3

Here I am complaining that I am NOT seeing errors. This might seems strange, but the expected behaviour, as I understand it, is that I should see errors under this configuration.

We have had roaming profiles set up for a very long time. We PRE-CREATE the folders when the users account is created. Crucially, the owners of the folders are currently NOT set as the user. They are also not set as the "administrator" of the sever where the profiles are stored.

Apparently, there should be an error seen on login according to this article (Note the article relates to 2003, but we never saw the error on 2003 AD either. I assume it still applies to 2008, but I am not sure): Windows Server 2003 checks for pre-created roaming profile folders when you make a roaming user profile

We have the following environment:

  • Windows 2008 AD.
  • Windows 7 Desktops
  • Roaming Profile Path attribute set for all users.
  • NTFS permissions are set as described under best practices.
  • We DO NOT have the GPo set as described in the above article (Do not check for user Ownership of Roaming Profile Folders). This should mean that we get an error on user login but we do not.
  • RSOP and GPEDIT show that there are no GPo settings as described.

Could anyone explain why this is working when it should not?!

When we try this in our virtual environment... I get the expected errors using the same AD, profiles and users. To circumvent the error in the virtual environment, we set the GPo as defined above, and it all works. This seems to suggest that it does still apply to the 2008 AD environment.... so why I am not seeing the issue on all our physical machines?

MrBeatnik
  • 83
  • 1
  • 1
  • 8
  • From what I can tell, you're correct, you should be getting the errors given your configuration. Furthermore, it shouldn't be working at all - not only should this configuration cause errors, but incorrect ownership without that policy set should cause the profile not to copy at all. Please check the resultant set of policy (via rsop.msc or gpresult) on desktops and verify that the "Do not check for user Ownership of Roaming Profile Folders" is indeed not set, just in case it's somehow being applied from somewhere. – tfrederick74656 Nov 12 '14 at 06:57
  • Definitely not being set! I was curious is some other GPO setting may have have a similar effect, or might be conflicting? – MrBeatnik Nov 12 '14 at 12:24
  • None that I'm aware of. There's one setting related to adding the administrators group to the folder permissions, but it doesn't affect the ownership issue. Two more questions: #1 Do you use roaming profiles in tandem with folder redirection (documents folder, etc.) or offline files? #2 What group are you giving ownership of the profile folders? – tfrederick74656 Nov 12 '14 at 23:23
  • #1 Yes. We redirect a number of folders to data areas (i.e. desktop). #2 Ownership is to a specific AD Admin group (that creates the folders). ... We do use the other setting of adding the admin group to the permissions, but this is useless since we have moved to NAS storage as the "adminstrator group" it assigns is the "NASSERVER\Administrators" which doesn't really exist as it's not a typical Windows OS. That said, we were experiencing the same issue in our previous storage (more typical Windows). Bear in mind the above still applies to the virtual environment too, where we DO get the error. – MrBeatnik Nov 13 '14 at 09:17

0 Answers0