Is there a way of being able to see the user profiles folders sizes and contained files without taking ownership of the files and affecting users rights to their profile folders?
I can do it on an individual basis by taking ownership but this is long winded, basically our profiles are adding up to 50Gb on the server but i can't see who's the biggest user without taking ownership individually then i'm just guessing who's going to be the biggest.
Hope this makes sense!
Don't think there's any way to access the current profiles and keep the permissions, but there is a group policy setting for newly created profiles located at Computer Configuration\Administrative Templates\System\User Profiles "Add the Administrators security group to the roaming user profile share".
The default security is:
System: Full Control
Username: Full Control
Maybe you could write a routine to run a file utility (may like the one elsiegee40 suggested) as the SYSTEM account? This should be straightforward if you stick it in the scheduler and run the job as SYSTEM.
You should have the administrators as a delegated permission on all user areas anyway, it is good practice for administration, then the users can be owners of their own files but you still have access to them regardless.
I haven't tried it, but maybe a script that runs cacls to add administrators group to the profile folders?
Again, run as a task in scheduler under SYSTEM account.
If it works, it would neatly sidestep the disruption of taking ownership.
Worth a go, won't take long to see if it works.
CACLS <profile path> /E /T /C /G "Group to add (e.g Domain Admins)":F
Last edited by jinnantonnixx; 11th July 2011 at 01:45 PM.
Yes I think retrospectively it would have to be done by script as the permission inheritence would have been broken by default when the profiles are created. I would start by adding the GPO setting suggested by Badders and then try running the script on a subset of folders so you know it is working before trying it on the live system . Dont want users not being able to access there own files!!
I've managed to runon a test staff account and it's seemed to let me in but i didn't have to run it as SYSTEM i just put it in a batch file and ran it, should i be worried that i didn't have to run as SYSTEM?Code:CACLS <profile path> /E /T /C /G "Group to add (e.g Domain Admins)":F
Let us know if it works. If it does, it'll be a good trick.
Just ran it in a batch file as i've said in my above post and it's worked fine, logged on the account i tested it on on one machine, created a folder on the desktop, logged off and logged on on another machine and the folder appears, no warnings about not finding profiles or anything like that so it would appear it's worked fine, i just get a little nervous when things work this easily! Wondering what it's going to break when i apply it to the whole profile folder (sods law)!! Might try it with a few select kids/teachers accounts i know get a lot of hammer and see if anyone complains!
Treesizefree is great for sorting out the profile size problems... once you get the permissions sorted, you'll wonder why you didn't have it years ago!
There are currently 1 users browsing this thread. (0 members and 1 guests)