Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Roaming Profile DC Administrator unable to access why

Status
Not open for further replies.
funky29280

funky29280

IS-IT--Management
Jun 25, 2008
15
Hi,
I have made some Roaming Profiles by specifying the following path
\\ipaddress\share_folder_name\%username%
have added the Domain Admins to full permission in Security as well as in Sharing Tab. Users after login yo their systems can access their own profile but Domain Admins and Even DC Controller unable to access that users profile folder. Whenever I tried to access that folder i got a message Access Denied
Please guide me to fix this problem

Regards,
Sid

Regards,
Sid
 
Sort by date Sort by votes
you will have to allow domain admins to have full access to the top level folder and make sure that the boxes are checked for sub folders to inherit permissions and then push those permissions down...
 
Upvote 0 Downvote
If you did this through a GPO I believe there is an option in there somewhere to allow or deny admins access to profiles and redirected folders, denied by default I think.

I don't think you change the permissions on the individual profile folders now without taking ownership of them first as the domain admins won't have the rights to change permissions on these folders.

Adrian Paris
Paris Engineering Ltd
Google search of just tech forums & articles
 
Upvote 0 Downvote
I agree with ForumKB - I've played around investigating with this. Default setting will grant access by %Username% only, locking out domain admins. There is a policy setting to change this, there was also a policy to remove the profile from pc after logoff, (if u have many users logging onto same machine). But if i seem to recall this could only be done by setting the local computer policy on workstation! - which isnt much help if u have 00's of machines!

 
Upvote 0 Downvote
ForumKB and widget12 are correct - we have roaming profiles and had the same issue. By default, only the user has permissions to their own profile, if you want admins to have permissions then you'll need to configure the policy.

However, be careful ... the policy isn't a user policy as you'd expect, instead it's a computer policy. The policy has to be configured on the workstation the user logs onto when their profile is first created. Not under the scope of the user, or the scope of the server where the roaming profile lies.

So for the users who'se roaming profile is already created, I'm afraid it's too late. If you configure the policy now, it will be in place for any new users that arrive though.

Good Luck

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
132
hairlessupportmonkey
hairlessupportmonkey
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
223
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
253
microsGuy16
microsGuy16
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
117
RRankin355
RRankin355
bechna
  • Locked
  • Question
Unable to connect to VPN windows server 2019
Replies
0
Views
92
bechna
bechna

Part and Inventory Search

Sponsor

Back
Top