[THIN] Re: access to profiles

  • From: Jeremy Saunders <jeremy.saunders@xxxxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Wed, 14 Jun 2006 10:05:15 +0800

Hi Tom and Mark,

There is a group policy option under...
Computer Configuration > Administrative Templates > System > User Profiles

That says "Add the Administrators security group to roaming user profiles"

The explaination says...
"This setting adds the Administrator security group to the roaming user
profile share.
Once an administrator has configured a users' roaming profile, the profile
will be created at the user's next login. The profile is created at the
location that is specified by the administrator.
For the Windows 2000 Professional and Windows XP Professional operating
systems, the default file permissions for the newly generated profile are
full control, or read and write access for the user, and no file access for
the administrators group.
By configuring this setting, you can alter this behavior.
If you enable this setting, the administrator group is also given full
control to the user's profile folder.
If you disable or do not configure it, only the user is given full control
of their user profile, and the administrators group has no file system
access to this folder.
Note: If the setting is enabled after the profile is created, the setting
has no effect.
Note: The setting must be configured on the client computer, not the
server, for it to have any effect, because the client computer sets the
file share permissions for the roaming profile at creation time.
Note: In the default case, administrators have no file access to the user's
profile, but they may still take ownership of this folder to grant
themselves file permissions.
Note: The behavior when this setting is enabled is exactly the same
behavior as in Windows NT 4.0."

Cheers.

 Kind regards,

 Jeremy Saunders
 Senior Technical Specialist

 Infrastructure Technology Services
 (ITS) & Cerulean
 Global Technology Services (GTS)
 IBM Australia
 Level 2, 1060 Hay Street
 West Perth  WA  6005

 Visit us at
 http://www.ibm.com/services/au/its

 P:  +61 8 9261 8412                F:  +61 8 9261 8486
 M:  TBA                            E-mail:
                                    jeremy.saunders@xxxxxxxxxxx










                                                                       
             "Mark CALLEJA"                                            
             <Mark.CALLEJA@dhw                                         
             .wa.gov.au>                                                To
             Sent by:                  <thin@xxxxxxxxxxxxx>            
             thin-bounce@freel                                          cc
             ists.org                                                  
                                                                   Subject
                                       [THIN] Re: access to profiles   
             14/06/2006 09:50                                          
             AM                                                        
                                                                       
                                                                       
             Please respond to                                         
                   thin                                                
                                                                       
                                                                       




Tom

If you get this one sorted please let me know - we have been struggling
with it for several years.

Regards
Mk

Mark Calleja
Coordinator Network Systems
Network Systems
Dept Housing and Works
(08) 9222 4941
mark.calleja@xxxxxxxxxxxxx

"There are only 10 types of people in the world: Those who understand
binary, and those who don't"

>>> tflanagan@xxxxxxxxxxxx 14/06/2006 09:43 am >>>
I have a profiles share

\\servername\profiles In active directory on the terminal services tab
I
fill in the profile path as \\servername\profiles\%username%

When a new user logs on the profile folder is created.  The problem is
that I cannot as a DOMAIN ADMIN or Administrator get access to this
folder.  I have to retake ownership of the profiles folder everytime a
new user is created. I don't ususally need to do this.  But if I want
to
blow away somebody's profile so that it can be recreated I need to.
Also if I want to copy favorites from the old profile to the new
profiles I need to do this.

Permission on the profile share are Domain Admin Full Control.
Security
on the foler in the same. The Reset Permissions on all child object
and
enable propagation of inheritable permissions has been checked and
applied.

But it would seem as a new profile folder is created under the share
it
does not inherit the \\servername\profiles permissions.

Any ideas.


Tom Flanagan
IT Manager
DORIC Constructions (Australia) Pty Ltd ACN 080 922 498

The information transmitted is intended only for the person or entity
to
which it is addressed and may contain confidential and/or privileged
material. If you are not the intended recipient of this message you
are
hereby notified that any use, review, retransmission, dissemination,
distribution, reproduction or any action taken in reliance upon this
message is prohibited. If you have received this email in error,
please
notify us immediately by return e-mail or telephone +61 8 9388 2655
and
destroy the original message. Any views expressed in this message are
those of the individual sender and may not necessarily reflect the
views
of the company.
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************


************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************

Other related posts: