Re: Local permissions for roaming profile to work
- From: "theo" <theo@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 30 Aug 2005 13:37:50 +0100
Hi Brandy
Just as a follow up- I decided to make my own profile roaming (I am a member
of domain admins and thought that might eliminate any permissions issues)
but I wish I hadn't! My email profile was scrubbed and so to was my news
reader profile, my quick launch bar got rearranged and various application
settings such as macro security got set back to the default. There is
obviously something interferring with the roaming profile process; could
shadow copies have any bearing? I am just trying to think of SBS 2003
specific features that might be in play.
Regards
Theo
""Brandy Nee [MSFT]"" <v-branee@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:gEdQUOUrFHA.1208@xxxxxxxxxxxxxxxxxxxxxxxx
> Hello Theo,
>
> Thank you for posting back!
>
> I am sorry that I cannot completely understand what exact issue it is. I
> need to confirm some information with you:
>
> a. You copy the Shared Folder Roaming$ from one Server to your current
> Server, and you cannot access Roaming$ on this current server.
>
> b. How did you copy Roaming$ to the new server? Did you use any Tools to
> migrate the shared folder?
>
> Thanks for your time, and I am looking forward to hearing from you!
>
> Best regards,
>
> Brandy Nee
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
> --------------------
>>From: "Theo" <theo@xxxxxxxxxxxxxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.sbs
>>Subject: Re: Local permissions for roaming profile to work
>>Date: Mon, 29 Aug 2005 12:53:26 +0100
>>Lines: 310
>>Message-ID: <deusvn$r2e$1$830fa79d@xxxxxxxxxxxxxxxx>
>>References: <dekq3v$2lh$1$8302bc10@xxxxxxxxxxxxxxxx>
> <kgEuoAhqFHA.472@xxxxxxxxxxxxxxxxxxxxx>
> <den8bp$nc3$1$8300dec7@xxxxxxxxxxxxxxxx>
> <COQeHQHrFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
>>NNTP-Posting-Host: mitw2.demon.co.uk
>>X-Trace: news.demon.co.uk 1125316407 27726 80.177.98.243 (29 Aug 2005
> 11:53:27 GMT)
>>X-Complaints-To: abuse@xxxxxxxxx
>>NNTP-Posting-Date: Mon, 29 Aug 2005 11:53:27 +0000 (UTC)
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>X-Priority: 3
>>X-RFC2646: Format=Flowed; Original
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>X-MSMail-Priority: Normal
>>Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
> ne.de!peer-uk.news.demon.net!kibo.news.demon.net!news.demon.co.uk!demon!not-
> for-mail
>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:148733
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>Hi Brandy
>>No worries on the delay everybody deserves a weekend and in any case I was
>>glued to the TV watching the test match (cricket) in the UK.
>>In response to your post your interpretation of the problem is correct.
>>Following your notes I am logged on to the server as administrator and can
>>see the permissions on the Roaming$ share which has the Administrators
> group
>>as the its owner.The effective permissions of "Users" to the share are
>>Traverse/Execute, List/Read Data, Read Attributes, Read Extended
> Attributes,
>>Create File/Write Data and Create Folders/Append Data.
>>When I follow your step a and go to the sub-folder (whilst logged on
> locally
>>to the server as the administrator) and click on the security tab I get a
>>Security warning saying "You do not have permissions to view or edit the
>>current pernmissions settings ...." If I OK that and then go on to the
> Owner
>>tab I get "unable to display current owner" where the owner name should be
>>shown. If I then carry out step c it changes the owner to Administrators
> and
>>I can then see the permissions (which shows the User and SYSTEM having
> full
>>control with no other user or group having any permissions) but I cannot
>>access the folder unless I add the Administrators to the permissions tab.
> If
>>I do that I can then see all of the folders you would expect in a profile
>>and the user folder now displays a size etc but each lower level folder
> has
>>the same security condition that the sub-folder (user name) had before I
>>followed step c.
>>The effect I am seeing at the PC (where I have a test profile with a
> couple
>>of settings modified - desktop and a dummy folder on the desktop) is that
>>the desktop does not carry from PC1 to PC2 but the dummy folder (and any
>>changes to its name) does. BTW the user is a member of Power Users on both
>>PCs and of Users on the domain
>>One other point - on one PC I got a waring to turn off caching on the
>>profile share which I have done but without any obvious effect.
>>I hope this is all reasonably clear and look forward to any further
>>suggestions you may have.
>>Regards and thanks for your help
>>Theo
>>""Brandy Nee [MSFT]"" <v-branee@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>news:COQeHQHrFHA.1208@xxxxxxxxxxxxxxxxxxxxxxxx
>>> Hello Theo,
>>>
>>> Thank you for posting back!
>>>
>>> I am sorry for the delayed response due to weekend. Please understand
> that
>>> the newsgroups are staffed weekdays by Microsoft Support professionals
>>> to
>>> answer your systems and applications questions. Your understanding is
>>> greatly appreciated!
>>>
>>> I understand that you have created a shared folder Roaming$ to store the
>>> domain users' roaming profiles, when you trying to view the properties
>>> of
>>> the sub folders, you got access denied error message and you found the
> sub
>>> folders are 0 bytes . If I have misunderstood your concern, please let
>>> me
>>> know.
>>>
>>> Please see my following information:
>>>
>>> 1> The permissions of each username folder in the roaming profile share
>>> should inherit the share permissions or is there some other way in which
>>> those permissions are set?
>>>
>>> Answer: When domain users log on their client workstation, their roaming
>>> profile folders will be created in Roaming$ automatically. These sub
>>> folders have own permissions, user cannot access other users' Roaming
>>> Profile folders, so it not inherited from Roaming$.
>>>
>>> 2> If you want to access domain users' roaming profiles folder, please
>>> make
>>> sure that you use the Administrator account to access the shared
>>> folders.
>>> If you have already used the Administrator account, please check whether
>>> Administrator account has taken the owner ship of the shared folder. To
> do
>>> so, please see:
>>>
>>> a. Right click the sub folder in Roaming$, go to Properties, Security
> tab.
>>> Click Advanced.
>>>
>>> b. Owner tab.
>>>
>>> c. Click Other Users or Groups -> Advanced -> Find Now, select your
>>> account
>>> in the Search Results Pool.
>>>
>>> d. Click OK four times.
>>>
>>> e. Can you access the folder now?
>>>
>>> f. If you can access the folder, please check whether there is any thing
>>> recorded inside, then we go continue troubleshooting.
>>>
>>> Thanks for your time, and I am looking forward to your reply!
>>>
>>> Best regards,
>>>
>>> Brandy Nee
>>>
>>> Microsoft CSS Online Newsgroup Support
>>>
>>> Get Secure! - www.microsoft.com/security
>>> ======================================================
>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>> regarding other Microsoft products, you'd better post in the
> corresponding
>>> newsgroups so that they can be resolved in an efficient and timely
> manner.
>>> You can locate the newsgroup here:
>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>
>>> When opening a new thread via the web interface, we recommend you check
>>> the
>>> "Notify me of replies" box to receive e-mail notifications when there
>>> are
>>> any updates in your thread. When responding to posts via your
>>> newsreader,
>>> please "Reply to Group" so that others may learn and benefit from your
>>> issue.
>>>
>>> Microsoft engineers can only focus on one issue per thread. Although we
>>> provide other information for your reference, we recommend you post
>>> different incidents in different threads to keep the thread clean. In
>>> doing
>>> so, it will ensure your issues are resolved in a timely manner.
>>>
>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>> Please
>>> check http://support.microsoft.com for regional support phone numbers.
>>>
>>> Any input or comments in this thread are highly appreciated.
>>> ======================================================
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>>
>>>
>>> --------------------
>>>>From: "Theo" <theo@xxxxxxxxxxxxxxxxxxxxxxxxx>
>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>Subject: Re: Local permissions for roaming profile to work
>>>>Date: Fri, 26 Aug 2005 15:18:33 +0100
>>>>Lines: 143
>>>>Message-ID: <den8bp$nc3$1$8300dec7@xxxxxxxxxxxxxxxx>
>>>>References: <dekq3v$2lh$1$8302bc10@xxxxxxxxxxxxxxxx>
>>> <kgEuoAhqFHA.472@xxxxxxxxxxxxxxxxxxxxx>
>>>>NNTP-Posting-Host: mitw2.demon.co.uk
>>>>X-Trace: news.demon.co.uk 1125065914 23939 80.177.98.243 (26 Aug 2005
>>> 14:18:34 GMT)
>>>>X-Complaints-To: abuse@xxxxxxxxx
>>>>NNTP-Posting-Date: Fri, 26 Aug 2005 14:18:34 +0000 (UTC)
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>>>X-Priority: 3
>>>>X-RFC2646: Format=Flowed; Original
>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>>>X-MSMail-Priority: Normal
>>>>Path:
>>>
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!newsfe
>>>
> ed01.sul.t-online.de!t-online.de!news.germany.com!ecngs!feeder.ecngs.de!195.
>>>
> 40.0.165.MISMATCH!easynet-monga!easynet.net!xara.net!gxn.net!194.159.246.34.
>>>
> MISMATCH!peer-uk.news.demon.net!kibo.news.demon.net!news.demon.co.uk!demon!n
>>> ot-for-mail
>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:148103
>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>
>>>>Thanks Brandy
>>>>That was the question but I now need to ask a follow on question.
>>>>I set up the share for the profiles and shared it as "roaming$" and
>>> followed
>>>>the KB you quoted. The user name folders were created on log on but when
> I
>>>>tried to check on the properties of those folders I got access denied
>>>>and
>>>>could see that the permissions had not been inherited from roaming$ Also
>>> the
>>>>size of the whol folder was given as zero. Also the profiles were not
>>>>preserved on subsequent log on and I wondered if it was due to user
> rights
>>>>on the local PC.
>>>>I will check the permissions you listed but could you tell me if the
>>>>permissions of each username folder in the roaming profile share should
>>>>inherit the share permissions or is there some other way in which those
>>>>permissions are set?
>>>>Regards
>>>>Theo
>>>>""Brandy Nee [MSFT]"" <v-branee@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>news:kgEuoAhqFHA.472@xxxxxxxxxxxxxxxxxxxxxxxx
>>>>> Hello Theo,
>>>>>
>>>>> Thank you for posting to the SBS Newsgroup.
>>>>>
>>>>> I understand that you want to know what permissions should be set on
> the
>>>>> client workstation for roaming profile. If I have misunderstood your
>>>>> concern, please let me know.
>>>>>
>>>>> Actually, we do not need to set any permission for it. Please see:
>>>>>
>>>>> For example, if the user name is aaa.
>>>>>
>>>>> 1. Open My Computer, go to %system root%\Documents and Settings. Right
>>>>> click the aaa folder, select Properties, and go to Security tab. By
>>>>> default, the permissions are:
>>>>>
>>>>> Administrators: Full Control
>>>>> aaa: Full Control
>>>>> SYSTEM: Full Control
>>>>>
>>>>> [Note]: No Any Deny box being checked.
>>>>>
>>>>>
>>>>> Click Advanced, Permissions tab, highlight each of the Permission
>>>>> entries
>>>>> and click Edit to make sure:
>>>>>
>>>>> a. They have Full Control permission.
>>>>>
>>>>> b. Apply Onto: This Folder, subfolders and files
>>>>>
>>>>> c. No Any Deny box being checked.
>>>>>
>>>>> 2. Right click My Computer, select Manager, and expand to Computer
>>>>> Management (Local) \Local Users and Groups\Groups. On the right pane,
>>>>> double click Users to check whether there is anything being changed.
>>>>>
>>>>> 3. From your post, I wonder whether the roaming file work well on your
>>>>> side
>>>>> now. If you have any concern or questions on it, please feel free to
> let
>>>>> me
>>>>> know.
>>>>>
>>>>> For your additional information:
>>>>>
>>>>> How to configure a user account to use a roaming user profile in
> Windows
>>>>> Server 2003, Windows 2000 Server, or Windows NT 4.0
>>>>> http://support.microsoft.com/?id=316353
>>>>>
>>>>> Thanks for your time! If anything is unclear, please feel free to let
> me
>>>>> know. I am looking forward to your reply!
>>>>>
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Brandy Nee
>>>>>
>>>>> Microsoft CSS Online Newsgroup Support
>>>>>
>>>>> Get Secure! - www.microsoft.com/security
>>>>> ======================================================
>>>>> This newsgroup only focuses on SBS technical issues. If you have
>>>>> issues
>>>>> regarding other Microsoft products, you'd better post in the
>>> corresponding
>>>>> newsgroups so that they can be resolved in an efficient and timely
>>> manner.
>>>>> You can locate the newsgroup here:
>>>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>>>
>>>>> When opening a new thread via the web interface, we recommend you
>>>>> check
>>>>> the
>>>>> "Notify me of replies" box to receive e-mail notifications when there
>>>>> are
>>>>> any updates in your thread. When responding to posts via your
>>>>> newsreader,
>>>>> please "Reply to Group" so that others may learn and benefit from your
>>>>> issue.
>>>>>
>>>>> Microsoft engineers can only focus on one issue per thread. Although
>>>>> we
>>>>> provide other information for your reference, we recommend you post
>>>>> different incidents in different threads to keep the thread clean. In
>>>>> doing
>>>>> so, it will ensure your issues are resolved in a timely manner.
>>>>>
>>>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>>>> Please
>>>>> check http://support.microsoft.com for regional support phone numbers.
>>>>>
>>>>> Any input or comments in this thread are highly appreciated.
>>>>> ======================================================
>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>> rights.
>>>>>
>>>>>
>>>>>
>>>>> --------------------
>>>>>>From: "Theo" <theo@xxxxxxxxxxxxxxxxxxxxxxxxx>
>>>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>>>Subject: Local permissions for roaming profile to work
>>>>>>Date: Thu, 25 Aug 2005 17:03:10 +0100
>>>>>>Lines: 7
>>>>>>Message-ID: <dekq3v$2lh$1$8302bc10@xxxxxxxxxxxxxxxx>
>>>>>>NNTP-Posting-Host: mitw2.demon.co.uk
>>>>>>X-Trace: news.demon.co.uk 1124985791 2737 80.177.98.243 (25 Aug 2005
>>>>> 16:03:11 GMT)
>>>>>>X-Complaints-To: abuse@xxxxxxxxx
>>>>>>NNTP-Posting-Date: Thu, 25 Aug 2005 16:03:11 +0000 (UTC)
>>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>>>>>X-Priority: 3
>>>>>>X-RFC2646: Format=Flowed; Original
>>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>>>>>X-MSMail-Priority: Normal
>>>>>>Path:
>>>>>
>>>
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!newsfe
>>>>>
>>>
> ed01.sul.t-online.de!t-online.de!news.germany.com!ecngs!feeder.ecngs.de!195.
>>>>>
>>>
> 40.0.165.MISMATCH!easynet-monga!easynet.net!xara.net!gxn.net!194.159.246.34.
>>>>>
>>>
> MISMATCH!peer-uk.news.demon.net!kibo.news.demon.net!news.demon.co.uk!demon!n
>>>>> ot-for-mail
>>>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147786
>>>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>>>
>>>>>>Hi
>>>>>>What permissions does the user need on the local machine for roaming
>>>>>>profiles to work? Must the user be a local admininistrator or will
> power
>>>>>>user suffice?
>>>>>>Theo
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
.
- Follow-Ups:
- Re: Local permissions for roaming profile to work
- From: "Brandy Nee [MSFT]"
- Re: Local permissions for roaming profile to work
- References:
- Local permissions for roaming profile to work
- From: Theo
- RE: Local permissions for roaming profile to work
- From: "Brandy Nee [MSFT]"
- Re: Local permissions for roaming profile to work
- From: Theo
- Re: Local permissions for roaming profile to work
- From: "Brandy Nee [MSFT]"
- Re: Local permissions for roaming profile to work
- From: Theo
- Re: Local permissions for roaming profile to work
- From: "Brandy Nee [MSFT]"
- Local permissions for roaming profile to work
- Prev by Date: Re: Remote Access for SBS 2003
- Next by Date: Re: Security errors since isntalling SP1
- Previous by thread: Re: Local permissions for roaming profile to work
- Next by thread: Re: Local permissions for roaming profile to work
- Index(es):
Relevant Pages
|
