Local Profile Permissions

  • Thread starter Thread starter Paul Hadfield
  • Start date Start date
P

Paul Hadfield

All,

I want to give some of my domain users permissions to access all locally
stored roaming profiles. Currently a locally cached profiles automatically
grants full control to Administrators, System and <username>. Is there
anyway to add a particular security group using GPO? Perhaps there is a
command I can add to the user logon scripts that will do this??

Users log on to Windows 2000 machines which are members of a Windows 2000
domain.

Cheers,

Paul.
 
All,

I want to give some of my domain users permissions to access all locally
stored roaming profiles. Currently a locally cached profiles automatically
grants full control to Administrators, System and <username>. Is there
anyway to add a particular security group using GPO? Perhaps there is a
command I can add to the user logon scripts that will do this??

Users log on to Windows 2000 machines which are members of a Windows 2000
domain.

Cheers,

Paul.
Click to expand...
See if Computer Configuration / Windows Settings / Security Settings / File System.
can address the profiles.

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
That would be great if the files/directory structure was static, however,
the user profiles are roaming and the windows 2000 machines are configured
to delete the locally copy of the profile once the user logs off.

Also, as there are a few thousand users, I'm not sure how I can implement
this for each user account we have.

Is there not a way to add a security group to a folders permission settings
from the command line? If so I could add this to the logon script for our
users to solve the problem as they log on to that server.

Cheers,
Paul.
 
See tip 1556 in the 'Tips & Tricks' at http://www.jsiinc.com

echo y| cacls <filename> /g <"Domain\Group">:<permission>

Type cacls /?


That would be great if the files/directory structure was static, however,
the user profiles are roaming and the windows 2000 machines are configured
to delete the locally copy of the profile once the user logs off.

Also, as there are a few thousand users, I'm not sure how I can implement
this for each user account we have.

Is there not a way to add a security group to a folders permission settings
from the command line? If so I could add this to the logon script for our
users to solve the problem as they log on to that server.

Cheers,
Paul.
Click to expand...


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
Back
Top