Hi Tom and Mark, There is a group policy option under... Computer Configuration > Administrative Templates > System > User Profiles That says "Add the Administrators security group to roaming user profiles" The explaination says... "This setting adds the Administrator security group to the roaming user profile share. Once an administrator has configured a users' roaming profile, the profile will be created at the user's next login. The profile is created at the location that is specified by the administrator. For the Windows 2000 Professional and Windows XP Professional operating systems, the default file permissions for the newly generated profile are full control, or read and write access for the user, and no file access for the administrators group. By configuring this setting, you can alter this behavior. If you enable this setting, the administrator group is also given full control to the user's profile folder. If you disable or do not configure it, only the user is given full control of their user profile, and the administrators group has no file system access to this folder. Note: If the setting is enabled after the profile is created, the setting has no effect. Note: The setting must be configured on the client computer, not the server, for it to have any effect, because the client computer sets the file share permissions for the roaming profile at creation time. Note: In the default case, administrators have no file access to the user's profile, but they may still take ownership of this folder to grant themselves file permissions. Note: The behavior when this setting is enabled is exactly the same behavior as in Windows NT 4.0." Cheers. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 2, 1060 Hay Street West Perth WA 6005 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 M: TBA E-mail: jeremy.saunders@xxxxxxxxxxx "Mark CALLEJA" <Mark.CALLEJA@dhw .wa.gov.au> To Sent by: <thin@xxxxxxxxxxxxx> thin-bounce@freel cc ists.org Subject [THIN] Re: access to profiles 14/06/2006 09:50 AM Please respond to thin Tom If you get this one sorted please let me know - we have been struggling with it for several years. Regards Mk Mark Calleja Coordinator Network Systems Network Systems Dept Housing and Works (08) 9222 4941 mark.calleja@xxxxxxxxxxxxx "There are only 10 types of people in the world: Those who understand binary, and those who don't" >>> tflanagan@xxxxxxxxxxxx 14/06/2006 09:43 am >>> I have a profiles share \\servername\profiles In active directory on the terminal services tab I fill in the profile path as \\servername\profiles\%username% When a new user logs on the profile folder is created. The problem is that I cannot as a DOMAIN ADMIN or Administrator get access to this folder. I have to retake ownership of the profiles folder everytime a new user is created. I don't ususally need to do this. But if I want to blow away somebody's profile so that it can be recreated I need to. Also if I want to copy favorites from the old profile to the new profiles I need to do this. Permission on the profile share are Domain Admin Full Control. Security on the foler in the same. The Reset Permissions on all child object and enable propagation of inheritable permissions has been checked and applied. But it would seem as a new profile folder is created under the share it does not inherit the \\servername\profiles permissions. Any ideas. Tom Flanagan IT Manager DORIC Constructions (Australia) Pty Ltd ACN 080 922 498 The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this message you are hereby notified that any use, review, retransmission, dissemination, distribution, reproduction or any action taken in reliance upon this message is prohibited. If you have received this email in error, please notify us immediately by return e-mail or telephone +61 8 9388 2655 and destroy the original message. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the company. ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************