[THIN] Re: Permissions

• From: "Steve Raffensberger" <sraffens1@xxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 2 Mar 2004 20:44:05 -0500

Nick,

I'd like to expand on Jay's response and give you an alternative in answer
to your other question.

First, if you are using W2KSP4, another new, applicable AD entry shows up.
It essentially tells the login process to refrain from demanding that the
user own the roaming profile. That can stop it from being so picky when you
take ownership.

Second, someone on this list gave me a good hint a few years ago about temp
folder permissions which transfers nicely to roaming profile permissions. I
set permissions on the folder that contains the roaming profiles once and it
takes care of the rest. Here's how.
Set Domain Admins Full Control
Set System Full Control
Set Creator/Owner Full Control
Set Domain Users Read
Finally, in Advanced, change Domain Users from Read to Special by giving
them capability to create folders.

Now, each user can create their own Roaming profile without having Full
Control of the folder that holds them. When they do, they inherit the
permissions, giving them Full Control over their own profile because they
are the creator. The AD setting that Jay mentions allows the Administrators
access too.

HTH,

Raff

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Jay Moock
Sent: Tuesday, March 02, 2004 12:17 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Permissions


See 222043 for an explanation of this problem as it pertains to Win2k.
The same fix applies to Win2k3, but its located under \Computer
Configuration\Administrative Templates\System\User Profiles instead of
\Logon

Hope that helps.
Jay

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Nick Smith
Sent: Tuesday, March 02, 2004 12:09 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Permissions


On a related note, when the Profiel folders are created (Win2003) for
individual users, as Admin I expect to have rights but I don't seem to
unless I take ownership, which mcuks things up royally. Is this expected
behaviour ?

Nick

-----Original Message-----
From: Petitti, Bruno [mailto:bpetitti@xxxxxx]=20
Sent: 02 March 2004 17:04
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Permissions

I was wondering what permissiion should be applied to the roaming
profile directory? Right now, we have domain users set to everyone and I
would like to lock it down more.
=20
Thanks for your help in advance.
If you have any questions, please do not hesitate to contact me.=20

Bruno Petitti, CCA, MCSE
Manager Information Services - Toronto Region BDO Dunwoody LLP
Telephone: 905.525.6800
Fax: 905.525.6841
Email: bpetitti@xxxxxx =20

The information contained in this email is confidential information
intended only for the addressee(s).  If you have received this
communication in error, please immediately notify me by telephone at the
above noted number (collect if necessary) and delete or destroy any
copies of it.  Thank you.=20


=20


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application
management problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm


-- No attachments (even text) are allowed --
-- Type: application/ms-tnef
-- File: winmail.dat


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

• References:
  • [THIN] Re: Permissions
    • From: Jay Moock

Other related posts:

• » [THIN] Permissions
• » [THIN] Re: Permissions
• » [THIN] Re: Permissions
• » [THIN] Re: Permissions
• » [THIN] Re: Permissions
• » [THIN] Permissions
• » [THIN] Permissions

1. Home
2. thin
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---