Sign in with
Sign up | Sign in
Your question

Terminal Services Profile Path Access?

Last response: in Windows 2000/NT
Share
Anonymous
March 28, 2005 3:53:53 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello list,

I am attempting to restrict our help desk personnel to a very limited set of
privs when it comes to managing user objects in AD. In the past, they have
used AD Users and Computers to manage user accounts. We have an in-house
application that does management of user accounts, and in the interest of
consistency and standardization we would like to have our help desk use the
in house app to manage user accounts.

However, the in-house app doesn't do everything yet, it is still in
development. What doesn't work in the in-house app. is home drive and
profile path settings so we are still allowing our help-desk to manage these
settings from Users and Computers. Things were working well, until they went
to change the Terminal Services Profile Path - they get an access denied
when trying to apply the changes.

So I did some reading and it looks as if the Terminal Services path and RAS
settings are stored in the 'userParameters' attributes. So, I allow write
access to the 'userParameters' field for the users, but they still get an
access denied when they attempt to apply changes! There has to be something
that I am missing, but I can't find any other references to Terminal
Services Profile Paths other than 'userParameters'

I am a domain admin and I can make any changes that I want (duh), so what
attribute am I missing here? Has anyone attempted this at all? Any help
would be greatly appreciated.

P.S. This will be fixed, but who knows how long the development will be on
the in-house app.

Thanks,

AJ Schroeder
Anonymous
March 29, 2005 4:31:05 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

To change Terminal Services profile path, the best practice is to use group
policy.

http://www.microsoft.com/resources/documentation/Window...

br,
Denis

"Schroeder, AJ" <aj1@qg.com> wrote in message
news:D 29gao$26bd$1@sxnews1.qg.com...
> Hello list,
>
> I am attempting to restrict our help desk personnel to a very limited set
of
> privs when it comes to managing user objects in AD. In the past, they have
> used AD Users and Computers to manage user accounts. We have an in-house
> application that does management of user accounts, and in the interest of
> consistency and standardization we would like to have our help desk use
the
> in house app to manage user accounts.
>
> However, the in-house app doesn't do everything yet, it is still in
> development. What doesn't work in the in-house app. is home drive and
> profile path settings so we are still allowing our help-desk to manage
these
> settings from Users and Computers. Things were working well, until they
went
> to change the Terminal Services Profile Path - they get an access denied
> when trying to apply the changes.
>
> So I did some reading and it looks as if the Terminal Services path and
RAS
> settings are stored in the 'userParameters' attributes. So, I allow write
> access to the 'userParameters' field for the users, but they still get an
> access denied when they attempt to apply changes! There has to be
something
> that I am missing, but I can't find any other references to Terminal
> Services Profile Paths other than 'userParameters'
>
> I am a domain admin and I can make any changes that I want (duh), so what
> attribute am I missing here? Has anyone attempted this at all? Any help
> would be greatly appreciated.
>
> P.S. This will be fixed, but who knows how long the development will be on
> the in-house app.
>
> Thanks,
>
> AJ Schroeder
>
>
Anonymous
March 30, 2005 11:39:45 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Denis Wong @ Hong Kong" <h o t a p p s @ h o t m a i l . c o m> wrote in
message news:uqoy78BNFHA.3960@TK2MSFTNGP12.phx.gbl...
> To change Terminal Services profile path, the best practice is to use
group
> policy.
>
>
http://www.microsoft.com/resources/documentation/Window...
>
> br,
> Denis
>

Thanks for the suggestion, but we have multiple facilities with multiple
share points in which to have home drives and profile paths. I know it
sounds confusing, but we have a production plant with its own file/print
server. Users in said plant have their home drives and profiles stored on
the local file/print server instead of having to come accross the wire to a
central server.

I don't think group policy could help us in that regard. Unless I am reading
it completely wrong?
!