+ Post New Thread
Results 1 to 7 of 7
Windows Server 2008 R2 Thread, Does taking ownership of profile prevent user from updating it? in Technical; Hi, We didnt make the GPO change to add administrators to the profile security so whenever we want to delete ...
  1. #1

    Join Date
    Nov 2011
    Posts
    628
    Thank Post
    87
    Thanked 21 Times in 19 Posts
    Rep Power
    11

    Does taking ownership of profile prevent user from updating it?

    Hi,

    We didnt make the GPO change to add administrators to the profile security so whenever we want to delete a profile we are going to have to take ownership.

    This removes all users and only adds the administrator. Will this deny the user from being able to update their profile? We have alot of accounts to do this to and would like to do it on the parent folder.

    Many thanks,

    Dan

  2. #2
    Mcshammer_dj's Avatar
    Join Date
    Feb 2007
    Location
    Portsmouth
    Posts
    981
    Thank Post
    38
    Thanked 178 Times in 143 Posts
    Rep Power
    96
    Make sure that the user is not logged on. then take ownership and add the admin account full control, the user full control and the system account full control. Finish off with transfering the ownership to the user and all should be fine

  3. #3

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,214 Times in 761 Posts
    Rep Power
    395
    Yes. The user needs Full Control rights on their roaming profile directory. You will need to add these rights back if you seize ownership.

    Under Vista/7 you will probably also find that without that GPO setting in place, the owner information and ACL is reset back to the default next time the user profile is updated. I seem to recall this wasn't the case in XP, but it has been nearly 5 years since I looked after an XP network so I can't quite remember!

  4. #4
    Mcshammer_dj's Avatar
    Join Date
    Feb 2007
    Location
    Portsmouth
    Posts
    981
    Thank Post
    38
    Thanked 178 Times in 143 Posts
    Rep Power
    96
    found this when looking....

    Roaming Profile - Add Administrators rights to profile folder without taking ownership

    Taking the above ideas and combining them I placed the following into our users logon script to run once.

    icacls \\servername\profiles$\%username% /grant administratorsF) /T

    As the user has full access to their own profile they can grant permission by using the above command. In this case the administrators group is given Full (F) Access and /T for subdirectories and files.

  5. Thanks to Mcshammer_dj from:

    dany2010 (29th November 2011)

  6. #5

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,432
    Thank Post
    1,534
    Thanked 1,066 Times in 931 Posts
    Rep Power
    305
    There is a GPO you can set to tell the system to ignore the owner of the Profile and just use it if they have rights to access it thus solving the owner issues for the roaming profile. I am on the road atm so cannot get to a server to look for the GPO but it exists and is a great one to just set to ignore the owner.

  7. #6

    Join Date
    Nov 2011
    Posts
    628
    Thank Post
    87
    Thanked 21 Times in 19 Posts
    Rep Power
    11
    Thanks for your answers. Have updated the gpo for new users and will soon get the other profiles sorted

  8. #7

    Join Date
    May 2008
    Posts
    213
    Thank Post
    2
    Thanked 27 Times in 27 Posts
    Rep Power
    18
    This confused me for far too long, thought someone else might find it useful:

    You need to add the .v2 to the username manually as it seems icacls is only working with raw directories and not aware of 'windows' things such as this...
    Code:
    icacls \\servername\profiles$\%username%.v2 /grant administrators:(F) /T

  9. Thanks to nicklec from:

    dany2010 (17th January 2012)



SHARE:
+ Post New Thread

Similar Threads

  1. prevent users from deleting start menu items
    By techie211 in forum Windows Server 2000/2003
    Replies: 10
    Last Post: 1st September 2009, 04:58 PM
  2. Got a folder I cannot delete or take ownership of
    By sidewinder in forum Windows
    Replies: 2
    Last Post: 20th March 2007, 03:49 PM
  3. Prevent users from moving folders ?
    By pooley in forum Windows
    Replies: 2
    Last Post: 9th May 2006, 11:30 AM
  4. Replies: 2
    Last Post: 3rd February 2006, 11:01 AM
  5. Replies: 2
    Last Post: 9th January 2006, 08:43 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •