Owner incorrectly set on roaming profile creation

User profile created by default owner is set to server\administrator instead of that user.  Folder redirection 502 (access denied) as a result.

Any suggestions?

Thanks in advanced.
LVL 42
Kyle AbrahamsSenior .Net DeveloperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
check GPO for roaming profile, check the share permissions and security permission dealing with who can write into the profile share.

Usually domain users should have full rights on the share side
and on the security side

When the roaming profile is copied out it sets the user as the owner and only the user has access unless you use a ROAMING Profile setting GPO that adds administrators to the profile ...

If you are using the user profile folder, \\server\users$\%username% as the home directory, this is why domain\administrator is the owners, as you create this folder when the account is created/added.


create a new test account, do not set home dir....
and see if it behaves the same way.
0
Kyle AbrahamsSenior .Net DeveloperAuthor Commented:
GPO for Roaming profile:  Currently I don't have one set.  I've taken that out to simplify things for now.

New setup after changing the settings:  (EG: From my first to 2nd question):

profilepath:  \\server\userprofiles$\<user>
HomeFolder: \\server\users$\<user>

If I don't set the homefolder the directory doesn't get created and folder redirection breaks.

Is it better to specify this in GPO and if so where do I find that settings?  Sorry for my lack of knowledge here but I'm a programmer putting on a domain admin hat for a small company.
0
arnoldCommented:
computer configuration, security settings, folder redirection
Point of roaming profiles is to manage the clutter and transition from system to system without an issue.
Folder redirection is to reduce the size of the profile data that has to be downloaded and uploaded login/logout.
Pointing the redirection to the profile defeats the purpose.

server\userprofiles
server\userfolders

You should look into using domain based distributed file system.
This provides for a robust and salable transition i.e. when you have to retire server, the DFS-R and DFS can transition the users from the old to the new without delay.

If you have to transition from \\server\user$ to \\newserver\user$
the GPO for folder redirect must have the settings to copy data back when the policy no longer applies. The policy has to be revoked (unapplied)
The data is then copied into the user profile.
Then you either have to wait enough time to get all the users ;....

Or create a new GPO with folder redirect that points to the new server..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Kyle AbrahamsSenior .Net DeveloperAuthor Commented:
Currently all the servers are VMs hosted on an SAN array (HP MSA 1050).  I don't believe we need DFS in that case from what I'm seeing - or would you still recommend it?  Out of work for the weekend, will try these settings on Monday.

Thanks again for the help.
0
arnoldCommented:
VM's also go bad.
so in the event you can not roll back a snapshot....... without losing data
the DFS-R/DFS  provides for a seamless transition since within DFS
\\domain\userprofile you can change the target without the user seeing any impact.
i.e. \\domain\userprofile -> server1\userprofile
You setup a new VM running server2016
using DFS-R you can setup a replication group that will copy the data from server1
You can then add this new VM as a target .
You then change the reference to prefer the new VM
allowing time after confirming no people are accessing server1, you can remove its target reference.....

using two as long as either is up, the user has access to their data.
IN server based, if the server is being rebooted, updated, etc. the user experiences issues accessing their files/data.

The cost is in storage as it is duplicated (exists on each VM)
0
Kyle AbrahamsSenior .Net DeveloperAuthor Commented:
Thanks.  Setting the GPO under Computer -> Admin Templates -> System -> User Profiles worked.

Set the set user home folder to my drive with
\\server\users$\%username%

set the roaming profile path for all users to
\\server\userprofiles$\%username

Created a new user without any additional settings and logged into a machine.
Immediately the directories were created in their appropriate places as well as they were set to owner properly.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.