+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Windows Server 2000/2003 Thread, Showing user profile sizes without taking ownership in Technical; Heya, Is there a way of being able to see the user profiles folders sizes and contained files without taking ...
  1. #1
    Pyroman's Avatar
    Join Date
    Sep 2007
    Posts
    1,209
    Thank Post
    433
    Thanked 140 Times in 105 Posts
    Rep Power
    73

    Showing user profile sizes without taking ownership

    Heya,

    Is there a way of being able to see the user profiles folders sizes and contained files without taking ownership of the files and affecting users rights to their profile folders?

    I can do it on an individual basis by taking ownership but this is long winded, basically our profiles are adding up to 50Gb on the server but i can't see who's the biggest user without taking ownership individually then i'm just guessing who's going to be the biggest.

    Hope this makes sense!

    Any thoughts?

  2. #2

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    11,180
    Thank Post
    1,803
    Thanked 2,208 Times in 1,632 Posts
    Rep Power
    777

  3. #3
    Pyroman's Avatar
    Join Date
    Sep 2007
    Posts
    1,209
    Thank Post
    433
    Thanked 140 Times in 105 Posts
    Rep Power
    73
    Quote Originally Posted by elsiegee40 View Post
    Thanks but get the same as i do with windirstat - access denied because i don't have permissions without taking ownership

  4. #4
    badders's Avatar
    Join Date
    Apr 2007
    Location
    Cumbria
    Posts
    170
    Thank Post
    44
    Thanked 11 Times in 10 Posts
    Rep Power
    22
    Don't think there's any way to access the current profiles and keep the permissions, but there is a group policy setting for newly created profiles located at Computer Configuration\Administrative Templates\System\User Profiles "Add the Administrators security group to the roaming user profile share".

  5. #5

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,983
    Thank Post
    113
    Thanked 504 Times in 339 Posts
    Blog Entries
    2
    Rep Power
    286
    Quote Originally Posted by Pyroman View Post
    Heya,

    Is there a way of being able to see the user profiles folders sizes and contained files without taking ownership of the files and affecting users rights to their profile folders?

    I can do it on an individual basis by taking ownership but this is long winded, basically our profiles are adding up to 50Gb on the server but i can't see who's the biggest user without taking ownership individually then i'm just guessing who's going to be the biggest.

    Hope this makes sense!

    Any thoughts?
    I know what you mean.

    The default security is:
    System: Full Control
    Username: Full Control

    Maybe you could write a routine to run a file utility (may like the one elsiegee40 suggested) as the SYSTEM account? This should be straightforward if you stick it in the scheduler and run the job as SYSTEM.

  6. Thanks to jinnantonnixx from:

    Pyroman (11th July 2011)

  7. #6
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,354
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    You should have the administrators as a delegated permission on all user areas anyway, it is good practice for administration, then the users can be owners of their own files but you still have access to them regardless.

  8. #7
    Pyroman's Avatar
    Join Date
    Sep 2007
    Posts
    1,209
    Thank Post
    433
    Thanked 140 Times in 105 Posts
    Rep Power
    73
    Quote Originally Posted by Jamo View Post
    You should have the administrators as a delegated permission on all user areas anyway, it is good practice for administration, then the users can be owners of their own files but you still have access to them regardless.
    How do i go about adding permissions to the profiles folder? according to the properties of the profiles folder under security administrators group has full control, however when you go on the properties of a folder within the profiles folder there's nothing atall in the groups and user names

  9. #8

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,983
    Thank Post
    113
    Thanked 504 Times in 339 Posts
    Blog Entries
    2
    Rep Power
    286
    I haven't tried it, but maybe a script that runs cacls to add administrators group to the profile folders?
    Again, run as a task in scheduler under SYSTEM account.

    If it works, it would neatly sidestep the disruption of taking ownership.

    Worth a go, won't take long to see if it works.


    CACLS <profile path> /E /T /C /G "Group to add (e.g Domain Admins)":F
    Last edited by jinnantonnixx; 11th July 2011 at 12:45 PM.

  10. Thanks to jinnantonnixx from:

    Pyroman (11th July 2011)

  11. #9
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,354
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Yes I think retrospectively it would have to be done by script as the permission inheritence would have been broken by default when the profiles are created. I would start by adding the GPO setting suggested by Badders and then try running the script on a subset of folders so you know it is working before trying it on the live system . Dont want users not being able to access there own files!!

  12. #10
    Pyroman's Avatar
    Join Date
    Sep 2007
    Posts
    1,209
    Thank Post
    433
    Thanked 140 Times in 105 Posts
    Rep Power
    73
    Quote Originally Posted by jinnantonnixx View Post
    I haven't tried it, but maybe a script that runs cacls to add administrators group to the profile folders?
    Again, run as a task in scheduler under SYSTEM account.

    If it works, it would neatly sidestep the disruption of taking ownership.

    Worth a go, won't take long to see if it works.


    CACLS <profile path> /E /T /C /G "Group to add (e.g Domain Admins)":F
    Is the :F at the end supposed to be a /F ?

    Sorry, just looked at a cheat sheet for cacls i understand now it's :F

    I'll try this out :-) Cheers

  13. #11
    Pyroman's Avatar
    Join Date
    Sep 2007
    Posts
    1,209
    Thank Post
    433
    Thanked 140 Times in 105 Posts
    Rep Power
    73
    I've managed to run
    Code:
    CACLS <profile path> /E /T /C /G "Group to add (e.g Domain Admins)":F
    on a test staff account and it's seemed to let me in but i didn't have to run it as SYSTEM i just put it in a batch file and ran it, should i be worried that i didn't have to run as SYSTEM?

  14. #12

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,983
    Thank Post
    113
    Thanked 504 Times in 339 Posts
    Blog Entries
    2
    Rep Power
    286
    Let us know if it works. If it does, it'll be a good trick.

  15. #13
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,354
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Quote Originally Posted by Pyroman View Post
    I've managed to run
    Code:
    CACLS <profile path> /E /T /C /G "Group to add (e.g Domain Admins)":F
    on a test staff account and it's seemed to let me in but i didn't have to run it as SYSTEM i just put it in a batch file and ran it, should i be worried that i didn't have to run as SYSTEM?
    As an administrator you will have permission to alter the security permissions on the folder. Running as a system account was meant as a workaround to the treesize program rather than for actually changing the permissions on the folders themselves.

  16. Thanks to Jamo from:

    Pyroman (11th July 2011)

  17. #14
    Pyroman's Avatar
    Join Date
    Sep 2007
    Posts
    1,209
    Thank Post
    433
    Thanked 140 Times in 105 Posts
    Rep Power
    73
    Quote Originally Posted by Jamo View Post
    As an administrator you will have permission to alter the security permissions on the folder. Running as a system account was meant as a workaround to the treesize program rather than for actually changing the permissions on the folders themselves.
    Ah okay kewl, in which case it works!

    Just ran it in a batch file as i've said in my above post and it's worked fine, logged on the account i tested it on on one machine, created a folder on the desktop, logged off and logged on on another machine and the folder appears, no warnings about not finding profiles or anything like that so it would appear it's worked fine, i just get a little nervous when things work this easily! Wondering what it's going to break when i apply it to the whole profile folder (sods law)!! Might try it with a few select kids/teachers accounts i know get a lot of hammer and see if anyone complains!

  18. #15

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    11,180
    Thank Post
    1,803
    Thanked 2,208 Times in 1,632 Posts
    Rep Power
    777
    Treesizefree is great for sorting out the profile size problems... once you get the permissions sorted, you'll wonder why you didn't have it years ago!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 19
    Last Post: 22nd March 2012, 11:45 AM
  2. Replies: 8
    Last Post: 25th May 2011, 09:44 AM
  3. Replies: 2
    Last Post: 6th May 2011, 05:23 PM
  4. Staff taking ownership of laptops
    By sonofsanta in forum Licensing Questions
    Replies: 17
    Last Post: 15th February 2011, 08:47 AM
  5. [SIMS] Taking ownership of reports [Solved]
    By WithoutMotive in forum MIS Systems
    Replies: 17
    Last Post: 1st December 2010, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •