| Author |
Message |
icttech
Joined: 28 Feb 2006
Posts: 4
|
 Posted:
Tue Feb 28, 2006 1:51 pm Post subject:
Roaming profile permission problems |
|
|
Please can someone help this newbie with a problem?
I've set up a small network running SBS 2003 SP2 with XP Professional clients. I have a new client account which when logging on gives the message "Cannot find the server copy of the roaming profile." The profile exists and I have narrowed this down to a permissions issue (I think), because if I make the account a member of the Administrators group the problemn goes away.
I've checked the permissions on the user profile, its parent directory and the root of the profile share and the user has Full Control. The user can access other file shares on the server, but not it seems the roaming profile share.
userenv.log shows the following after a failed login attempt:
SERENV(274.278) 13:15:11:195 DeleteProfileEx: Failed to query profile guid with error 2
USERENV(274.278) 13:15:22:072 GetExclusionList: Failed to get file size of <C:\Documents and Settings\owensg\ntuser.ini>
USERENV(274.278) 13:15:22:805 ReconcileFile: Unable to open temporary file
USERENV(274.17c) 13:15:49:442 PolicyChangedThread: UpdateUser failed with 6.
New accounts that I create exhibit the same problem. I've tried everything I can think of and would appreciate some advice.
Many thanks |
|
| Back to top |
|
 |
Leathal
Joined: 23 Feb 2005
Posts: 37
|
| Posted:
Thu Mar 02, 2006 4:45 pm Post subject:
Re: Roaming profile permission problems |
|
|
| icttech wrote: | Please can someone help this newbie with a problem?
I've set up a small network running SBS 2003 SP2 with XP Professional clients. I have a new client account which when logging on gives the message "Cannot find the server copy of the roaming profile." The profile exists and I have narrowed this down to a permissions issue (I think), because if I make the account a member of the Administrators group the problemn goes away.
I've checked the permissions on the user profile, its parent directory and the root of the profile share and the user has Full Control. The user can access other file shares on the server, but not it seems the roaming profile share.
userenv.log shows the following after a failed login attempt:
SERENV(274.278) 13:15:11:195 DeleteProfileEx: Failed to query profile guid with error 2
USERENV(274.278) 13:15:22:072 GetExclusionList: Failed to get file size of <C:\Documents and Settings\owensg\ntuser.ini>
USERENV(274.278) 13:15:22:805 ReconcileFile: Unable to open temporary file
USERENV(274.17c) 13:15:49:442 PolicyChangedThread: UpdateUser failed with 6.
New accounts that I create exhibit the same problem. I've tried everything I can think of and would appreciate some advice.
Many thanks |
1. you need create a folder on your network (on a server) called Profiles (say)
2. you need to give everyone sharing access to the folder Profiles
3. you need to create a folder in the Profiles folder of the user or users you are trying to setup under roaming
4. you need to give the administrator and the user who use going to use that folder for his or her roaming profile security rights access to it. (do not share it)
5. you then go into the user profiles and put \\servername\Profiles\userfolder in the User Profile Path.
You may have to grant depending how you have your network security setup, Domain User access of your AD to the Power User group on the XP machines.
Leathal |
|
| Back to top |
|
|
icttech
Joined: 28 Feb 2006
Posts: 4
|
| Posted:
Fri Mar 03, 2006 1:56 pm Post subject:
|
|
|
Thanks. Have already done steps 1-5. Only difference is that my Profile share is PROFILES$. Shouldn't make a difference, should it?
What's the reason behind giving permissions to the local Power User group? |
|
| Back to top |
|
|
Leathal
Joined: 23 Feb 2005
Posts: 37
|
| Posted:
Fri Mar 03, 2006 2:33 pm Post subject:
|
|
|
| icttech wrote: | Thanks. Have already done steps 1-5. Only difference is that my Profile share is PROFILES$. Shouldn't make a difference, should it?
What's the reason behind giving permissions to the local Power User group? |
I would try not sharting the folder as $ and doing it the way I have listed out. If it doesn't work add domain users to the power users on your XP test machine and see if that fixes it.
If you haven't configured your GPO with regards to what access your users have on the workstations themselve than the XP sets them by default to guest. Power users is very similar to domain users access, they can login, read and write files, but they can't modify the registry, they can't burn CDs, etc...
Leathal |
|
| Back to top |
|
|
icttech
Joined: 28 Feb 2006
Posts: 4
|
| Posted:
Fri Mar 03, 2006 3:50 pm Post subject:
|
|
|
OK I've renamed the directory PROFILE and ansured it's not shared. I've added Domain User to the Power Users group on the local machine but it makes no difference. I'm sure it's a permissions problem as the user can't even browse the profile directory. Yet looking at effective permissions, it says the user has full control. The user can access shares on the same volume.
Any other ideas? Thanks for your help. |
|
| Back to top |
|
|
Leathal
Joined: 23 Feb 2005
Posts: 37
|
| Posted:
Sun Mar 05, 2006 4:57 am Post subject:
|
|
|
| icttech wrote: | OK I've renamed the directory PROFILE and ansured it's not shared. I've added Domain User to the Power Users group on the local machine but it makes no difference. I'm sure it's a permissions problem as the user can't even browse the profile directory. Yet looking at effective permissions, it says the user has full control. The user can access shares on the same volume.
Any other ideas? Thanks for your help. |
You read what I said incorrectly.
1. the profiles FOLDER must be shared to everyone.
2. the user folder inside the PROFILES folder such as (bwoods) must have the user bwoods and administrator or domain admins with full control security access and not shared.
3. setup the bwoods account properties to \\server\profiles\bwoods
4. login as bwoods
Pretty simple.
Leathal
If you get stuck call me. I do this kind of stuff in my sleep.  |
|
| Back to top |
|
|
icttech
Joined: 28 Feb 2006
Posts: 4
|
| Posted:
Fri Mar 10, 2006 2:13 pm Post subject:
|
|
|
Like you I thought this would be simple. However it's got me stumped. Thanks for your help with permissions and sharing, the user can now browse the profile share and their own user profile. However, I still get the "server copy of the profile could not be found" error on logon, unless the user is a member of the Administrators group.
Today I created a new account and used the System utility to copy a local profile to the Profiles directory on the server and grant the new user account permission to use it.
I get the same error.
If you've any more ideas, I'd appreciate the help as I'm stumped.
Thanks |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in
