Roaming Profile Review

By default in Windows 2003, a roaming profile only assigns permissions to the named user and the local system account, the administrators do not have permissions to this folder, and there is a security check before loading the folder that indeed only those two accounts have access to that profile. Additionally the user is the owner of the folder and all sub-folders/content.

When troubleshooting profile problems, you will need to click on the advanced tab under security and take ownership of the folder, which you can do as a local administrator, however once you do this the profile may break. After that, you will typically assign the administrator group full access to the folder.

Once you are done, please be sure to remove the administrator under security, as well as change the ownership of the folder and sub-folders/content back to the named user. Otherwise you may experience problems with the profile.

This default behavior can be changed via Group Policy or via the Registry, which will permit additional users, and bypass the security check, but it is not recommended.

This is an except and overview of the detailed article at: http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx

Powered by WordPress.com.

Up ↑