Re: Repost: GP is ignored, users settings vanish
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 02/18/05
- Next message: hallstein: "Re: Finding what my current policy is?"
- Previous message: Maciej Drwiega: "Configuring Messenger via GP"
- In reply to: Fred_B: "Re: Repost: GP is ignored, users settings vanish"
- Next in thread: Fred_B: "Re: Repost: GP is ignored, users settings vanish"
- Reply: Fred_B: "Re: Repost: GP is ignored, users settings vanish"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 18 Feb 2005 00:08:00 -0700
Well, what I was meaning is the network storage where
the roaming profile is should have Full control on the
<user-account> directory granted to <user-account>,
that is the root of each account's profile should allow
access by a direct grant to the account.
-- Roger "Fred_B" <FredB@discussions.microsoft.com> wrote in message news:B47DD1B1-E9A3-4430-BBDC-A3D2B51C0B6C@microsoft.com... > Thanks for the reply. > > Sorry, I'm not sure what you mean master? > If you mean the directory with all of the individual user profiles in it, > that's got permissions set domain users > full control. The root of the drive > is the same. > > Fred > > "Roger Abell" wrote: > > > Check the NTFS permissions on the master of their roaming > > profile. It sounds as if they are only getting access to their > > profile due to a grant to Administrators and/or Domain Admins. > > When their membership is removed, the profile cannot be read, > > and the system creates a new one. > > > > -- > > Roger Abell > > Microsoft MVP (Windows Security) > > MCSE (W2k3,W2k,Nt4) MCDBA > > "Fred_B" <FredB@discussions.microsoft.com> wrote in message > > news:9D38C496-225D-41FF-83A6-92A7BE3C0D70@microsoft.com... > > > Hi, > > > Two problems here I think... > > > > > > To cut to the chase I've created a new OU for certain users who already > > > exist in the default Users group. The users are both domain > > > admins and domain users. They do not need to be domain admins. > > > I have created a new OU for them, which has a group policy applied to it > > to > > > prevent them switching off screensaver passwords etc nothing overly > > > restrictive. > > > All users use roaming profiles. > > > > > > In a test, I've moved test users to the new OU, and at the same time > > removed > > > them from the domain admin group. > > > > > > When the test users logon, Windows treats them as if they've never logged > > on > > > before. Personal settings such as mapped drives, shortcuts etc are gone, > > the > > > connect to > > > the internet icon pops onto the desktop along with the welcome to windows > > > dialog and all of the default shortcuts on the start menu. > > > Also the group policy doesn't apply... > > > If I leave them in the new OU but make the user a domain admin again, the > > > personalized settings come back and the group policy applies OK. > > > Their settings come back if I move them back to the original users > > > container, obviously GP doesn't apply here. > > > > > > In the group policy, authenticated users and domain users are both set to > > > read and apply group policy. > > > In my previous post, I was directed to what permissions were on the > > roaming > > > profiles directory. Domain users have full control. > > > > > > This making any sense to anyone? > > > > > > Fred (Confused) > > > > > > > > > > > >
- Next message: hallstein: "Re: Finding what my current policy is?"
- Previous message: Maciej Drwiega: "Configuring Messenger via GP"
- In reply to: Fred_B: "Re: Repost: GP is ignored, users settings vanish"
- Next in thread: Fred_B: "Re: Repost: GP is ignored, users settings vanish"
- Reply: Fred_B: "Re: Repost: GP is ignored, users settings vanish"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
