Getting Started on GPanswers.com
Hey everyone. Ok, so I'm relatively new to GP and all that it entails.
I'm running 2003 server with wired XP Pro clients.
I set up the share and security permissions on the profile share directory according to various internet sources including MS, although it is certainly possible I made mistakes. The inheritance thing is a bit difficult to fully understand. Nevertheless, I attempted to set things up so the administrator would have access to the profiles for backup purposes.
This did work. The profiles were impenetrable to the administrator account. After reinvestigating the User Profile related policies, I found this:
Machine (System/User Profiles)
Add the Administrators security group to roaming user profiles
I enabled this, and new policies are now visible to the Administrator account. However, the inside of the policy folders that were created prior to this GP change are in the same state. I've tried various modifications to security permissions and attempted to reset those permissions for all the folder beneath, but it would seem the admin can't reset those permissions due to not having permissions (shrug).
So, my question is, how can I get these early profiles in the same state as the others. Will the server allow me to delete the profiles even though I don't have permissions to see the inside? If so, will it then copy the profile from the client using the new GP that I mention above? Is there a way to say, I don't care what you think, reset these permissions anyway?
Thank you so much for your help!
--Steven
100+ Helpful Posts!
50+ Helpful Posts
Perform the following (folder by folder...that is user profile by user profile...)
o As Administrator Take Ownership of all the Folders and Files
o Provide Administrator the correct access permissons
o Re-assign Ownership to each correct user (no need for permissions, they should already have the correct ACLs
Hopefully you will not have too many to reset manually.
Getting Started on GPanswers.com
I think the fastest way to cope with such situation would to first investigate what got screwed and fix the inheritance and broken access control lists. The second step would be creation of proper ACL, saving it as a backup and as a template. Then you would apply created template for all those users you want to receive them. And in case you would like to make minor chages somewhere in the older set, you will allways be able to roll the newly created settings back. This is my basic way to resolve troubles with Security Explorer tool from Scriptlogic.
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote