Re: Repost: GP is ignored, users settings vanish
From: Fred_B (FredB_at_discussions.microsoft.com)
Date: 02/18/05
- Next message: serdar: "help me!!!!"
- Previous message: Simon Geary: "Re: USB"
- In reply to: Roger Abell: "Re: Repost: GP is ignored, users settings vanish"
- Next in thread: Roger Abell: "Re: Repost: GP is ignored, users settings vanish"
- Reply: Roger Abell: "Re: Repost: GP is ignored, users settings vanish"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 18 Feb 2005 07:13:05 -0800
I've just checked that and the user has full control.
"Roger Abell" wrote:
> Well, what I was meaning is the network storage where
> the roaming profile is should have Full control on the
> <user-account> directory granted to <user-account>,
> that is the root of each account's profile should allow
> access by a direct grant to the account.
>
> --
> Roger
> "Fred_B" <FredB@discussions.microsoft.com> wrote in message
> news:B47DD1B1-E9A3-4430-BBDC-A3D2B51C0B6C@microsoft.com...
> > Thanks for the reply.
> >
> > Sorry, I'm not sure what you mean master?
> > If you mean the directory with all of the individual user profiles in it,
> > that's got permissions set domain users > full control. The root of the
> drive
> > is the same.
> >
> > Fred
> >
> > "Roger Abell" wrote:
> >
> > > Check the NTFS permissions on the master of their roaming
> > > profile. It sounds as if they are only getting access to their
> > > profile due to a grant to Administrators and/or Domain Admins.
> > > When their membership is removed, the profile cannot be read,
> > > and the system creates a new one.
> > >
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Security)
> > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > "Fred_B" <FredB@discussions.microsoft.com> wrote in message
> > > news:9D38C496-225D-41FF-83A6-92A7BE3C0D70@microsoft.com...
> > > > Hi,
> > > > Two problems here I think...
> > > >
> > > > To cut to the chase I've created a new OU for certain users who
> already
> > > > exist in the default Users group. The users are both domain
> > > > admins and domain users. They do not need to be domain admins.
> > > > I have created a new OU for them, which has a group policy applied to
> it
> > > to
> > > > prevent them switching off screensaver passwords etc nothing overly
> > > > restrictive.
> > > > All users use roaming profiles.
> > > >
> > > > In a test, I've moved test users to the new OU, and at the same time
> > > removed
> > > > them from the domain admin group.
> > > >
> > > > When the test users logon, Windows treats them as if they've never
> logged
> > > on
> > > > before. Personal settings such as mapped drives, shortcuts etc are
> gone,
> > > the
> > > > connect to
> > > > the internet icon pops onto the desktop along with the welcome to
> windows
> > > > dialog and all of the default shortcuts on the start menu.
> > > > Also the group policy doesn't apply...
> > > > If I leave them in the new OU but make the user a domain admin again,
> the
> > > > personalized settings come back and the group policy applies OK.
> > > > Their settings come back if I move them back to the original users
> > > > container, obviously GP doesn't apply here.
> > > >
> > > > In the group policy, authenticated users and domain users are both set
> to
> > > > read and apply group policy.
> > > > In my previous post, I was directed to what permissions were on the
> > > roaming
> > > > profiles directory. Domain users have full control.
> > > >
> > > > This making any sense to anyone?
> > > >
> > > > Fred (Confused)
> > > >
> > > >
> > >
> > >
> > >
>
>
>
- Next message: serdar: "help me!!!!"
- Previous message: Simon Geary: "Re: USB"
- In reply to: Roger Abell: "Re: Repost: GP is ignored, users settings vanish"
- Next in thread: Roger Abell: "Re: Repost: GP is ignored, users settings vanish"
- Reply: Roger Abell: "Re: Repost: GP is ignored, users settings vanish"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
