Re: Roaming profile and folder redirection
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 08/13/04
- Next message: Lanwench [MVP - Exchange]: "Re: Hide subfolder in common folder"
- Previous message: Sivaprasad: "explorer.exe issue"
- In reply to: H. v.d. Bunte: "Re: Roaming profile and folder redirection"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 13 Aug 2004 10:20:22 -0400
H. v.d. Bunte wrote:
> How can i change the permissions so that the administrator can access
> every file and folder?
For home directories - if you set the permissions you wish on the parent
folder, such as administrators & system=full control, when the new
subfolders are created they should inherit those permissions as well as add
the user.
For profiles, you'd have to take ownership & reset permissions. If you are
going to use a hidden share and aren't too concerned about users browsing,
and also don't have users store files in their profile (as in, no desktop
files, redirect My Docs), you can reset all the permissions to
administrators & system & users=full control for the whole profile tree.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q268019& may help.
>
> Because the admin has full control everywhere.
>
> Thanks a lot for youre help so far :)
>
> H. v.d. Bunte
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> H. v.d. Bunte wrote:
>>> Hello,
>>>
>>> I have some problems with this subject.
>>>
>>> I'm using a W2k3 server and i would like use a roaming profile for
>>> my users. I created 8 users with folder redirection and it worked
>>> perfect. I didn't got any event errors.
>>>
>>> But now i'm making a roaming profile with a profilepath to
>>> \\server01\users\%username% and when i logon with a user and i look
>>> at my server as Administrator i have the following problems:
>>>
>>> 1. I cannot look in the user folder (I could with my folder
>>> redirection) Access denied. And when i deleted the folder I can only
>>> do that when I make the admin the owner of the folder.
>>> 2. I have errors in my eventviewer that the structure of my security
>>> descriptor is invalid. event ID 1000 and 102.
>>
>> I think two things are being conflated here - home directory/folder
>> redirection, and roaming profiles.
>> General notes: "users" is usually the parent home directory folder
>> for each user - don't use it for profiles. I'd set up a hidden share
>> called home$ or users$ Administrator & System should have full
>> control, and each username folder should also allow the individual
>> user "modify" permissions. Specify the home directory in each user's
>> ADUC properties - drive letter h or whatever you want, and
>> \\server\users$\%username%.
>>
>> For profiles, I would set up a hidden share called profiles$ - set
>> up the NTFS permissions so that all users, admins, and system = full
>> control. In each user's ADUC properties for profiles, specify
>> \\server\profiles$\%username%. The permissions will be changed after
>> the user logs in so that they have full control and lock everyone
>> out (although this can be changed later).
>>
>> Then for your folder redirection, specify "a folder under the home
>> directory" in your default domain policy. The roaming profile will
>> be in one place (profiles$) and the home directory and My Documents
>> will be under users$.
>>>
>>> I hope somebody could help.
- Next message: Lanwench [MVP - Exchange]: "Re: Hide subfolder in common folder"
- Previous message: Sivaprasad: "explorer.exe issue"
- In reply to: H. v.d. Bunte: "Re: Roaming profile and folder redirection"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
