Question
Thread display: Collapse - |
All Answers
Start or search
Create a new discussion
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Domain Admin + Roaming Profiles
Now, tried to set it up the same way and I find that my roaming profile only works when im not a member of the domain admins group. (odd?) When its a member of domain admins, it just creates an empty folder (owner adminsitrators, ive tried manually changing this) and doesnt save the profile up to the server when i log off. I can add my user account to the Builtin/Administrators group and then I can get admin access on the server, but I want to be able to have Administrator access to the workstations and still be able to keep the roaming profile.
I dont think the permissions are to blame since it works correctly as soon as removed from the domain admins group, but they are set up like so:
I have the share permissions setup as: \\server\Profiles$\
Profile Group = Full
NTFS permissions setup as:
Profile Group = List Folder / Read Data, Create Folders / Append Data (for this folder only)
System = Full Control (all files and folders)
Creator Owner= Full Control (Subfolders and files only)
Ive tried rebuilding the server from scratch as I though SP2 might, for some strange reason, be to blame since it was the only difference since I had it setup before but it still happens.
Ive also tried playing with the following GP's enabled:
-Do not check user ownership of roaming profile folders
-Add the Administrators security group to roaming user profiles
-Prevent Roaming Profile changes from propagating to the server
Ideally id like to have the user as a Domain Admin/Roaming Profile setup (its been driving me crazy why I could do this before but not anymore).
Someone suggested to me that Instead I could setup the user account as a roaming profile / Builtin/Administrator and then also define a GP to make the user a local admin on the workstations. Im not quite sure what would be the best way to do that though (without changing the workstation settings workstation by workstation) and I dont like this method as much because its extra GP's/linked OU's to maintain.
Thanks for any ideas!