these options on Monday morning and let you know if it resolves the issue. I did run the poershell ICACLS script on the users directory including the profile folders. It ran and processed for the root share (users) and 10 sub folders in that directory. It didn't apply to all sub folders; unless it just lists 10 at a time.
0
 

Author Comment

by:nti1999
ID: 39271105
BlueCompute,

Is the syntax the same for the log on script as it is in the powershell script? If it is...then I can just add the line to their existing logon script batch files. They each have a mapping to their user directories which includes their profile.v2 folder; so I am guessing the script will look something like this:
--------------------------------------------------------------------------------
net use P: /delete /Y
net use T: /delete /Y
net use N: /delete /Y
net use K: /delete /Y
net use U: /delete /Y
net use P: \\fileserver\Public /persistent:yes
net use T: \\fileserver\IT /persistent:yes
net use N: \\fileserver\besr_images
net use U: \\fileserver\users$\%username%
icacls U:\profile.V2\ /grant backupuser:RX /T

----------------------------------------------------------------------------------------------------------------------
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39271117
Hi mti1999,

That looks good to me, although obviously once it's run once for all your users I'd take it back out as it'll slow down the logon a bit.

Let me know how you get on.

Cheers,

Bluecompute
0
 

Author Comment

by:nti1999
ID: 39271758
Bluecompute,

Going to test this tomorrow morning. Will let you know if it resolves the issue.

Thanks!
0
 

Author Comment

by:nti1999
ID: 39274788
Deployed the new log on script today and it ran w/o issue. I'll be running my RoboCopy task tonight and will let you know if the problems have been resolved.

Thanks for your patience in working through this with me.

-nti1999
0
 

Author Comment

by:nti1999
ID: 39292997
Bluecompute,

My apologies for taking longer than expected to provide the status update on this issue.

The log on script seems to have worked and the RoboCopy is now able to backup the profile.v2 folders of the users' profiles w/o issue.

Thank you once again for the assist as well as the patience while I worked through this issue.

-nti1999
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question