Tom said:
Your presumption is correct. Except I have all users use the same
profile. The parent profile share is hidden with the name mprofile$.
Ex. \\student\mprofile$\user. I use this same setup almost all the
time as well, which is why I'm confused as to what is going on. The
roaming profile is working correctly besides the mandatory part. If
it doesn't mandatory then the profile gets to big to be mandatory.
I may have to setup a group policy to work around it. Thanks for
the help. Tom
All right - why do you have multiple user accounts, then? What
benefit does this provide, given that they won't have any custom
settings whatsoever - why can't everyone use the same account (and
not be permitted to change the password)? Is it only for auditing
logins/logouts?
That said: these users (ideally, a group rather than individuals)
have exactly what NTFS permissions on this
common profile subfolder?
If you take ownership as Administrators (*not* Administrator), push
those settings down to subitems, and then change the NTFS security
to:
a) remove inheritence from the parent folder, if it isn't correct
(choose 'copy', not remove) and
b) grant administrators & system & users=full control, and push
*those* down to subfolders as well
....any change?
I think there is a GP that doesn't permit login if the roaming
profile can't be loaded properly, but I'm damned if I know where it
is.
Another nice thing (probably won't help with your issue):
http://www.microsoft.com/downloads/...6d-8912-4e18-b570-42470e2f3582&displaylang=en
:
Tom wrote:
The server is Windows 2003 with Windows 2000 and XP Pro Clients.
The permissions at the share point location are not restricted.
They are set default with everyone able to do anything. Also the
share point location is on a secondary windows 2000 server, but
I've tested having the share the primary 2003 server with the same
results. The users are not domain admins either. Once I create
the profile on a client and then save it to the location on the
server
....by this I presume you mean:
1. Each user's ADUC settings specify
\\server\parentshare\%username% in the profile field [a]
2. You log into the domain as this user on a workstation, modify
the profile, and then log out so that the profile is automatically
uploaded to that user's profile folder on the server
3. Then on the server, while this user is *not* logged in anywhere,
you rename the ntuser.dat to ntuser.man
4. And you do this for all your user profiles.
All this should work fine. I do it all the time.
[a] And on the parent profile directory, the share permissions are
set to everyone=full control, and the NTFS permissions are set to
grant everyone (not necessarily that group - could use
authenticated users) full control as well. This will be adjusted
when the profile is uploaded for the first time. I recommend
making the parent profile share a hidden one - as in,
PROFILES$ - so it can't be browsed. So then you can use
\\server\profiles$\%username%
Of course, you need to have permissions to open the profile
folder - if you don't have them, you'll have to take ownership as
Administrators (the group) and reset the NTFS permissions. Or you
can use the option in GP (?) to automatically grant administrators
access to user profiles.
I rename the
ntuser.dat to ntuser.man, but once any client machine logs on and
logs off using the profile a new ntuser.dat is created and the
changes that were made to the profile are saved to the share. So
there is nothing manditory about it. I've never had this happen.
I'm getting frustrated. Thanks for the response. Tom
:
Hi Tom,
What network OS? What client OS?
What permissions are given to the share point on the server?
Do you mean the .dat is written on the server?
--
Scott Baldridge
Windows Server MVP, MCSE
"Tom"
I have a network where the users login using a mandatory
profile. I have changed the ntuser.dat to ntuser.man, but
when the users login and log out it creates a new ntuser.dat and
ignores the
.man change. I have used mandatory roaming profiles for years
and this is the first problem that I've had. Any suggestions
you have will be greatly appreciated.
Thanks, Tom