With NT4.0 as PDC Roaming Profiles Folders Do Not Allow Admin Access

[Steph]

Here's a tricky one...Our shop is currently running NT4.0
as the PDC, Citrix, and we have Windows 2000 application
servers. We don't have Active Directory as of yet. The
mission is to allow Citrix to create the roaming profile
on the application server (windows 2000) and permit
access to the profile. KB 222043 addresses this IF we
have the default domain policy. Is there a way to "Add
the administrators security group to roaming users
profiles" so the permissions are correctly inherited and
not go to Active Directory?

Thanks in advance,

Steph

 

[Seaver]

Dear Steph,

Thank you for your posting.

According to your post, you wonder how to add the "Administrators security
group to roaming user profiles" policy to a NT4 domain.

If I have misunderstood your concern please don't hesitate to let me know.

The role of Windows 2000 as "Application Server" does not meet the
assumption of accessing Domain Policy, especially when there is no Active
Directory. The "Add the Administrators security group to roaming user
profiles" policy applies in W2K domain only.

Since this is still a NT4 domain, the 222043 does not apply to your
scenario. In Microsoft Windows NT 4.0, when the Administrators group is
listed for the parent folder of the new user profile folder, this
permission is inherited by the folder and files for the new user profile.

More Information
=============
Implementing Policies and Profiles for Windows NT 4.0
http://www.microsoft.com/ntserver/techresources/management/prof_policies.asp

Have a great day!

Sincerely,

Seaver Ren

Product Support Services
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights
Get Secure! - www.microsoft.com/security