Add permissions for a usergroup to all domainprofiles (roaming profiles) on server 2008 R2Roaming Profiles LogRoaming user profile issues on Server 2008Server 2008 Roaming Profiles PermissionsWindows Server 2008 R2 Roaming ProfilesWindows 2008 R2 Roaming Profiles SetupRoaming Profiles - Win 7 & SBS 2011How Do I separate Windows 7 Roaming Profiles from Remote Desktop Services Profiles?Child Folder inheriting a permission that parent folder does not have (NTFS)Server 2012 R2. Add permissions to all folders and subfolders when inheritence is disabledHow to configure ACLs for roaming profiles and redirected folder in AGDLP context
The significance of kelvin as a unit of absolute temperature
What would be the way to say "just saying" in German? (Not the literal translation)
Does putting salt first make it easier for attacker to bruteforce the hash?
If someone intimidates another person, does the person affected gain the Frightened condition?
Convert only certain words to lowercase
How (un)safe is it to ride barefoot?
Could a person damage a jet airliner - from the outside - with their bare hands?
How to write a convincing religious myth?
What is the Leave No Trace way to dispose of coffee grounds?
Generate certain list from two lists
Why isn't Bash trap working if output is redirected to stdout?
A Salute to Poetry
How was the airlock installed on the Space Shuttle mid deck?
How far would a landing Airbus A380 go until it stops with no brakes?
Assigning function to function pointer, const argument correctness?
How to get depth and other lengths of a font?
Is it safe to remove Python 2.7.15rc1 from Ubuntu 18.04?
Is Dumbledore a human lie detector?
Command of files and size
How can powerful telekinesis avoid violating Newton's 3rd Law?
Can there be absolute velocity?
How many sets of dice do I need for D&D?
noalign caused by multirow and colors
The origin of the Russian proverb about two hares
Add permissions for a usergroup to all domainprofiles (roaming profiles) on server 2008 R2
Roaming Profiles LogRoaming user profile issues on Server 2008Server 2008 Roaming Profiles PermissionsWindows Server 2008 R2 Roaming ProfilesWindows 2008 R2 Roaming Profiles SetupRoaming Profiles - Win 7 & SBS 2011How Do I separate Windows 7 Roaming Profiles from Remote Desktop Services Profiles?Child Folder inheriting a permission that parent folder does not have (NTFS)Server 2012 R2. Add permissions to all folders and subfolders when inheritence is disabledHow to configure ACLs for roaming profiles and redirected folder in AGDLP context
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
This is our current situation: We have an active directory with Server 2008 R2 and roaming profiles which is currently in use (old server), and we have a new Server 2008 R2. We already set up a new AD on the new server and only want to copy the users files from the old to the new AD. (We have about 20 users, thus we can copy the old files to the new profile folders by hand.)
The new server is a hosted server, and our admin-user(-group) is not in the builtin Administrators group. To copy the users files to the new profile folders, we need to access the latter.
The problem is, windows server 2008 R2 only adds the builtin Administrators group to a profile folders ACL. Even if we add our admin-users-group to the root-profile-folder (with "This folder, subfolders and files"), the profile folders do not inherit this setting. We can take ownership of each profile folder, but this does not seem to be the right way.
So how can we add out admin-user-group to each profile folders ACL?
windows-server-2008 active-directory permissions user-management roaming-profile
asked Apr 11 '12 at 13:20
x-rayx-ray
11614
add a comment |
This is our current situation: We have an active directory with Server 2008 R2 and roaming profiles which is currently in use (old server), and we have a new Server 2008 R2. We already set up a new AD on the new server and only want to copy the users files from the old to the new AD. (We have about 20 users, thus we can copy the old files to the new profile folders by hand.)
The new server is a hosted server, and our admin-user(-group) is not in the builtin Administrators group. To copy the users files to the new profile folders, we need to access the latter.
The problem is, windows server 2008 R2 only adds the builtin Administrators group to a profile folders ACL. Even if we add our admin-users-group to the root-profile-folder (with "This folder, subfolders and files"), the profile folders do not inherit this setting. We can take ownership of each profile folder, but this does not seem to be the right way.
So how can we add out admin-user-group to each profile folders ACL?
windows-server-2008 active-directory permissions user-management roaming-profile
asked Apr 11 '12 at 13:20
x-rayx-ray
11614
add a comment |
This is our current situation: We have an active directory with Server 2008 R2 and roaming profiles which is currently in use (old server), and we have a new Server 2008 R2. We already set up a new AD on the new server and only want to copy the users files from the old to the new AD. (We have about 20 users, thus we can copy the old files to the new profile folders by hand.)
The new server is a hosted server, and our admin-user(-group) is not in the builtin Administrators group. To copy the users files to the new profile folders, we need to access the latter.
The problem is, windows server 2008 R2 only adds the builtin Administrators group to a profile folders ACL. Even if we add our admin-users-group to the root-profile-folder (with "This folder, subfolders and files"), the profile folders do not inherit this setting. We can take ownership of each profile folder, but this does not seem to be the right way.
So how can we add out admin-user-group to each profile folders ACL?
windows-server-2008 active-directory permissions user-management roaming-profile
asked Apr 11 '12 at 13:20
x-rayx-ray
11614
This is our current situation: We have an active directory with Server 2008 R2 and roaming profiles which is currently in use (old server), and we have a new Server 2008 R2. We already set up a new AD on the new server and only want to copy the users files from the old to the new AD. (We have about 20 users, thus we can copy the old files to the new profile folders by hand.)
The new server is a hosted server, and our admin-user(-group) is not in the builtin Administrators group. To copy the users files to the new profile folders, we need to access the latter.
The problem is, windows server 2008 R2 only adds the builtin Administrators group to a profile folders ACL. Even if we add our admin-users-group to the root-profile-folder (with "This folder, subfolders and files"), the profile folders do not inherit this setting. We can take ownership of each profile folder, but this does not seem to be the right way.
So how can we add out admin-user-group to each profile folders ACL?
windows-server-2008 active-directory permissions user-management roaming-profile
windows-server-2008 active-directory permissions user-management roaming-profile
asked Apr 11 '12 at 13:20
x-rayx-ray
11614
asked Apr 11 '12 at 13:20
x-rayx-ray
11614
asked Apr 11 '12 at 13:20
x-rayx-ray
11614
asked Apr 11 '12 at 13:20
x-rayx-ray
11614
asked Apr 11 '12 at 13:20
x-rayx-ray
11614
11614
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
First of all, please make sure the policy "Allow Administrator group to Roaming Profiles" is applied to client pc, run "gpupdate /force" or restart the clients pc.
This article explains how to set that policy (make sure it is set on your OU with your computers in.)
The way I would transfer your profiles to your new server is to : log onto a client pc so the current profile is loaded, then change the profile patch in Active Directory to the location on your new server. (while the user is logged on) now when the user logs off the profile should copy from the client to your new server.
This will only work if the computers and servers are on the same domain.
answered Apr 11 '12 at 13:43
SteveSteve
1784
For clarification: The Group Policy setting to add the Administrators group to the roaming profile folder permissions affects new profile folders as they're created. It does not affect existing profile folders.
– joeqwerty
Apr 11 '12 at 13:51
Our old and our new server are not on the same domain. Additionaly, the administrator user we got from the new servers hoster is not in the builtin administrator group.
– x-ray
Apr 11 '12 at 14:21
add a comment |
The way to go is doing what you suspect not to be the right way. It also is the only way.
You need to set permissions on each profile directory individually (since inheritance from the parent directory typically is not enabled). To do that it may be necessary to take ownership of all profile directories including all files and subdirectories.
Since you have only 20 users it might not be worthwhile to automate the task. If you still want to do it, have a look at my free tool SetACL.
Changing ownership and permissions on a larger number of directories can be very tedious in Explorer. SetACL Studio makes that work much easier.
answered Apr 12 '12 at 13:45
Helge KleinHelge Klein
1,79911318
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f378468%2fadd-permissions-for-a-usergroup-to-all-domainprofiles-roaming-profiles-on-serv%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
First of all, please make sure the policy "Allow Administrator group to Roaming Profiles" is applied to client pc, run "gpupdate /force" or restart the clients pc.
This article explains how to set that policy (make sure it is set on your OU with your computers in.)
The way I would transfer your profiles to your new server is to : log onto a client pc so the current profile is loaded, then change the profile patch in Active Directory to the location on your new server. (while the user is logged on) now when the user logs off the profile should copy from the client to your new server.
This will only work if the computers and servers are on the same domain.
answered Apr 11 '12 at 13:43
SteveSteve
1784
For clarification: The Group Policy setting to add the Administrators group to the roaming profile folder permissions affects new profile folders as they're created. It does not affect existing profile folders.
– joeqwerty
Apr 11 '12 at 13:51
Our old and our new server are not on the same domain. Additionaly, the administrator user we got from the new servers hoster is not in the builtin administrator group.
– x-ray
Apr 11 '12 at 14:21
add a comment |
First of all, please make sure the policy "Allow Administrator group to Roaming Profiles" is applied to client pc, run "gpupdate /force" or restart the clients pc.
This article explains how to set that policy (make sure it is set on your OU with your computers in.)
The way I would transfer your profiles to your new server is to : log onto a client pc so the current profile is loaded, then change the profile patch in Active Directory to the location on your new server. (while the user is logged on) now when the user logs off the profile should copy from the client to your new server.
This will only work if the computers and servers are on the same domain.
answered Apr 11 '12 at 13:43
SteveSteve
1784
For clarification: The Group Policy setting to add the Administrators group to the roaming profile folder permissions affects new profile folders as they're created. It does not affect existing profile folders.
– joeqwerty
Apr 11 '12 at 13:51
Our old and our new server are not on the same domain. Additionaly, the administrator user we got from the new servers hoster is not in the builtin administrator group.
– x-ray
Apr 11 '12 at 14:21
add a comment |
First of all, please make sure the policy "Allow Administrator group to Roaming Profiles" is applied to client pc, run "gpupdate /force" or restart the clients pc.
This article explains how to set that policy (make sure it is set on your OU with your computers in.)
The way I would transfer your profiles to your new server is to : log onto a client pc so the current profile is loaded, then change the profile patch in Active Directory to the location on your new server. (while the user is logged on) now when the user logs off the profile should copy from the client to your new server.
This will only work if the computers and servers are on the same domain.
answered Apr 11 '12 at 13:43
SteveSteve
1784
First of all, please make sure the policy "Allow Administrator group to Roaming Profiles" is applied to client pc, run "gpupdate /force" or restart the clients pc.
This article explains how to set that policy (make sure it is set on your OU with your computers in.)
The way I would transfer your profiles to your new server is to : log onto a client pc so the current profile is loaded, then change the profile patch in Active Directory to the location on your new server. (while the user is logged on) now when the user logs off the profile should copy from the client to your new server.
This will only work if the computers and servers are on the same domain.
answered Apr 11 '12 at 13:43
SteveSteve
1784
answered Apr 11 '12 at 13:43
SteveSteve
1784
answered Apr 11 '12 at 13:43
SteveSteve
1784
answered Apr 11 '12 at 13:43
SteveSteve
1784
1784
For clarification: The Group Policy setting to add the Administrators group to the roaming profile folder permissions affects new profile folders as they're created. It does not affect existing profile folders.
– joeqwerty
Apr 11 '12 at 13:51
Our old and our new server are not on the same domain. Additionaly, the administrator user we got from the new servers hoster is not in the builtin administrator group.
– x-ray
Apr 11 '12 at 14:21
add a comment |
For clarification: The Group Policy setting to add the Administrators group to the roaming profile folder permissions affects new profile folders as they're created. It does not affect existing profile folders.
– joeqwerty
Apr 11 '12 at 13:51
Our old and our new server are not on the same domain. Additionaly, the administrator user we got from the new servers hoster is not in the builtin administrator group.
– x-ray
Apr 11 '12 at 14:21
For clarification: The Group Policy setting to add the Administrators group to the roaming profile folder permissions affects new profile folders as they're created. It does not affect existing profile folders.
– joeqwerty
Apr 11 '12 at 13:51
For clarification: The Group Policy setting to add the Administrators group to the roaming profile folder permissions affects new profile folders as they're created. It does not affect existing profile folders.
– joeqwerty
Apr 11 '12 at 13:51
Our old and our new server are not on the same domain. Additionaly, the administrator user we got from the new servers hoster is not in the builtin administrator group.
– x-ray
Apr 11 '12 at 14:21
Our old and our new server are not on the same domain. Additionaly, the administrator user we got from the new servers hoster is not in the builtin administrator group.
– x-ray
Apr 11 '12 at 14:21
add a comment |
The way to go is doing what you suspect not to be the right way. It also is the only way.
You need to set permissions on each profile directory individually (since inheritance from the parent directory typically is not enabled). To do that it may be necessary to take ownership of all profile directories including all files and subdirectories.
Since you have only 20 users it might not be worthwhile to automate the task. If you still want to do it, have a look at my free tool SetACL.
Changing ownership and permissions on a larger number of directories can be very tedious in Explorer. SetACL Studio makes that work much easier.
answered Apr 12 '12 at 13:45
Helge KleinHelge Klein
1,79911318
add a comment |
The way to go is doing what you suspect not to be the right way. It also is the only way.
You need to set permissions on each profile directory individually (since inheritance from the parent directory typically is not enabled). To do that it may be necessary to take ownership of all profile directories including all files and subdirectories.
Since you have only 20 users it might not be worthwhile to automate the task. If you still want to do it, have a look at my free tool SetACL.
Changing ownership and permissions on a larger number of directories can be very tedious in Explorer. SetACL Studio makes that work much easier.
answered Apr 12 '12 at 13:45
Helge KleinHelge Klein
1,79911318
add a comment |
The way to go is doing what you suspect not to be the right way. It also is the only way.
You need to set permissions on each profile directory individually (since inheritance from the parent directory typically is not enabled). To do that it may be necessary to take ownership of all profile directories including all files and subdirectories.
Since you have only 20 users it might not be worthwhile to automate the task. If you still want to do it, have a look at my free tool SetACL.
Changing ownership and permissions on a larger number of directories can be very tedious in Explorer. SetACL Studio makes that work much easier.
answered Apr 12 '12 at 13:45
Helge KleinHelge Klein
1,79911318
The way to go is doing what you suspect not to be the right way. It also is the only way.
You need to set permissions on each profile directory individually (since inheritance from the parent directory typically is not enabled). To do that it may be necessary to take ownership of all profile directories including all files and subdirectories.
Since you have only 20 users it might not be worthwhile to automate the task. If you still want to do it, have a look at my free tool SetACL.
Changing ownership and permissions on a larger number of directories can be very tedious in Explorer. SetACL Studio makes that work much easier.
answered Apr 12 '12 at 13:45
Helge KleinHelge Klein
1,79911318
answered Apr 12 '12 at 13:45
Helge KleinHelge Klein
1,79911318
answered Apr 12 '12 at 13:45
Helge KleinHelge Klein
1,79911318
answered Apr 12 '12 at 13:45
Helge KleinHelge Klein
1,79911318
1,79911318
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f378468%2fadd-permissions-for-a-usergroup-to-all-domainprofiles-roaming-profiles-on-serv%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
