Hi!
I have a question for all of you! First, here's my setup. I have a windows 2003 Server with 3 machines (clients) hooked up to it. I've joined them to the domain just nicely and I've decided to do something new, actually enable roaming profiles and do file redirections for the desktop, My documents, application Data folders. I have 4 users on this system (myself, wife, and 2 children) so as you can see this isn't a difficult setup.
I setup this entire network with my account, not the administrator account. I can log into any computer on my domain and see all my files and folders and everything works. (I even figured out how to disable the syncronization manager Ugh!)
It was enough to make me proud! I was thinking this is too easy, and I was right! As soon as I tried to login as my wife it all started to go downhill.
When wife account logs in, the roaming profile seemed to have worked properly, there was a profile for her on the server, however, the my documents, application data, and desktop shared files, a username directory wasn't created for her account. I copied a test file to her my documents folder and it just went into her local profile. I thought that was odd so I double checked my share permissions, I have the share permissions at full control.
Next I looked at the security permissions, I didn't want any of these trivial things to get in the way so I gave the "all domain users" group full control over all of these folders. still no change when I logged into the client machine.
Then I got a bright idea! I'll try and give her the same permissions I have, so I set her up as a domain admin and an enterprise admin (why not!?) So now I would assume she has full control over the entire system. I then logged in as her on the server and to my suprise, when she logs onto the server itself, her account worked beautifully! The redirection worked great!
So the next thing I tried, I went into the group policy and wanted to make sure that the group policy was working on my clients. I made a trival change, i told the domain to set the policy up to not allow users to shutdown the computer at the login screen, I also enabled the disable cntrl-alt-del screen at startup. I did a gpupdate /force command, logged off the server, then restarted the client machine. The cntrl-alt-del screen was still there, the system could still be shutdown.
The next step I tried was logging in as me and deleting out my wifes profile on the client machine, since it's read from the server and updated, I didn't see a problem with this. Then I took the machine out of the domain, rebooted, put the machine back in the domain, rebooted, and then tried to log in under the wife account again. This time I got the error message. "The roaming profile for this user cannot be found on the server, loading temporary default user profile" Now, she's a domain admin, why would her rights to the server be denied! once I logged in as her, I went to the sever using my network places and was able to browse the server just fine without any prompts for a username or password.
I logged in as myself on the client machine and had no problem. But for some reason, her account was denied access and obviously the redirection didn't work on the client for her. The cntrl-alt-del screen as still there and the shutdown button still enabled.
So basically I want to know why my profile works fine and her's doesn't work, and obviously how to fix it. It would appear we have the same rights and why does it work great when I log her onto the server, as well as why don't the policies change on any of the clients when I make the changes in the group policy? Group policies are pushed down to the clients automatically aren't they? You don't have to specifically tell a client to first look at the group policy on the server I think it's supposed to use the server policy before it's own policy.
I also downloaded the new group policy editor from microsoft and made sure every policy I've created has Enforced set to YES.
I tried to be specific, but if you need more detail on this setup to assist in figuring this problem out, I'll be happy to divulge!
I have a question for all of you! First, here's my setup. I have a windows 2003 Server with 3 machines (clients) hooked up to it. I've joined them to the domain just nicely and I've decided to do something new, actually enable roaming profiles and do file redirections for the desktop, My documents, application Data folders. I have 4 users on this system (myself, wife, and 2 children) so as you can see this isn't a difficult setup.
I setup this entire network with my account, not the administrator account. I can log into any computer on my domain and see all my files and folders and everything works. (I even figured out how to disable the syncronization manager Ugh!)
It was enough to make me proud! I was thinking this is too easy, and I was right! As soon as I tried to login as my wife it all started to go downhill.
When wife account logs in, the roaming profile seemed to have worked properly, there was a profile for her on the server, however, the my documents, application data, and desktop shared files, a username directory wasn't created for her account. I copied a test file to her my documents folder and it just went into her local profile. I thought that was odd so I double checked my share permissions, I have the share permissions at full control.
Next I looked at the security permissions, I didn't want any of these trivial things to get in the way so I gave the "all domain users" group full control over all of these folders. still no change when I logged into the client machine.
Then I got a bright idea! I'll try and give her the same permissions I have, so I set her up as a domain admin and an enterprise admin (why not!?) So now I would assume she has full control over the entire system. I then logged in as her on the server and to my suprise, when she logs onto the server itself, her account worked beautifully! The redirection worked great!
So the next thing I tried, I went into the group policy and wanted to make sure that the group policy was working on my clients. I made a trival change, i told the domain to set the policy up to not allow users to shutdown the computer at the login screen, I also enabled the disable cntrl-alt-del screen at startup. I did a gpupdate /force command, logged off the server, then restarted the client machine. The cntrl-alt-del screen was still there, the system could still be shutdown.
The next step I tried was logging in as me and deleting out my wifes profile on the client machine, since it's read from the server and updated, I didn't see a problem with this. Then I took the machine out of the domain, rebooted, put the machine back in the domain, rebooted, and then tried to log in under the wife account again. This time I got the error message. "The roaming profile for this user cannot be found on the server, loading temporary default user profile" Now, she's a domain admin, why would her rights to the server be denied! once I logged in as her, I went to the sever using my network places and was able to browse the server just fine without any prompts for a username or password.
I logged in as myself on the client machine and had no problem. But for some reason, her account was denied access and obviously the redirection didn't work on the client for her. The cntrl-alt-del screen as still there and the shutdown button still enabled.
So basically I want to know why my profile works fine and her's doesn't work, and obviously how to fix it. It would appear we have the same rights and why does it work great when I log her onto the server, as well as why don't the policies change on any of the clients when I make the changes in the group policy? Group policies are pushed down to the clients automatically aren't they? You don't have to specifically tell a client to first look at the group policy on the server I think it's supposed to use the server policy before it's own policy.
I also downloaded the new group policy editor from microsoft and made sure every policy I've created has Enforced set to YES.
I tried to be specific, but if you need more detail on this setup to assist in figuring this problem out, I'll be happy to divulge!
