Re: Roaming Profiles (Admins must takeownership to look at)

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Wilder (Wilder_at_discussions.microsoft.com)
Date: 11/22/04 

Date: Sun, 21 Nov 2004 17:53:04 -0800

You make some good points. But the bottom line is: the client want's this
solution.
The more I dig into MSDN the more I'm learning about taking ownership. I
know how to take ownership using my credentials, but what I need now is the
ability to grant ownership to another user. I found references to this with
Visual Basic but nothing so far with vbscript. I guess I'm going to have to
bite the bullet eventually and delve into vb and vb.net. But for now, I'll
just keep digging. I had an idea of possibly running the script in a login
script to see if that's would work under the users credentials.
Thanks for you input.
"Gerry Hickman" wrote:

> Hi Wilder,
>
> > Ownership concern:
> > We'd like to eventually set quotas on the profiles and I'm 99% sure that it
> > works on ownership.
>
> OK, that's certainly worth looking into. However again you have to ask
> yourself how many hours are in a day? The office over the road from me
> enabled quotas and now they spend all day trying to explain to users
> what is safe (and not safe) to delete from their profile, and also the
> users can't log off until they've cleared the quota so they just walk
> away and leave the workstation logged in. This makes it easy to hack and
> backup jobs will fail. Provided their home directories are not in the
> profile, there's no reason the profile should ever grow above 10Mb. The
> way I deal with it is to check them once a week with a script.
>
> > Other:
> > Unfortunately, the structure is already in place (not done right to begin
> > with). So we have to We've found that applying the "Add Administrator"
> > policy referenced earlier works well but only on newly created accounts. So,
> > we'll more than likely push that policy to workstations.
> > But we still need to hit the already existing folders and correct them.
>
> Well if it was me, I'd just use CACLS (or whatever) to fix it - it's a
> 10 minute job. I'm not convinced you have to do anything to the
> workstations, but you could always use CACLS (in the same way) via the
> C$ share. It depends on whether you need access to the profile on the
> workstation or just on the server?
>
> What you could do is:
>
> 1. Log everyone out
> 2. Fix the ACLs on the server
> 3. Log in a random user and see if the ACLs were picked up from the
> server, my guess is that only newly added files will have been picked up.
>
> > If I were to push inheritance down from the root, that wipe out the existing
> > users permissions wouldn't it?
>
> No, enabling the "Allow inheritable permissions from parent to propogate
> to this object" tick box (in itself) won't wipe them out, but you'd have
> to check whether all subfolders in each profile are also enabled for
> inheritance. If you're lucky - they will be.
>
> What you must NEVER do is "Reset permissions on all child objects" from
> within Windows Explorer (unless you know what you're doing). If you
> simply want to add a group to all folders and files in all user
> profiles, then just use CACLS (or whatever) with the /E switch. This
> will "edit" the ACL instead of replacing it. Type CACLS /? for more details.
>
> --
> Gerry Hickman (London UK)
>

Relevant Pages

  • Re: Zugriff auf serverg. Profil bei Windows 2003
    ... > sobald jemand anderes als nur der user zugriff auf das profile ... > hat, weigert sich winxp, das profile beim nächsten logon ... > zu benutzen (sieht man dann im eventlog der workstation). ... Es geht um *Ownership*, ...
    (microsoft.public.de.german.windows.server.active_directory)
  • Re: "Classic logon" screen in XP does not remeber the user name
    ... upgrade mode and I have seen that myself on one of my computers that worked ... John N ... I recently upgraded a workstation from Windows 2000 Pro to Windows XP Pro. ... can copy missing shortcuts to the new profile. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: "Classic logon" screen in XP does not remeber the user name
    ... John N ... I recently upgraded a workstation from Windows 2000 Pro to Windows XP Pro. ... can copy missing shortcuts to the new profile. ... you can work from the server and ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Change Domain user profile and reconfigure Redirected My Docum
    ... If the workstation is separated from the original domain, ... I copy the Domain profile to a fresh local profile the My Documents folder ... Windows Explorer and click Tools -> Folder Options and go to the Offline ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant get roaming profiles to work on 1 PC
    ... uploaded to the server where the "Profile Path" is directed. ... I need changes made on the workstation to ... Do this *before* the users' roaming profile folders ...
    (microsoft.public.windows.server.general)