Re: Add the Adminsitrators security group to roaming user profiles
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Tue, 16 Aug 2005 13:31:04 -0500
"S3" <S3@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1D3D4F28-868F-413D-B521-EC079AA5655D@xxxxxxxxxxxxxxxx
> Can we somehow just create and ADM file for this.
Yes, but an ADM isn't necessary -- NTFS permissions are already an item
in GPOs (Computer->WindowsSettings->SecuritySettings->FileSettings.
BUT be warned that this is not a trivial task unless you already are very
comfortable with permissions (e.g., write batch files to manage them),
and you might find that setting up a "prototype system", exporting, and
using (importing) a Security Template (.inf) is easier for you.
> I want to give a security
> group access to our roaming profiles via a gp. Is it possible?
Yes. But since roaming profiles are on a file server (somewhere) why not
just set the permissions directly or through a batch file.
This would be a more interesting GPO problem if you had to do this on
dozens or even thousands of machines.
> I know this
> canned GPO setting gives the Administrators group access to the profile.
How do you know that? I don't know it.
Such permisssions default to the file systems on the Roaming Profile
file server(s).
What precisely are you really trying to do? And why is that your goal?
That is, what is your TRUE goal underneath all of this...?
> I
> was just thinking if we knew where in the registry the Administrators
group
> is specified we could just change it to reflect the name/SID of the
security
> group that I want to give access to the profiles for.
It isn't -- and that is a different question than you have been asking.
And you don't (normally) want to REMOVE the admins group from such
access but perhaps ADD another group.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
> "Herb Martin" wrote:
>
> > "S3" <S3@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:E779EEA8-5EBE-48F5-A646-A8F216AF9652@xxxxxxxxxxxxxxxx
> > > I know we can use the Add the Adminsitrators security group to roaming
> > user
> > > profiles setting to give the Admins full access to profiles. My
questions
> > is
> > > how can I substitute the Admnistrators security group for another
security
> > > group. Is this value stored on the server registry somewhere? Can we
> > create
> > > an ADM template for this. Thanks!!
> >
> > Yes.
> >
> > But what are you REALLY trying to accomplish? (Rather than
> > how you think you might do that....)
> >
> > SubInAcl.exe (reskit) will change an ACL to reference a different
> > group.
> >
> > --
> > Herb Martin, MCSE, MVP
> > Accelerated MCSE
> > http://www.LearnQuick.Com
> > [phone number on web site]
> >
> >
> >
.
- Follow-Ups:
- References:
- Prev by Date: Server Crash!
- Next by Date: RE: Domain Controller will not BOOT
- Previous by thread: Re: Add the Adminsitrators security group to roaming user profiles
- Next by thread: Re: Add the Adminsitrators security group to roaming user profiles
- Index(es):
Relevant Pages
|
Loading
