Guest Phil Posted October 29, 2007 Posted October 29, 2007 Hi Folks, I am hoping that somebody can help me, we are using roaming profiles with access rights at the top level of the folder to the user and administrators, we are finding thou when the users creates the profile folder for some atrange reason teh rights are not inherited. They are inherited with the other folders that are created just not with the profile folder and as you can imagine this is an issue especially as we have over 4000 users :) any help will be appreciated. thanks
Guest Anthony Posted October 29, 2007 Posted October 29, 2007 Re: Windows 2003 File Access Problems Phil, That's by design. The profile is intended to be private. You can set a Group Policy to add Administrators to the list of permissions, but it only applies to new profiles. Anthony, http://www.airdesk.co.uk "Phil" <lockp@chelmsford-college.ac.uk> wrote in message news:1193661485.283580.9210@d55g2000hsg.googlegroups.com... > Hi Folks, > I am hoping that somebody can help me, we are using roaming profiles > with access rights at the top level of the folder to the user and > administrators, we are finding thou when the users creates the profile > folder for some atrange reason teh rights are not inherited. They are > inherited with the other folders that are created just not with the > profile folder and as you can imagine this is an issue especially as > we have over 4000 users :) any help will be appreciated. > > thanks >
Guest Phil Posted October 29, 2007 Posted October 29, 2007 Re: Windows 2003 File Access Problems The Profile may be private but for a majority of users nobody gets rights to the file when it is created not even the creator, whereas normally the system has been set up so that the local admin and the owner is added in with full access rights. Why this stops working randomaly is the main problem. Cheers :) On Oct 29, 1:55 pm, "Anthony" <anthony.s...@spammedout.com> wrote: > Phil, > That's by design. The profile is intended to be private. > You can set a Group Policy to add Administrators to the list of permissions, > but it only applies to new profiles. > Anthony,http://www.airdesk.co.uk > > "Phil" <lo...@chelmsford-college.ac.uk> wrote in message > > news:1193661485.283580.9210@d55g2000hsg.googlegroups.com... > > > > > Hi Folks, > > I am hoping that somebody can help me, we are using roaming profiles > > with access rights at the top level of the folder to the user and > > administrators, we are finding thou when the users creates the profile > > folder for some atrange reason teh rights are not inherited. They are > > inherited with the other folders that are created just not with the > > profile folder and as you can imagine this is an issue especially as > > we have over 4000 users :) any help will be appreciated. > > > thanks- Hide quoted text - > > - Show quoted text -
Guest Anthony Posted October 29, 2007 Posted October 29, 2007 Re: Windows 2003 File Access Problems Hi Phil, Is your profiles folder set up like this: http://technet2.microsoft.com/windowsserver/en/library/20b15453-f7c9-4cf0-9131-78924af776551033.mspx?mfr=true? Can you describe exactly what happens when it randomly stops working? What error messages do you get and what is in the Event Log? Do you have any Group Policies for roaming profiles? Anthony, http://www.airdesk.co.uk "Phil" <lockp@chelmsford-college.ac.uk> wrote in message news:1193670060.074264.289590@k79g2000hse.googlegroups.com... > The Profile may be private but for a majority of users nobody gets > rights to the file when it is created not even the creator, whereas > normally the system has been set up so that the local admin and the > owner is added in with full access rights. Why this stops working > randomaly is the main problem. > > Cheers :) > > > On Oct 29, 1:55 pm, "Anthony" <anthony.s...@spammedout.com> wrote: >> Phil, >> That's by design. The profile is intended to be private. >> You can set a Group Policy to add Administrators to the list of >> permissions, >> but it only applies to new profiles. >> Anthony,http://www.airdesk.co.uk >> >> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message >> >> news:1193661485.283580.9210@d55g2000hsg.googlegroups.com... >> >> >> >> > Hi Folks, >> > I am hoping that somebody can help me, we are using roaming profiles >> > with access rights at the top level of the folder to the user and >> > administrators, we are finding thou when the users creates the profile >> > folder for some atrange reason teh rights are not inherited. They are >> > inherited with the other folders that are created just not with the >> > profile folder and as you can imagine this is an issue especially as >> > we have over 4000 users :) any help will be appreciated. >> >> > thanks- Hide quoted text - >> >> - Show quoted text - > >
Guest Phil Posted October 30, 2007 Posted October 30, 2007 Re: Windows 2003 File Access Problems Hi Anthony, all the rights are set up as per the document what we have is a server \share\folder\user area when we run the user installation script (we are a colllege so have 4000+ usesr join) we then run a bat file that changes the rights on the users area folder to that user and local admin f/c with inheritance. What we are finding is that sometimes when the user 1st logs in (or just after a profile reset) all folders such as applications my doc etc are created with the users rights (server\share \folder\user area\user documents) but the profile folder (server\share \folder\user area\profile) does not have any rights applied leading to us having to manually take local ownership of the folder, add in the correct rights, then return ownership to the user. There never seems to be any error messages in the event log, i ran over the weekend a scandisk and this removed all the security rights to about 100+ users and reset them to administrator and system (folder only f/c), again the only error message in the scan log was it fixed 30 security descriptors. There does not seem to be any rhyme nor reason to which student gets the problem it may just be 1 in a class of 30 or 90% of them. :( We only use group policy to point where the folder redirection goes ie Application Datahide Setting: Basic (Redirect everyone's folder to the same location)hide Path: \\server\share\user folder\%USERNAME%\Application Data Optionshide Grant user exclusive rights to Application Data Disabled Move the contents of Application Data to the new location Enabled Policy Removal Behavior Leave contents Any help clearing this up is appreciated Phil On Oct 29, 4:20 pm, "Anthony" <anthony.s...@spammedout.com> wrote: > Hi Phil, > Is your profiles folder set up like this:http://technet2.microsoft.com/windowsserver/en/library/20b15453-f7c9-... > Can you describe exactly what happens when it randomly stops working? What > error messages do you get and what is in the Event Log? > Do you have any Group Policies for roaming profiles? > Anthony,http://www.airdesk.co.uk > > "Phil" <lo...@chelmsford-college.ac.uk> wrote in message > > news:1193670060.074264.289590@k79g2000hse.googlegroups.com... > > > > > The Profile may be private but for a majority of users nobody gets > > rights to the file when it is created not even the creator, whereas > > normally the system has been set up so that the local admin and the > > owner is added in with full access rights. Why this stops working > > randomaly is the main problem. > > > Cheers :) > > > On Oct 29, 1:55 pm, "Anthony" <anthony.s...@spammedout.com> wrote: > >> Phil, > >> That's by design. The profile is intended to be private. > >> You can set a Group Policy to add Administrators to the list of > >> permissions, > >> but it only applies to new profiles. > >> Anthony,http://www.airdesk.co.uk > > >> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message > > >>news:1193661485.283580.9210@d55g2000hsg.googlegroups.com... > > >> > Hi Folks, > >> > I am hoping that somebody can help me, we are using roaming profiles > >> > with access rights at the top level of the folder to the user and > >> > administrators, we are finding thou when the users creates the profile > >> > folder for some atrange reason teh rights are not inherited. They are > >> > inherited with the other folders that are created just not with the > >> > profile folder and as you can imagine this is an issue especially as > >> > we have over 4000 users :) any help will be appreciated. > > >> > thanks- Hide quoted text - > > >> - Show quoted text -- Hide quoted text - > > - Show quoted text -
Guest Anthony Posted October 30, 2007 Posted October 30, 2007 Re: Windows 2003 File Access Problems Hi Phil, Just to break the problem down a bit: 1) The profile folder is created when the user logs on, and by default the user has exclusive access. Permissions are not inherited. 2) You can set a Policy to change this and allow Administrator access, but the policy changes how the profile folder is created. It does not apply to existing profiles. "Add the Administrators security group to roaming user profiles". 3) There is another policy setting that reduces security but helps you work around this, "Do not check for user ownership of Roaming Profile folders. The bit that surprises me in your description is that the problem is erratic. I would expect no administrator to have access. I am wondering if perhaps your script is affecting how the defaults work. For example, if it sets permissions the first time you run it, what does it do if you run it again for another list of users? Hope that helps, Anthony, http://www.airdesk.co.uk "Phil" <lockp@chelmsford-college.ac.uk> wrote in message news:1193734703.549387.17800@o3g2000hsb.googlegroups.com... > Hi Anthony, > > all the rights are set up as per the document what we have is a server > \share\folder\user area > when we run the user installation script (we are a colllege so have > 4000+ usesr join) we then run a bat file that changes the rights on > the users area folder to that user and local admin f/c with > inheritance. What we are finding is that sometimes when the user 1st > logs in (or just after a profile reset) all folders such as > applications my doc etc are created with the users rights (server\share > \folder\user area\user documents) but the profile folder (server\share > \folder\user area\profile) does not have any rights applied leading to > us having to manually take local ownership of the folder, add in the > correct rights, then return ownership to the user. > There never seems to be any error messages in the event log, i ran > over the weekend a scandisk and this removed all the security rights > to about 100+ users and reset them to administrator and system (folder > only f/c), again the only error message in the scan log was it fixed > 30 security descriptors. > There does not seem to be any rhyme nor reason to which student gets > the problem it may just be 1 in a class of 30 or 90% of them. :( > We only use group policy to point where the folder redirection goes ie > > Application Datahide > Setting: Basic (Redirect everyone's folder to the same location)hide > Path: \\server\share\user folder\%USERNAME%\Application Data > Optionshide > Grant user exclusive rights to Application Data Disabled > Move the contents of Application Data to the new location Enabled > Policy Removal Behavior Leave contents > > Any help clearing this up is appreciated > > Phil > > On Oct 29, 4:20 pm, "Anthony" <anthony.s...@spammedout.com> wrote: >> Hi Phil, >> Is your profiles folder set up like >> this:http://technet2.microsoft.com/windowsserver/en/library/20b15453-f7c9-... >> Can you describe exactly what happens when it randomly stops working? >> What >> error messages do you get and what is in the Event Log? >> Do you have any Group Policies for roaming profiles? >> Anthony,http://www.airdesk.co.uk >> >> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message >> >> news:1193670060.074264.289590@k79g2000hse.googlegroups.com... >> >> >> >> > The Profile may be private but for a majority of users nobody gets >> > rights to the file when it is created not even the creator, whereas >> > normally the system has been set up so that the local admin and the >> > owner is added in with full access rights. Why this stops working >> > randomaly is the main problem. >> >> > Cheers :) >> >> > On Oct 29, 1:55 pm, "Anthony" <anthony.s...@spammedout.com> wrote: >> >> Phil, >> >> That's by design. The profile is intended to be private. >> >> You can set a Group Policy to add Administrators to the list of >> >> permissions, >> >> but it only applies to new profiles. >> >> Anthony,http://www.airdesk.co.uk >> >> >> "Phil" <lo...@chelmsford-college.ac.uk> wrote in message >> >> >>news:1193661485.283580.9210@d55g2000hsg.googlegroups.com... >> >> >> > Hi Folks, >> >> > I am hoping that somebody can help me, we are using roaming profiles >> >> > with access rights at the top level of the folder to the user and >> >> > administrators, we are finding thou when the users creates the >> >> > profile >> >> > folder for some atrange reason teh rights are not inherited. They >> >> > are >> >> > inherited with the other folders that are created just not with the >> >> > profile folder and as you can imagine this is an issue especially as >> >> > we have over 4000 users :) any help will be appreciated. >> >> >> > thanks- Hide quoted text - >> >> >> - Show quoted text -- Hide quoted text - >> >> - Show quoted text - > >
Recommended Posts