• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How come xp creates a new profile when permission changes?

F

FreshPrince

Diamond Member
We're trying to change everyone from local admin to power user....but when we do that, xp creates a new profile and it screws everything up.

Is there a way to roll back permissions without creating a new profile in xp pro?

Thx,

-FP
 
This is not normal behavior; my guess would be that privilages (ACL) are not set correctly on the users profile directories.

If the privilages for the users' directories are only set to allow administrators full control than removing them from that group would deny them privilages. If they dont have privilages to their profile directory than Windows will proceed to make a new one.

Correct privilages for the profiles directory should be: User's Account-Full Control; System-Full Control

-Erik
 
ok, so before we remove the local admin permission from the domain user's account, we should add full control for the user to the local profile directory?

I'll give that a shot and see what happens.

it's just weird that we'd have to go through such trouble just to make this happen.

Also, wouldn't this defeat the removing the local admin purpose?

-FP
 
ok, so before we remove the local admin permission from the domain user's account, we should add full control for the user to the local profile directory?
Click to expand...
Correct. For a profile to work correctly the user's account needs privilages to the files (otherwise it has no way to read/update them).
Also, wouldn't this defeat the removing the local admin purpose?
Click to expand...
No; it would mean they would no longer have administrative privilages over the machine. Being an administrator is more than just the highest level of privilages to the NTFS ACLs; it's also a lot more control over the system.
 
ok.

Is there an easy way to do this domain wide?

It would be kind of a pain to do this on each machine individually...is there a way to set domain policy to give domain user full control to their own profile folder?

I would think xp would do this automatically when a user is given local admin rights...
 
I would think xp would do this automatically when a user is given local admin rights...
Click to expand...
It does.

Check the privilages and make sure permissions are really the issue first; once you're sure that's the problem than you could look into an ACL template or something to that extent.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top