How come xp creates a new profile when permission changes?

Toggle sidebar Toggle sidebar
F

FreshPrince

Diamond Member
Dec 6, 2001
8,361
1
0
We're trying to change everyone from local admin to power user....but when we do that, xp creates a new profile and it screws everything up.

Is there a way to roll back permissions without creating a new profile in xp pro?

Thx,

-FP
 
S

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
This is not normal behavior; my guess would be that privilages (ACL) are not set correctly on the users profile directories.

If the privilages for the users' directories are only set to allow administrators full control than removing them from that group would deny them privilages. If they dont have privilages to their profile directory than Windows will proceed to make a new one.

Correct privilages for the profiles directory should be: User's Account-Full Control; System-Full Control

-Erik
 
F

FreshPrince

Diamond Member
Dec 6, 2001
8,361
1
0
ok, so before we remove the local admin permission from the domain user's account, we should add full control for the user to the local profile directory?

I'll give that a shot and see what happens.

it's just weird that we'd have to go through such trouble just to make this happen.

Also, wouldn't this defeat the removing the local admin purpose?

-FP
 
S

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
ok, so before we remove the local admin permission from the domain user's account, we should add full control for the user to the local profile directory?
Click to expand...
Correct. For a profile to work correctly the user's account needs privilages to the files (otherwise it has no way to read/update them).
Also, wouldn't this defeat the removing the local admin purpose?
Click to expand...
No; it would mean they would no longer have administrative privilages over the machine. Being an administrator is more than just the highest level of privilages to the NTFS ACLs; it's also a lot more control over the system.
 
F

FreshPrince

Diamond Member
Dec 6, 2001
8,361
1
0
ok.

Is there an easy way to do this domain wide?

It would be kind of a pain to do this on each machine individually...is there a way to set domain policy to give domain user full control to their own profile folder?

I would think xp would do this automatically when a user is given local admin rights...
 
S

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
I would think xp would do this automatically when a user is given local admin rights...
Click to expand...
It does.

Check the privilages and make sure permissions are really the issue first; once you're sure that's the problem than you could look into an ACL template or something to that extent.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom