Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Roaming Profile DC Administrator unable to access why

Status
Not open for further replies.

funky29280

IS-IT--Management
Jun 25, 2008
15
Hi,
I have made some Roaming Profiles by specifying the following path
\\ipaddress\share_folder_name\%username%
have added the Domain Admins to full permission in Security as well as in Sharing Tab. Users after login yo their systems can access their own profile but Domain Admins and Even DC Controller unable to access that users profile folder. Whenever I tried to access that folder i got a message Access Denied
Please guide me to fix this problem

Regards,
Sid

Regards,
Sid
 
you will have to allow domain admins to have full access to the top level folder and make sure that the boxes are checked for sub folders to inherit permissions and then push those permissions down...
 
If you did this through a GPO I believe there is an option in there somewhere to allow or deny admins access to profiles and redirected folders, denied by default I think.

I don't think you change the permissions on the individual profile folders now without taking ownership of them first as the domain admins won't have the rights to change permissions on these folders.

Adrian Paris
Paris Engineering Ltd
Google search of just tech forums & articles
 
I agree with ForumKB - I've played around investigating with this. Default setting will grant access by %Username% only, locking out domain admins. There is a policy setting to change this, there was also a policy to remove the profile from pc after logoff, (if u have many users logging onto same machine). But if i seem to recall this could only be done by setting the local computer policy on workstation! - which isnt much help if u have 00's of machines!

 
ForumKB and widget12 are correct - we have roaming profiles and had the same issue. By default, only the user has permissions to their own profile, if you want admins to have permissions then you'll need to configure the policy.

However, be careful ... the policy isn't a user policy as you'd expect, instead it's a computer policy. The policy has to be configured on the workstation the user logs onto when their profile is first created. Not under the scope of the user, or the scope of the server where the roaming profile lies.

So for the users who'se roaming profile is already created, I'm afraid it's too late. If you configure the policy now, it will be in place for any new users that arrive though.

Good Luck

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top