G
Guest
Guest
Archived from groups: microsoft.public.win2000.security (More info?)
I just wanted to run this up the flagpole because I just
read KV's post on Roaming Profiles...
I too from time to time need to access the files within
our user's network profiles. Typically I do this to find
out how big their profiles are getting.
As Lanwench suggested responding to KV's post, I take
ownership of the user's profile folder and reassign
rights to it: user = all but full control, domain admins
= full control.
The default permissions for a new profile folder is:
SYSTEM = Full Control, User = Full Control.
That being said, I have had a really bad time with user's
profiles becoming corrupt. The user can be fine for
months, then one day when they log in, they get a roaming
profile error to the effect of: "Windows cannot create
profile directory directory name. You will be logged on
with a local profile only. Changes to the profile will
not be propagated to the server. Contact your network
administrator."
I am wondering if I am causing these profile errors
myself by taking ownership of and changing the
permissions of the profiles. I recently read somewhere
(don't remember where) that profile corruption is almost
always caused by permission issues.
Has anyone else seen this or have any comments?
Thanks!
I just wanted to run this up the flagpole because I just
read KV's post on Roaming Profiles...
I too from time to time need to access the files within
our user's network profiles. Typically I do this to find
out how big their profiles are getting.
As Lanwench suggested responding to KV's post, I take
ownership of the user's profile folder and reassign
rights to it: user = all but full control, domain admins
= full control.
The default permissions for a new profile folder is:
SYSTEM = Full Control, User = Full Control.
That being said, I have had a really bad time with user's
profiles becoming corrupt. The user can be fine for
months, then one day when they log in, they get a roaming
profile error to the effect of: "Windows cannot create
profile directory directory name. You will be logged on
with a local profile only. Changes to the profile will
not be propagated to the server. Contact your network
administrator."
I am wondering if I am causing these profile errors
myself by taking ownership of and changing the
permissions of the profiles. I recently read somewhere
(don't remember where) that profile corruption is almost
always caused by permission issues.
Has anyone else seen this or have any comments?
Thanks!