NTFS permission problem

Mr.BobsterMr.Bobster Member Posts: 77 ■■□□□□□□□□
in Off-Topic
Hi
I need some help, I am trying on my Domain Controller to have a user profiles directory for roaming profiles located at D:\profiles and shared as \\svr1\profiles.

I have assigned the share permissions as "Full Control" to "Users"
and tried to configure NTFS permissions as both "Full Control" and "Modify" and selected apply to "Subfolder & Files & This Folder" to the directory at different times and both with the same results.

What I am wanting to achieve is to have a directory where domain users can place their roaming profiles there without other users being granted access and to allow administrators to access the profiles to make adjustments where required.

The result I am getting is "Access Denied" to the Administrator account when I try access the "s.smith (Test user account)" user profile folder. When I look under the security tab from the s.smith account, it lists the NTFS permissions as "Full Control" to SYSTEM and s.smith, making access by the Administrator to be denied.

What I would like to know is, is there a way to permit the administrator access to the individual profiles without manually logging in to each account and adding the administrator to the ACL.

Thanks
Jason
· Share on FacebookShare on Twitter

Comments

  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I think you need to use the "Creator/Owner".
    Creator/Owner: Full Control, Subfolders And Files Only

    Check this out:

    icon_arrow.gifhttp://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpusrdat.mspx
    Table 3 NTFS Permissions for Roaming Profile Parent Folder

    User Account Minimum permissions required
    Creator/Owner
    Full Control, Subfolders And Files Only

    Administrator
    None

    Security group of users needing to put data on share.
    List Folder/Read Data, Create Folders/Append Data - This Folder Only

    Everyone
    No Permissions

    Local System
    Full Control, This Folder, Subfolders And Files


    Table 4 Share level (SMB) Permissions for Roaming Profile Share

    User Account Default Permissions Minimum permissions required
    Everyone
    Full Control
    No Permissions

    Security group of users needing to put data on share.
    N/A
    Full Control,


    Table 5 NTFS Permissions for Each User’s Roaming Profile Folder

    User Account Default Permissions Minimum permissions required
    %Username%
    Full Control, Owner Of Folder
    Full Control, Owner Of Folder

    Local System
    Full Control
    Full Control

    Administrators
    No Permissions*
    No Permissions

    Everyone
    No Permissions
    No Permissions


    *Unless the “Add the Administrator security group to the roaming user profile share” policy is set, in which case the Administrators group has Full Control. (Requires Windows 2000 Service Pack 2 or later)
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • Mr.BobsterMr.Bobster Member Posts: 77 ■■□□□□□□□□
    *Unless the “Add the Administrator security group to the roaming user profile share” policy is set, in which case the Administrators group has Full Control. (Requires Windows 2000 Service Pack 2 or later)

    That worked out very nicely. I think I might have been in a rush to see that normally.

    Thanks
    Jason
    · Share on FacebookShare on Twitter
Sign In or Register to comment.