Whoops - Server 2012 user profiles

nutcase · 16 Apr 2014 at 08:48

As part of my teach yourself server 2012 I've wrecked it

What I can't find is how to back track.

I set up roaming profiles and folder redirection as per the TechNet guide - including my error of leaving "Grant the user exclusive rights to Documents" ticked. All worked until I tested backing up the folders when of course I found even as admin I couldn't access the user folders and then foolishly took ownership and from that point onwards it was ruined

I tried re-setting everything but the folder redirection just won't kick back in, always staying local.

What do I need to do to remove and re-set it all please? I don't mind deleting user profiles if required as nothing is live yet.

Two things I've learned from this - Even if something is set as default doesn't always mean I want it and back up the server before changing anything!

Thanks

DustyMiller · 16 Apr 2014 at 09:06

ensure that the ownership of the user profile is that of the owning user, and that that user has full control. You can also leave the admin groups in if you want.

The key is that the owner must have ownership and full control for it to work.

nutcase · 17 Apr 2014 at 13:51

Hi Thanks,

I'm assuming thats the Creater/Owner section from table 1:

http://technet.microsoft.com/en-us/...ion_Step2Createafileshareforredirectedfolders

Would I need to bump Administrators up to This folder, subfolders and files as well?

Will try again later.

Thanks again

DustyMiller · 17 Apr 2014 at 19:54

Because you have screwed it up, its not an easy fix. As each one need to be altered individually.

How many profiles are broken ?

You can use the xcacls vbs tool to fix them via a script

nutcase · 17 Apr 2014 at 20:09

Just the one fortunately. Tempted to just delete the profile and start again - but then I wouldn't learn anything!

Was going to try tonight but have my daughter to look after as her Mum has dared to have a social life

OmegaHarvest · 17 Apr 2014 at 20:50

To avoid this issue, configure the following group policy computer setting and ensure the group policy object falls within the scope of the client workstations that will be using roaming profiles.

Computer Configuration > Policies > Administrative Templates > System > User Profiles > Add the Administrators security group to roaming user profiles.

Typically you'll want to ensure this is set before you start any work on roaming profiles. At least in my experience anyway.

As for your exisiting profile, I'd trash it and start again with this option set. Just take ownership as an administrator, propogate that ownership to all sub files and folders, then you can grant yourself NTFS permissions over it and delete it.

Edit: Typo

nutcase · 19 Apr 2014 at 21:24

So far so good

Looks like its working. Thank you all