Jump to content

Windows 2003 File Access Problems

Guest Phil

By Guest Phil
in Windows 2003 Server

 Share

Recommended Posts

Guest Phil

Guest Phil

Posted
Posted

Hi Folks,

I am hoping that somebody can help me, we are using roaming profiles

with access rights at the top level of the folder to the user and

administrators, we are finding thou when the users creates the profile

folder for some atrange reason teh rights are not inherited. They are

inherited with the other folders that are created just not with the

profile folder and as you can imagine this is an issue especially as

we have over 4000 users :) any help will be appreciated.

 

thanks

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Anthony

Guest Anthony

Posted
Posted

Re: Windows 2003 File Access Problems

 

Phil,

That's by design. The profile is intended to be private.

You can set a Group Policy to add Administrators to the list of permissions,

but it only applies to new profiles.

Anthony, http://www.airdesk.co.uk

 

 

 

"Phil" <lockp@chelmsford-college.ac.uk> wrote in message

news:1193661485.283580.9210@d55g2000hsg.googlegroups.com...

> Hi Folks,

> I am hoping that somebody can help me, we are using roaming profiles

> with access rights at the top level of the folder to the user and

> administrators, we are finding thou when the users creates the profile

> folder for some atrange reason teh rights are not inherited. They are

> inherited with the other folders that are created just not with the

> profile folder and as you can imagine this is an issue especially as

> we have over 4000 users :) any help will be appreciated.

>

> thanks

>

Guest Phil

Guest Phil

Posted
Posted

Re: Windows 2003 File Access Problems

 

The Profile may be private but for a majority of users nobody gets

rights to the file when it is created not even the creator, whereas

normally the system has been set up so that the local admin and the

owner is added in with full access rights. Why this stops working

randomaly is the main problem.

 

Cheers :)

 

 

On Oct 29, 1:55 pm, "Anthony" <anthony.s...@spammedout.com> wrote:

> Phil,

> That's by design. The profile is intended to be private.

> You can set a Group Policy to add Administrators to the list of permissions,

> but it only applies to new profiles.

> Anthony,http://www.airdesk.co.uk

>

> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message

>

> news:1193661485.283580.9210@d55g2000hsg.googlegroups.com...

>

>

>

> > Hi Folks,

> > I am hoping that somebody can help me, we are using roaming profiles

> > with access rights at the top level of the folder to the user and

> > administrators, we are finding thou when the users creates the profile

> > folder for some atrange reason teh rights are not inherited. They are

> > inherited with the other folders that are created just not with the

> > profile folder and as you can imagine this is an issue especially as

> > we have over 4000 users :) any help will be appreciated.

>

> > thanks- Hide quoted text -

>

> - Show quoted text -

Guest Anthony

Guest Anthony

Posted
Posted

Re: Windows 2003 File Access Problems

 

Hi Phil,

Is your profiles folder set up like this:

http://technet2.microsoft.com/windowsserver/en/library/20b15453-f7c9-4cf0-9131-78924af776551033.mspx?mfr=true?

Can you describe exactly what happens when it randomly stops working? What

error messages do you get and what is in the Event Log?

Do you have any Group Policies for roaming profiles?

Anthony, http://www.airdesk.co.uk

 

 

"Phil" <lockp@chelmsford-college.ac.uk> wrote in message

news:1193670060.074264.289590@k79g2000hse.googlegroups.com...

> The Profile may be private but for a majority of users nobody gets

> rights to the file when it is created not even the creator, whereas

> normally the system has been set up so that the local admin and the

> owner is added in with full access rights. Why this stops working

> randomaly is the main problem.

>

> Cheers :)

>

>

> On Oct 29, 1:55 pm, "Anthony" <anthony.s...@spammedout.com> wrote:

>> Phil,

>> That's by design. The profile is intended to be private.

>> You can set a Group Policy to add Administrators to the list of

>> permissions,

>> but it only applies to new profiles.

>> Anthony,http://www.airdesk.co.uk

>>

>> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message

>>

>> news:1193661485.283580.9210@d55g2000hsg.googlegroups.com...

>>

>>

>>

>> > Hi Folks,

>> > I am hoping that somebody can help me, we are using roaming profiles

>> > with access rights at the top level of the folder to the user and

>> > administrators, we are finding thou when the users creates the profile

>> > folder for some atrange reason teh rights are not inherited. They are

>> > inherited with the other folders that are created just not with the

>> > profile folder and as you can imagine this is an issue especially as

>> > we have over 4000 users :) any help will be appreciated.

>>

>> > thanks- Hide quoted text -

>>

>> - Show quoted text -

>

>

Guest Phil

Guest Phil

Posted
Posted

Re: Windows 2003 File Access Problems

 

Hi Anthony,

 

all the rights are set up as per the document what we have is a server

\share\folder\user area

when we run the user installation script (we are a colllege so have

4000+ usesr join) we then run a bat file that changes the rights on

the users area folder to that user and local admin f/c with

inheritance. What we are finding is that sometimes when the user 1st

logs in (or just after a profile reset) all folders such as

applications my doc etc are created with the users rights (server\share

\folder\user area\user documents) but the profile folder (server\share

\folder\user area\profile) does not have any rights applied leading to

us having to manually take local ownership of the folder, add in the

correct rights, then return ownership to the user.

There never seems to be any error messages in the event log, i ran

over the weekend a scandisk and this removed all the security rights

to about 100+ users and reset them to administrator and system (folder

only f/c), again the only error message in the scan log was it fixed

30 security descriptors.

There does not seem to be any rhyme nor reason to which student gets

the problem it may just be 1 in a class of 30 or 90% of them. :(

We only use group policy to point where the folder redirection goes ie

 

Application Datahide

Setting: Basic (Redirect everyone's folder to the same location)hide

Path: \\server\share\user folder\%USERNAME%\Application Data

Optionshide

Grant user exclusive rights to Application Data Disabled

Move the contents of Application Data to the new location Enabled

Policy Removal Behavior Leave contents

 

Any help clearing this up is appreciated

 

Phil

 

On Oct 29, 4:20 pm, "Anthony" <anthony.s...@spammedout.com> wrote:

> Hi Phil,

> Is your profiles folder set up like this:http://technet2.microsoft.com/windowsserver/en/library/20b15453-f7c9-...

> Can you describe exactly what happens when it randomly stops working? What

> error messages do you get and what is in the Event Log?

> Do you have any Group Policies for roaming profiles?

> Anthony,http://www.airdesk.co.uk

>

> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message

>

> news:1193670060.074264.289590@k79g2000hse.googlegroups.com...

>

>

>

> > The Profile may be private but for a majority of users nobody gets

> > rights to the file when it is created not even the creator, whereas

> > normally the system has been set up so that the local admin and the

> > owner is added in with full access rights. Why this stops working

> > randomaly is the main problem.

>

> > Cheers :)

>

> > On Oct 29, 1:55 pm, "Anthony" <anthony.s...@spammedout.com> wrote:

> >> Phil,

> >> That's by design. The profile is intended to be private.

> >> You can set a Group Policy to add Administrators to the list of

> >> permissions,

> >> but it only applies to new profiles.

> >> Anthony,http://www.airdesk.co.uk

>

> >> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message

>

> >>news:1193661485.283580.9210@d55g2000hsg.googlegroups.com...

>

> >> > Hi Folks,

> >> > I am hoping that somebody can help me, we are using roaming profiles

> >> > with access rights at the top level of the folder to the user and

> >> > administrators, we are finding thou when the users creates the profile

> >> > folder for some atrange reason teh rights are not inherited. They are

> >> > inherited with the other folders that are created just not with the

> >> > profile folder and as you can imagine this is an issue especially as

> >> > we have over 4000 users :) any help will be appreciated.

>

> >> > thanks- Hide quoted text -

>

> >> - Show quoted text -- Hide quoted text -

>

> - Show quoted text -

Guest Anthony

Guest Anthony

Posted
Posted

Re: Windows 2003 File Access Problems

 

Hi Phil,

Just to break the problem down a bit:

1) The profile folder is created when the user logs on, and by default the

user has exclusive access. Permissions are not inherited.

2) You can set a Policy to change this and allow Administrator access, but

the policy changes how the profile folder is created. It does not apply to

existing profiles. "Add the Administrators security group to roaming user

profiles".

3) There is another policy setting that reduces security but helps you work

around this, "Do not check for user ownership of Roaming Profile folders.

The bit that surprises me in your description is that the problem is

erratic. I would expect no administrator to have access. I am wondering if

perhaps your script is affecting how the defaults work. For example, if it

sets permissions the first time you run it, what does it do if you run it

again for another list of users?

Hope that helps,

Anthony, http://www.airdesk.co.uk

 

 

 

"Phil" <lockp@chelmsford-college.ac.uk> wrote in message

news:1193734703.549387.17800@o3g2000hsb.googlegroups.com...

> Hi Anthony,

>

> all the rights are set up as per the document what we have is a server

> \share\folder\user area

> when we run the user installation script (we are a colllege so have

> 4000+ usesr join) we then run a bat file that changes the rights on

> the users area folder to that user and local admin f/c with

> inheritance. What we are finding is that sometimes when the user 1st

> logs in (or just after a profile reset) all folders such as

> applications my doc etc are created with the users rights (server\share

> \folder\user area\user documents) but the profile folder (server\share

> \folder\user area\profile) does not have any rights applied leading to

> us having to manually take local ownership of the folder, add in the

> correct rights, then return ownership to the user.

> There never seems to be any error messages in the event log, i ran

> over the weekend a scandisk and this removed all the security rights

> to about 100+ users and reset them to administrator and system (folder

> only f/c), again the only error message in the scan log was it fixed

> 30 security descriptors.

> There does not seem to be any rhyme nor reason to which student gets

> the problem it may just be 1 in a class of 30 or 90% of them. :(

> We only use group policy to point where the folder redirection goes ie

>

> Application Datahide

> Setting: Basic (Redirect everyone's folder to the same location)hide

> Path: \\server\share\user folder\%USERNAME%\Application Data

> Optionshide

> Grant user exclusive rights to Application Data Disabled

> Move the contents of Application Data to the new location Enabled

> Policy Removal Behavior Leave contents

>

> Any help clearing this up is appreciated

>

> Phil

>

> On Oct 29, 4:20 pm, "Anthony" <anthony.s...@spammedout.com> wrote:

>> Hi Phil,

>> Is your profiles folder set up like

>> this:http://technet2.microsoft.com/windowsserver/en/library/20b15453-f7c9-...

>> Can you describe exactly what happens when it randomly stops working?

>> What

>> error messages do you get and what is in the Event Log?

>> Do you have any Group Policies for roaming profiles?

>> Anthony,http://www.airdesk.co.uk

>>

>> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message

>>

>> news:1193670060.074264.289590@k79g2000hse.googlegroups.com...

>>

>>

>>

>> > The Profile may be private but for a majority of users nobody gets

>> > rights to the file when it is created not even the creator, whereas

>> > normally the system has been set up so that the local admin and the

>> > owner is added in with full access rights. Why this stops working

>> > randomaly is the main problem.

>>

>> > Cheers :)

>>

>> > On Oct 29, 1:55 pm, "Anthony" <anthony.s...@spammedout.com> wrote:

>> >> Phil,

>> >> That's by design. The profile is intended to be private.

>> >> You can set a Group Policy to add Administrators to the list of

>> >> permissions,

>> >> but it only applies to new profiles.

>> >> Anthony,http://www.airdesk.co.uk

>>

>> >> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message

>>

>> >>news:1193661485.283580.9210@d55g2000hsg.googlegroups.com...

>>

>> >> > Hi Folks,

>> >> > I am hoping that somebody can help me, we are using roaming profiles

>> >> > with access rights at the top level of the folder to the user and

>> >> > administrators, we are finding thou when the users creates the

>> >> > profile

>> >> > folder for some atrange reason teh rights are not inherited. They

>> >> > are

>> >> > inherited with the other folders that are created just not with the

>> >> > profile folder and as you can imagine this is an issue especially as

>> >> > we have over 4000 users :) any help will be appreciated.

>>

>> >> > thanks- Hide quoted text -

>>

>> >> - Show quoted text -- Hide quoted text -

>>

>> - Show quoted text -

>

>

 Share
Go to topic listing
×
×
  • Create New...