[THIN] Re: Roaming profile with Domain extension

  • From: "Jim Kenzig http://thin.ms" <jkenzig@xxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Tue, 3 Feb 2009 07:28:00 -0500

This sounds right. It seems at our stie.  that even in our home directory
here if we do not have the folder already created for the user with
System:Full , Administrator:Full and the USERs name:Full access that the
created folder does not get the correct permissions.  to the folder and it
adds the .domain to the created folder. It is best to make a home folder and
specify it in AD and then make sure the permissions are set correctly. The
follow scripts will help you get the permissions set correctly on your users
folder.  Change the attached txt files extensions to .cmd and they will be
scripts. Edit as below.

See Below
Hi Guys,
This stuff was written for us by a vendor.  Our users folders for docs are
F:\users and for profiles F:\profiles, you'll have to edit the scripts where
that is to the drive and directory where you have yours.   Then you run the
getusers script and it will get a list of all your users to use to set the
profiles permissions.  It will create a file called users.txt.  Next run the
setprofiles script to set the permissions on the folders.  What happens is
that when the profiles are created from the top down in W2K3 admins do not
have permissions on all the folders. So if you try to delete or do something
with the profile doesn't always take.  At any rate I would suggest you make
a backup of the profiles/users folders first if you have the disk space
prior to running this and do it when users are not connected if possible.
It has solved over 99% of our issues with profiles and sets the proper
directory permissions on the server.  The other thing of course we use is
UPHCLEAN from MS on the ws/server to keep profiles cleaned off.  This is
built into VISTA and Server 2008
Get it at
http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=e

You need to download xcacls also and put it in the path get it from
http://support.microsoft.com/kb/318754

 This solves a lot of problems.

Jim Kenzig
Blog: http://www.techblink.com


On Mon, Feb 2, 2009 at 8:39 PM, <christopher.walter@xxxxxxx> wrote:

>  I am 99% sure this is normal behavior if you are creating the profile
> with a policy.  If it is created in the users AD account profile then it
> doesn't happen.  Now with that being said I know you can stop this from
> happening with Home directories if you create the director first and give
> the user full control to the directory.  If the user does not have full
> control then it will create a new directory with the domain name on the
> end.  I am not sure if it would work with the profile but you can give it a
> shot.
>
> Chris
>
>  ------------------------------
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Stratton, Doug ISMC:EX
> *Sent:* February 2, 2009 6:58 PM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Roaming profile with Domain extension
>
>  For some reason we are getting the following problem with our new
> servers.
>
> W2k3
> XA 4.5
> We have Roaming profiles setup
> We are in a domain.
>
> But profiles are not loading.
>
> What I found out so far is that it is looking here for the roaming profile
> *\\servername\sharename\username.domain*
>
> USERENV(1294.12b0) 15:01:43:704 LoadUserProfile: lpProfileInfo->lpUserName
> = <dougtes_s>
> USERENV(1294.12b0) 15:01:43:704 LoadUserProfile:
> lpProfileInfo->lpProfilePath = <*\\feat\s002\basic\dougtes_s.OurDomain*>
>
> Up until now we have never had to have a folder with the domain name on
> it.  Once in a while we had domain names added as extension but that was
> when profiles were stuck in memory and the person was logging on a second
> time.   That is not the case this time.
>
> Right out of the gate it is appending the domain name to the end.
>
> So my question is what can I do to prevent it from using domain extension?
>
> I am not sure if it is related but profiles are not unloading either (no
> errors that I could find in the event log)
>
> Regards,
> *Doug Stratton*, Shared Service BC
> Service Desk Email:* 77000@xxxxxxxxx*
> Service Desk Tel:* (250)387-7000*
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
@Echo Off
Dir /B c:\Profiles >c:\users.txt
For /F %%1 in (c:\users.txt) do xcacls c:\profiles\%%1 /T /C /Y /G 
administrators:F OFFICE\%%1:F System:F
For /F %%1 in (c:\users.txt) do xcacls c:\users\%%1 /T /C /Y /G 
administrators:F OFFICE\%%1:F System:F

Other related posts: