Taking Ownership of Roaming Profile Folders

G

-=gu=-

I just wanted to run this up the flagpole because I just
read KV's post on Roaming Profiles...
I too from time to time need to access the files within
our user's network profiles. Typically I do this to find
out how big their profiles are getting.
As Lanwench suggested responding to KV's post, I take
ownership of the user's profile folder and reassign
rights to it: user = all but full control, domain admins
= full control.
The default permissions for a new profile folder is:
SYSTEM = Full Control, User = Full Control.
That being said, I have had a really bad time with user's
profiles becoming corrupt. The user can be fine for
months, then one day when they log in, they get a roaming
profile error to the effect of: "Windows cannot create
profile directory directory name. You will be logged on
with a local profile only. Changes to the profile will
not be propagated to the server. Contact your network
administrator."
I am wondering if I am causing these profile errors
myself by taking ownership of and changing the
permissions of the profiles. I recently read somewhere
(don't remember where) that profile corruption is almost
always caused by permission issues.
Has anyone else seen this or have any comments?
Thanks!
 
S

Steven L Umbach

If it was a permissions problem I would expect that it would happen right after you
change permissions and ownership. Note that you can use Ntbackup to backup and
restore folders or files [to alternate location] that you do not have permissions to
as long as you are an administrator on that computer. That way you do not alter any
permissions or ownership of the original folders and can gain access to copies of
folders that you should legitimately be able to. --- Steve
 
S

Steven L Umbach

I just make mention of that as a way to view files you do not have
permissions to if you are having problems with changing
permissions/ownership. You don't need permissions to view the size of a
users profile using it's properties. Disk quotas may be a way for you to
manage users who like to hog disk space. Disk quotas are based on file
ownership. Also take a look at the command line tool fileacl to add
permissions to a folder. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;183322
http://www.microsoft.com/downloads/...ea-34f0-4e6d-9a72-004d35de4e64&DisplayLang=en
-- fileacl

Thanks for your reply Steve, but backing up all the
profiles and restoring them to an alternate location is a
really lame way of finding out how much disk each one is
taking up!
-----Original Message-----
If it was a permissions problem I would expect that it would happen right after you
change permissions and ownership. Note that you can use Ntbackup to backup and
restore folders or files [to alternate location] that you do not have permissions to
as long as you are an administrator on that computer. That way you do not alter any
permissions or ownership of the original folders and can gain access to copies of
folders that you should legitimately be able to. ---
Click to expand...
Steve
Click to expand...
 
G

Guest

Steve,
Actually properties is telling me 0 bytes when I know
there's at least 600 mb in there. Perhaps 2003 doesn't
show byte size if you don't have permissions?
 
S

Steven L Umbach

There is a free Resource Kit called diruse that may help available in the
link below. You can use it as in [ diruse "c:\documents and
settings\betty" ] to find disk use of a users folder, Betty in this example,
you do not have permissions to. The \s switch will break it down by
subfolder and there are many other options. You also may want to check Group
Policy for ways to help manage your profiles. Look under both user and
computer configuration/administrative templates/system/user profiles for
options and be sure to read the FULL explanation of the setting and what
operating systems it applies to before implementing. If your domain
controllers are all Windows 2000 and you have XP Pro computers in the domain
you can take advantage of the extra Group Policy settings for XP Pro
computers by managing Group Policy for the domain from an XP Pro domain
computer while logged on as a domain admin. If you do such make sure that XP
Pro computer is secured from general user population. --- Steve

http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/diruse-o.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

windows 2003 server taking ownership of profiles folder 1
Help needed setting up roaming administrator 10
Roaming Profile cannot be found with several errors in Userenv.log 4
Roaming profiles 7
Profile Folders 1
Roaming profile 1
Take ownership of user profiles 3
Roaming profile problems 18

Top