Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Profiles.... 1

Status
Not open for further replies.

TheSponge

Technical User
Jul 2, 2003
442
GB
I could spend months on this site!!

Major problem on the server with Profiles, I dont think they are writing back to the server, mine certainly isnt!

Also on the server as administrator I cant delete user profiles, it says I dont have access!! Im the ADMIN of course I have access?

all user profiles are supposed to load from \\server\profiles\username...

I have no idea whats going on?

Thanks
 
Check the event viewer for any messages relating to roaming profiles not writing back, access denied errors are the most common.

When a profile is created by default the administrator does not get access to the folder. To make this happen, enable the 'add the administrators security group to roaming user profiles' policy in your domain GPO under computer configuration - administrative templates - system - logon.

If you need access to your current users roaming profilefolder:
right click on it
select properties
go to the security tab
click advanced
click on the owner tab
highlight <domain>\administrators
check the replace security on sub containers and objects box
click okay.
close down all secuirty and properties windows

now reopen the security properties tab, you will see that administrators have full control. Now add back in to here the user with full control. remove everything from here apart from the user, administrators and system (all should be full control). Click the advanced button and check reset permission on all child objects.

let us know how you get on and if you have anything in the event logs.

Martin
 
Thanks, I now have rights on the profiles....

Here is the event log:


Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 06/02/2004
Time: 11:41:44
User: NT AUTHORITY\SYSTEM
Computer: ICPS00
Description:
Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL - Access is denied. , Build number ((2195)).

Thankyou...
 
Found this also, it may help...

&quot;Windows cannot unload your registry class file. If you have a roaming profile, your settings are not replicated. Contact your administrator.
DETAIL Access is denied. , Build number ((2195)).&quot;

The issue is that the &quot;c:\documents and settings\&quot; directory has the permissions changed by the installation of service pack 4 for windows 2000. Original install has the security permissions set to &quot;allow inheritable&quot; which in this case includes full control. Once service pack 4 is installed, the permissions are reduced to just R&E, list folders and read for the &quot;everyone&quot; group. This means that anyone trying to log in either as a new user or in particular as a user with a roaming profile that does not have administrative powers on the local PC cannot change anything, hence the local profile is not copied from the server. To fix this simply click the &quot;allow inheritable permissions&quot; at the root of c:\documents and settings\.
 
Just a quick note to say the above fixed my problem, i no longer get the event id 1000 error!

The things we get put through by MS, im gonna have to do this now on every PC in the company :/
 
There isnt an option under c:\ to allow inheritable permission?

Only on the Server profiles?

I have admin privelages under my name anyway...Its still not working

Thanks
 
Check it on c:\documents and settings

I am a admin and I was getting this problem as well as our users.
 
No, the only folder options are general, sharing and web sharing....

??

 
That would suggest to me that your local drive is FAT rather than NTFS. If this is the case, then the error is been caused by something else, as FAT does not use NT security. hmmmm, have to think about this one.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top