[THIN] Re: Roaming profile with Domain extension
- From: "Jim Kenzig http://thin.ms" <jkenzig@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 3 Feb 2009 13:06:27 -0500
As I said this is about having proper permissions on the users profile
directorys. They MUST have System Full Access, User Full Access, and throw
in Admin Full Access. Get the latest version of UPHCLEAN at
http://blogs.technet.com/uphclean/archive/2008/02/28/uphclean-v2-0-beta.aspx
Even though it is beta it is stable
Jim Kenzig
Blog: http://www.techblink.com
On Tue, Feb 3, 2009 at 12:46 PM, Stratton, Doug ISMC:EX <
Doug.M.Stratton@xxxxxxxxx> wrote:
> Good morning all,
>
> Thanks for your comments and here is what I have found so far.
>
> *1st problem - roaming profile directories want .domain extension*
> We are pre-creating the roaming profile folders.
> In the past we created without the .domain name on the end all worked.
>
> What seems to be part of the problem is we are now using an environment
> variable and GP (we had this before but not using envir var) setting to
> determine the location where these profiles are stored.
> We started using an environment variable defined at
> hklm\system\CurrentControlSet\Session Manager\Environment
> We called it SILO which is set to the directory for that silo
> inside that directory we precreate the profile folders (with a script
> and all the correct rights)
> In the gp that defines where profiles are stored we have it set to
> \\server\share\%SILO%
>
> If we don't use envirnoment variable it works the same way it has always.
> No domain extension required.
>
> *2nd problem - profiles not unloading*
> We do have uphclean loaded but it is not "seeing" a problem with the
> profiles not unloading.
> person logs on
> person logs off
> profile not copied down (when all of the above is working)
> user hive still loaded in memory.
> I can manually go and unload them no errors
> but no profile copied
>
> Thanks for any suggestions.
>
> Regards,
> *Doug Stratton*, Shared Service BC
> Service Desk Email:* 77000@xxxxxxxxx*
> Service Desk Tel:* (250)387-7000*
>
>
> ------------------------------
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jim Kenzig http://thin.ms
> *Sent:* February 3, 2009 4:28 AM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: Roaming profile with Domain extension
>
> This sounds right. It seems at our stie. that even in our home
> directory here if we do not have the folder already created for the user
> with System:Full , Administrator:Full and the USERs name:Full access that
> the created folder does not get the correct permissions. to the folder and
> it adds the .domain to the created folder. It is best to make a home folder
> and specify it in AD and then make sure the permissions are set correctly.
> The follow scripts will help you get the permissions set correctly on your
> users folder. Change the attached txt files extensions to .cmd and they
> will be scripts. Edit as below.
>
> See Below
> Hi Guys,
> This stuff was written for us by a vendor. Our users folders for docs are
> F:\users and for profiles F:\profiles, you'll have to edit the scripts where
> that is to the drive and directory where you have yours. Then you run the
> getusers script and it will get a list of all your users to use to set the
> profiles permissions. It will create a file called users.txt. Next run the
> setprofiles script to set the permissions on the folders. What happens is
> that when the profiles are created from the top down in W2K3 admins do not
> have permissions on all the folders. So if you try to delete or do something
> with the profile doesn't always take. At any rate I would suggest you make
> a backup of the profiles/users folders first if you have the disk space
> prior to running this and do it when users are not connected if possible.
> It has solved over 99% of our issues with profiles and sets the proper
> directory permissions on the server. The other thing of course we use is
> UPHCLEAN from MS on the ws/server to keep profiles cleaned off. This is
> built into VISTA and Server 2008
> Get it at
>
> http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=e
>
> You need to download xcacls also and put it in the path get it from
> http://support.microsoft.com/kb/318754
>
> This solves a lot of problems.
>
> Jim Kenzig
> Blog: http://www.techblink.com
>
>
> On Mon, Feb 2, 2009 at 8:39 PM, <christopher.walter@xxxxxxx> wrote:
>
>> I am 99% sure this is normal behavior if you are creating the profile
>> with a policy. If it is created in the users AD account profile then it
>> doesn't happen. Now with that being said I know you can stop this from
>> happening with Home directories if you create the director first and give
>> the user full control to the directory. If the user does not have full
>> control then it will create a new directory with the domain name on the
>> end. I am not sure if it would work with the profile but you can give it a
>> shot.
>>
>> Chris
>>
>> ------------------------------
>> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
>> Behalf Of *Stratton, Doug ISMC:EX
>> *Sent:* February 2, 2009 6:58 PM
>> *To:* thin@xxxxxxxxxxxxx
>> *Subject:* [THIN] Roaming profile with Domain extension
>>
>> For some reason we are getting the following problem with our new
>> servers.
>>
>> W2k3
>> XA 4.5
>> We have Roaming profiles setup
>> We are in a domain.
>>
>> But profiles are not loading.
>>
>> What I found out so far is that it is looking here for the roaming profile
>> *\\servername\sharename\username.domain*
>>
>> USERENV(1294.12b0) 15:01:43:704 LoadUserProfile: lpProfileInfo->lpUserName
>> = <dougtes_s>
>> USERENV(1294.12b0) 15:01:43:704 LoadUserProfile:
>> lpProfileInfo->lpProfilePath = <*\\feat\s002\basic\dougtes_s.OurDomain*>
>>
>> Up until now we have never had to have a folder with the domain name on
>> it. Once in a while we had domain names added as extension but that was
>> when profiles were stuck in memory and the person was logging on a second
>> time. That is not the case this time.
>>
>> Right out of the gate it is appending the domain name to the end.
>>
>> So my question is what can I do to prevent it from using domain extension?
>>
>> I am not sure if it is related but profiles are not unloading either (no
>> errors that I could find in the event log)
>>
>> Regards,
>> *Doug Stratton*, Shared Service BC
>> Service Desk Email:* 77000@xxxxxxxxx*
>> Service Desk Tel:* (250)387-7000*
>>
>>
>> ______________________________________________________________________
>> This email has been scanned by the MessageLabs Email Security System.
>> For more information please visit http://www.messagelabs.com/email
>> ______________________________________________________________________
>>
>
>
Other related posts:
