S
Steve Hull
I'm having a hard time setting up a roaming profile for a user with
Administrative privileges. I have no trouble setting up roaming
profiles in general, but for some reason they lose their Admin
privileges after I set them up as a roaming profile.
I'm running W2K Pro & Server, w/SP4. I create a local user (i.e.,
JOE_ADMIN) on a W2k Pro machine and make the account a member of the
Admins group. I log in as JOE_ADMIN to create a local profile, then
log out. I've verified that JOE_ADMIN has admin privileges on the
local machine.
In ADUC, I create a user and configure the user properties to save the
roaming profile in a shared PROFILES subdirectory, e.g.,
\\SRV_NAME\PROFILES\JOE_ADMIN. I make JOE a member of the
Administrators group.
Then, back at the workstation, I log in as Administrator and use the
(System Properties->User Profiles) COPY TO command to copy JOE_ADMIN's
local profile from the workstation up to
\\SRV_NAME\PROFILES\JOE_ADMIN. I configure "Permitted to use" so
DOMAIN\JOE_ADMIN can access the profile. Then I log off as
Administrator on the workstation.
When I log in as JOE_ADMIN@DOMAIN at the workstation, JOE's profile
gets downloaded successfully. I can make changes to JOE's desktop and
they get saved in the roaming profile. If I log into another
workstation, the desktop changes are still there. However, JOE is no
longer a member of the local Admin's group, even on the original
machine I used to set up the local profile, before promoting it to
being a roaming profile.
Am I missing something, or is there some trick to assigning local
Admin priviliges to a user with a roaming profile? There are some
programs I want to run on the local machine that require local admin
priviliges, and I'd like to run them even though I'm logged in as a
roaming user. I've run into problems using RUN AS that are a subject
for another day.
Thanks,
- Steve
Administrative privileges. I have no trouble setting up roaming
profiles in general, but for some reason they lose their Admin
privileges after I set them up as a roaming profile.
I'm running W2K Pro & Server, w/SP4. I create a local user (i.e.,
JOE_ADMIN) on a W2k Pro machine and make the account a member of the
Admins group. I log in as JOE_ADMIN to create a local profile, then
log out. I've verified that JOE_ADMIN has admin privileges on the
local machine.
In ADUC, I create a user and configure the user properties to save the
roaming profile in a shared PROFILES subdirectory, e.g.,
\\SRV_NAME\PROFILES\JOE_ADMIN. I make JOE a member of the
Administrators group.
Then, back at the workstation, I log in as Administrator and use the
(System Properties->User Profiles) COPY TO command to copy JOE_ADMIN's
local profile from the workstation up to
\\SRV_NAME\PROFILES\JOE_ADMIN. I configure "Permitted to use" so
DOMAIN\JOE_ADMIN can access the profile. Then I log off as
Administrator on the workstation.
When I log in as JOE_ADMIN@DOMAIN at the workstation, JOE's profile
gets downloaded successfully. I can make changes to JOE's desktop and
they get saved in the roaming profile. If I log into another
workstation, the desktop changes are still there. However, JOE is no
longer a member of the local Admin's group, even on the original
machine I used to set up the local profile, before promoting it to
being a roaming profile.
Am I missing something, or is there some trick to assigning local
Admin priviliges to a user with a roaming profile? There are some
programs I want to run on the local machine that require local admin
priviliges, and I'd like to run them even though I'm logged in as a
roaming user. I've run into problems using RUN AS that are a subject
for another day.
Thanks,
- Steve
