Re: Moving Roaming Profile
- From: Hank Arnold <rasilon@xxxxxxx>
- Date: Mon, 18 May 2009 04:45:03 -0400
I would say "Yes". Be careful, though. I've done this and a few times the user ended up not having access. You need to verify that the user's account is still in the permissions list.
--
Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
http://mypcassistant.blogspot.com/
lozza wrote:
Oh well... I guess I should be lucky its only 500 users and not a thousand... :).
So just too make sure I am doing the right here... obviously I will test thoroughly first, but the steps for this part would be:
1) Login as a Domain Admin Account 2) Browse to network share where roaming user profiles exist
3) For every roaming profile folder right click --> properties --> security tab --> advanced --> owner tab --> Select my account (Domain Admin account) and hit apply. Should I also check the box to replace owner on sub containerand objects??
4) Go into the permissions tab and add Domain Admins to Full control on this folder and subfolders and files
5) Go back into the owner tab and set the owner back to the original user... again not sure about the replace owner on subcontainer and objects box...
And i'm hoping this will then give me, a domain admin, the ability to move these folders off to the new location... instead of the empty folder I am getting at the moment....
Thanks for your help today!
Lozza
"Jeff Pitsch" wrote:
Profiles do not honor in heritance of permissions. I don't know why
but they don't. So adding that setting in group policy is pretty
important.
as for automating, i don't know of a way offhand. I do know there is
supposed to be a way to script NTFS permissions but I've never done
it. I can't help you there :(
On May 13, 1:26 pm, lozza <lo...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:Jeff,
I just came to the exact same conclusion reading around this subject... and
was really hoping you wouldnt say that :)
So, just for my understanding here, whether you create a roaming profile
from the TS GPO Settings CC\AT\WC\TS\set path for TS roaming profiles or via
the Profile tab on the User Account properties in AD or via the Terminal
Services Profile in the User Account properties again (even if all profile
locations are different) the "Add the Administrators security group to
roaming user profiles" setting will add the administrators security group to
locations where these profiles are created?? So in effect the very fact that
share/NTFS permission are saying Domain Admins should have Full control....
they dont really? I'm getting a little confused as to how this works... sorry
to be pain. Just the redirected folders are fine... but seems profiles are
working different.
Lastly and inevitably... is there a way to take this ownership and redo the
permissions in an automated fashion... I;ve got 500 users :(
Thanks
Loz
"Jeff Pitsch" wrote:There is a GPO setting to add domain admins to the roaming folder. It- Show quoted text -
is under computer config, admin templates, system ,user profiles and
is call "Add the Administrators security group to roaming user
profiles.
The only problem is this only affects new profiles. you'll have to
take control of the directory where the profiles are stored and then
redo permissions.
Jeff Pitsch
Microsoft MVP - Terminal Services
On May 13, 11:00 am, lozza <lo...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hey Jeff,
I've just run into another issue while looking into this a little more. The
user profile share although it has Domain Admins full control on this
folder/subfolder/files... I still cannot for some reason access the user
profile folder and when I copy and paste it over to the new location.... it
goes over as a blank empty folder... any ideas why this is happening?
Lozz
"Jeff Pitsch" wrote:
I would do what you said. If you don't, and you let users on and- Show quoted text -- Hide quoted text -
everything is screwed up, you've seriously inconvienced the users if
not upset them outright. How much downtime will it then take for you
to put everything back? Not long but you need to tell the users more
downtime is needed and they can't work. Lost work, lost money. You
are much better off creating those users ahead of time and testing
with them after you move everything. Then if things are messed up,
you switch everything back and the users never know the difference.
You then figure out what went wrong, correct the mistake and try
again.
Jeff Pitsch
Microsoft MVP - Terminal Services
On May 13, 9:58 am, lozza <lo...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Jeff,
Thanks your response... very much appreciated. I would like to test but I
struggle in understanding how I would test and revert back if it doesnt work,
because all my redirection settings and roaming profiles locations are done
for all users via GPO. So in this sense, it is a move all users folders at
one go or not.
I guess before allowing users to log on I could create some test users
beforehand hand, create some folders on their desktops, my docs folder etc
etc and then do the move and see if they still exist, once logged in....
before letting any end users back on.
I guess then, if this doesnt work... I just set the redirection locations
and profile locations back to their original location and and everything will
kick in... what I dont want in the xxxxxx.001 profile that gets created
sometimes for some reason.
Thanks
Lozza "Jeff Pitsch" wrote:That looks good but you're missing a very important step which is- Show quoted text -- Hide quoted text -
doing due diligence and testing, testing, testing. Before I would
allow any users on the system i would test everything out with a test
user or two to make sure it still all works. Other than that, i think
it looks good.
Jeff Pitsch
Microsoft MVP - Terminal Services
On May 13, 8:57 am, lozza <lo...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi Guys,
Looking for some tips here if possible. I have roaming profiles enabled and
redirected folders enabled on my Terminal Servers via GPO to a dedicated
resilient file server. I have created the shares these folders are stored
under using the permissions structure explained in Article ID: 274443.. I also
keep the cached copies of roaming profiles on the servers just in case. I
have about 500 users balanced across 8 nodes in a cluster
Now my issue is the file server is being decommisioned and I'm a little
concerned about the sequence of steps I need to take to move these roaming
profiles and redirected folders safely without losing user data.
Would the following be a good plan of action:
1) Request downtime for whole TS Environment
2) Shutdown all TS Servers (to release any locks on profile/redirected
folders preventing copying)
3) Create the top level shares again using Article ID: 274443
4) Copy and paste the roaming profiles and redirected folders (desktop, My
Documents, App Data) to their respective top level shares
5) Ammend the GPO targeted to the TS Servers for roaming profile and
redirected folder locations to new locations
6) Restart TS Servers
7) Allow users to start logging on and their profiles and redirected folders
will be in tact and now available from the new location.
Or have I got the procedure horribly wrong? Any assistance to ease my
confidence would be greatly appreciated.
Lozz- Hide quoted text -
- Follow-Ups:
- Re: Moving Roaming Profile
- From: lozza
- Re: Moving Roaming Profile
- References:
- Moving Roaming Profile
- From: lozza
- Re: Moving Roaming Profile
- From: Jeff Pitsch
- Re: Moving Roaming Profile
- From: lozza
- Re: Moving Roaming Profile
- From: Jeff Pitsch
- Re: Moving Roaming Profile
- From: lozza
- Re: Moving Roaming Profile
- From: Jeff Pitsch
- Re: Moving Roaming Profile
- From: lozza
- Re: Moving Roaming Profile
- From: Jeff Pitsch
- Re: Moving Roaming Profile
- From: lozza
- Moving Roaming Profile
- Prev by Date: Re: TS CALS DONT EXPIRE!!!!!
- Next by Date: Re: TS - Licensing
- Previous by thread: Re: Moving Roaming Profile
- Next by thread: Re: Moving Roaming Profile
- Index(es):
Relevant Pages
|
Loading
