Nick, I'd like to expand on Jay's response and give you an alternative in answer to your other question. First, if you are using W2KSP4, another new, applicable AD entry shows up. It essentially tells the login process to refrain from demanding that the user own the roaming profile. That can stop it from being so picky when you take ownership. Second, someone on this list gave me a good hint a few years ago about temp folder permissions which transfers nicely to roaming profile permissions. I set permissions on the folder that contains the roaming profiles once and it takes care of the rest. Here's how. Set Domain Admins Full Control Set System Full Control Set Creator/Owner Full Control Set Domain Users Read Finally, in Advanced, change Domain Users from Read to Special by giving them capability to create folders. Now, each user can create their own Roaming profile without having Full Control of the folder that holds them. When they do, they inherit the permissions, giving them Full Control over their own profile because they are the creator. The AD setting that Jay mentions allows the Administrators access too. HTH, Raff -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Jay Moock Sent: Tuesday, March 02, 2004 12:17 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Permissions See 222043 for an explanation of this problem as it pertains to Win2k. The same fix applies to Win2k3, but its located under \Computer Configuration\Administrative Templates\System\User Profiles instead of \Logon Hope that helps. Jay -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Nick Smith Sent: Tuesday, March 02, 2004 12:09 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Permissions On a related note, when the Profiel folders are created (Win2003) for individual users, as Admin I expect to have rights but I don't seem to unless I take ownership, which mcuks things up royally. Is this expected behaviour ? Nick -----Original Message----- From: Petitti, Bruno [mailto:bpetitti@xxxxxx]=20 Sent: 02 March 2004 17:04 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Permissions I was wondering what permissiion should be applied to the roaming profile directory? Right now, we have domain users set to everyone and I would like to lock it down more. =20 Thanks for your help in advance. If you have any questions, please do not hesitate to contact me.=20 Bruno Petitti, CCA, MCSE Manager Information Services - Toronto Region BDO Dunwoody LLP Telephone: 905.525.6800 Fax: 905.525.6841 Email: bpetitti@xxxxxx =20 The information contained in this email is confidential information intended only for the addressee(s). If you have received this communication in error, please immediately notify me by telephone at the above noted number (collect if necessary) and delete or destroy any copies of it. Thank you.=20 =20 ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm -- No attachments (even text) are allowed -- -- Type: application/ms-tnef -- File: winmail.dat ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm