Re: user profile problem
- From: "Pegasus \(MVP\)" <I.can@xxxxxxx>
- Date: Thu, 28 Apr 2005 15:02:04 +1000
"hernia" <hernia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6B10D683-2F2B-425D-B7CB-5C9FA2285EC8@xxxxxxxxxxxxxxxx
>
>
> "Pegasus (MVP)" wrote:
>
> >
> > "hernia" <hernia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:D32B7CD5-4D56-4129-8C2B-DCE42A4A7D55@xxxxxxxxxxxxxxxx
> > > I've a windows 2000 domain, 2 DC, and win XP clients.
> > > I've a user member of Domain Users group without roaming profile, that
> > when
> > > he logs on windows XP client some parts of his profile is stored in
> > > c:\Documents and Settings\username of the server.
> > > Not all the profile files are written onto the server system disk.
Only
> > some
> > > empty folder and ntuser.ini are written on the server system disk.
> > > A normal profile is stored locally on the win XP client.
> > > When I delete the profile stored on the server it reappers the next
time
> > > user logs on.
> > >
> > > I also tried to delete the user from Active Directory and user profile
> > from
> > > Windows XP client, but the profile reappers on the server system disk.
> > >
> > > I cannot understand why user without administrative privileges can
write
> > > some files on the server system disk?
> > >
> > > I hope anyone can help me, anyway thanks in advance B-)
> >
> > - What are the NTFS permissions for c:\Documents and Settings\username?
> >
> Administrators, System, username: Full Control
>
> For c:\Documents and Settings the permissions are:
> Administrators, System: Full Control
> Users, Everyone: Read&Exec, List Folder, Read
>
> > - What shares to you have on the server? The command "net share" will
> > tell you. Do any of them point to c:\Documents and Settings\username?
> >
> No share points to c:\Documents and Settings\username
> On the server there are 2 disks, C: and D:
> D: is used to store users home dir and data files with relative shares
> C: is used only for operating system and all the share are administrative
or
> domain related, like c$, admin$, netlogon, print$.
>
> > - What groups (other than "Domain Users") is he a member of? The
> > command "net user xxx /domain" will tell you.
> >
> Domain Users only
>
> >
> >
I suspect foul play.
Your first step should obviously be to remove "UserName" from
the list of accounts authorised to access the problem profile folder.
The next step is to explicitly bar "UserName" from accessing
anything under "Documents and Settings".
I would also take a close look at the security branch of the
Event Logger.
.
- Follow-Ups:
- Re: user profile problem
- From: hernia
- Re: user profile problem
- References:
- user profile problem
- From: hernia
- Re: user profile problem
- From: Pegasus \(MVP\)
- Re: user profile problem
- From: hernia
- user profile problem
- Prev by Date: is software restriction policies only working on windows xp?
- Next by Date: Re: boot.ini issue
- Previous by thread: Re: user profile problem
- Next by thread: Re: user profile problem
- Index(es):
Relevant Pages
|
