Re: Permissions issue with users in Domain Users not able to see p by Marina
Marina
Mon Nov 08 17:36:09 CST 2004
Hi Mike,
I think that you cannot just copy profiles from one server to another server
and expect them to work like that.
What you can try, is remove a computer account from the SBS. Put the
computer into a workgroup. Recreate the computeraccount on the SBS. Boot the
client and make sure the ipconfig/all is pointing to the server. Use
servername/connectcomputer to join the computer.
Then login as a user (make sure the user is a local admin on the computer)
and let it create a profile and install the applications if needed. Log out
as that user and login as admin. At this point you can copy the old user
profile over the new profile (assuming the old profile does work).
Login as that user again, after you have setup the roaming profile on the
server. At this point the local profile should be copied to the server when
login out.
Check it out. Than remove the user from the local admin group and try again.
--
Regards,
Marina
Microsoft SBS-MVP
"Ziguana" <Ziguana@discussions.microsoft.com> schreef in bericht
news:4E3BDCC3-3F2F-4EA9-853F-88396543F454@microsoft.com...
> Hi Marina, the stuff in my first post doesn't work, see below: -
>
> History: -
>
> I did an upgrade to my servers, basically I had SBS 2003 with 50 users on
> it, the server was old so we bought a new server. I built the server to be
a
> 2003 Server in the same domain, server name, same settings the lot etc and
> then installed Exchange with all the same settings etc etc
>
> I then manually re-created all the users (easiest way as I only have 50
> users, didn't want to swing or migrate, wanted to leave current config in
> place while I built the other).
>
> I then Exmerged all the email, copied all the data and profiles, switched
> off the old servers plugged in the new, re-added all the PC's to the new
> domain.
>
> Issue: -
>
> When I log in (with admin privileges) my profile comes down correctly, my
> email works, printers are available and policies are present. All works
fine.
>
> When a normal user logs in (with Domain User privileges) firstly the group
> policies aren't coming into effect. No got any more info than this at the
> min, no errors no nothing! I backed up and restored my GPO's from the last
> server.
>
> Secondly when my users log on and download there profile form the server
> they don't see all of the profile. I restored there profiles from backup.
> When I look on the PC when they are logged in in documents and settings
at
> the profile they can only see certain folders: -
>
> Users Documents
> Desktop
> Favorites
> Start Menu
> WINDOWS
>
> They can't see: -
>
> Application Data
> Local Settings
> etc
> etc
>
> I thought at first it wasn't downloading those folders but if I log on as
an
> administrator and click on the cached copy of there profile all the
folders
> are there, it's only when they are logged in that they can't see it.
>
> It shouldn't be a permissions thing on the folder as they can download it.
>
> It's not that they are hidden as I clicked to show hidden files and
folders.
> This is causing outlook to fail as they can't see the application data
> folder. Also no printers etc
>
> Anyone any ideas as to what's happening here? Not sure if there's an
overall
> permissions issue because the way I got round this problem was to put all
my
> users into the Domain Admins group, everything works fine now but I need
to
> get them all out of Domain Admins asap!
>
> Any help would be greatly appreciated.
>
> Thanks in advance.
>
> Mike
>
>
>
> "Marina Roos [SBS-MVP]" wrote:
>
> > Hi Ziguana,
> >
> > What doesn't work? You will only need to add them to the local admin
group
> > when you rejoin the clients. After all the applications have been
installed,
> > you can remove them from the admin group. It will however depend on the
> > program they are using, if they need to be a local admin or not. Office
only
> > needs it during installation, after that, a user can use the program
without
> > problems.
> >
> > --
> > Regards,
> >
> > Marina
> > Microsoft SBS-MVP
> >
> > "Ziguana" <Ziguana@discussions.microsoft.com> schreef in bericht
> > news:808D16CF-B12B-44D2-BF5B-C97B691AA269@microsoft.com...
> > > Marina I still have this problem. Yes adding the domain users to the
local
> > > admin group fixes it but I don't want to go this far. I don't want to
give
> > > the users admin permissions to there own machine.
> > >
> > > What has changed that they would need this? Are there any other
solutions?
> > >
> > > Thanks
> > >
> > >
> > >
> > > "Marina Roos [SBS-MVP]" wrote:
> > >
> > > > Hi Ziguana,
> > > >
> > > > What if you add the domain users to the local administrators group
on
> > the
> > > > computer?
> > > >
> > > > --
> > > > Regards,
> > > >
> > > > Marina
> > > > Microsoft SBS-MVP
> > > >
> > > > "Ziguana" <Ziguana@discussions.microsoft.com> schreef in bericht
> > > > news:B3D7DD94-4C69-4DA3-9F13-8A63340186EA@microsoft.com...
> > > > > Yes I re-added all the workstations to the domain, one at a time
> > adding a
> > > > > domain user account (administrator) everytime.
> > > > >
> > > > > Any other ideas?
> > > > >
> > > > > It works when someone with admin or domain admin rights logs in.
Not
> > when
> > > > > users with just domain user rights.
> > > > >
> > > > > "Hopeing none of the users realise they have extra privaliges at
the
> > > > min"!!
> > > > >
> > > > > Thanks
> > > > >
> > > > >
> > > > > "Marina Roos [SBS-MVP]" wrote:
> > > > >
> > > > > > Hi Ziguana,
> > > > > >
> > > > > > Did you rejoin the workstations to the SBS? Although you kept
the
> > same
> > > > name,
> > > > > > the SID has changed, so you will need to rejoin.
> > > > > >
> > > > > > --
> > > > > > Regards,
> > > > > >
> > > > > > Marina
> > > > > > Microsoft SBS-MVP
> > > > > >
> > > > > > "Ziguana" <Ziguana@discussions.microsoft.com> schreef in bericht
> > > > > > news:8BC8CB78-B2F9-497E-979E-4297C0AC479B@microsoft.com...
> > > > > > > History: -
> > > > > > >
> > > > > > > I did an upgrade to my servers, basically I had SBS 2003 with
50
> > users
> > > > on
> > > > > > > it, the server was old so we bought a new server. I built the
> > server
> > > > to be
> > > > > > a
> > > > > > > 2003 Server in the same domain, server name, same settings the
lot
> > etc
> > > > and
> > > > > > > then installed Exchange with all the same settings etc etc
> > > > > > >
> > > > > > > I then manually re-created all the users (easiest way as I
only
> > have
> > > > 50
> > > > > > > users, didn't want to swing or migrate, wanted to leave
current
> > config
> > > > in
> > > > > > > place while I built the other).
> > > > > > >
> > > > > > > I then Exmerged all the email, copied all the data and
profiles,
> > > > switched
> > > > > > > off the old servers plugged in the new, re-added all the PC's
to
> > the
> > > > new
> > > > > > > domain.
> > > > > > >
> > > > > > > Issue: -
> > > > > > >
> > > > > > > When I log in (with admin privileges) my profile comes down
> > correctly,
> > > > my
> > > > > > > email works, printers are available and policies are present.
All
> > > > works
> > > > > > fine.
> > > > > > >
> > > > > > > When a normal user logs in (with Domain User privileges)
firstly
> > the
> > > > group
> > > > > > > policies aren't coming into effect. No got any more info than
this
> > at
> > > > the
> > > > > > > min, no errors no nothing! I backed up and restored my GPO's
from
> > the
> > > > last
> > > > > > > server.
> > > > > > >
> > > > > > > Secondly when my users log on and download there profile form
the
> > > > server
> > > > > > > they don't see all of the profile. I restored there profiles
from
> > > > backup.
> > > > > > > When I look on the PC when they are logged in in documents
and
> > > > settings
> > > > > > at
> > > > > > > the profile they can only see certain folders: -
> > > > > > >
> > > > > > > Users Documents
> > > > > > > Desktop
> > > > > > > Favorites
> > > > > > > Start Menu
> > > > > > > WINDOWS
> > > > > > >
> > > > > > > They can't see: -
> > > > > > >
> > > > > > > Application Data
> > > > > > > Local Settings
> > > > > > > etc
> > > > > > > etc
> > > > > > >
> > > > > > > I thought at first it wasn't downloading those folders but if
I
> > log on
> > > > as
> > > > > > an
> > > > > > > administrator and click on the cached copy of there profile
all
> > the
> > > > > > folders
> > > > > > > are there, it's only when they are logged in that they can't
see
> > it.
> > > > > > >
> > > > > > > It shouldn't be a permissions thing on the folder as they can
> > download
> > > > it.
> > > > > > >
> > > > > > > It's not that they are hidden as I clicked to show hidden
files
> > and
> > > > > > folders.
> > > > > > > This is causing outlook to fail as they can't see the
application
> > data
> > > > > > > folder. Also no printers etc
> > > > > > >
> > > > > > > Anyone any ideas as to what's happening here? Not sure if
there's
> > an
> > > > > > overall
> > > > > > > permissions issue because the way I got round this problem was
to
> > put
> > > > all
> > > > > > my
> > > > > > > users into the Domain Admins group, everything works fine now
but
> > I
> > > > need
> > > > > > to
> > > > > > > get them all out of Domain Admins asap!
> > > > > > >
> > > > > > > Any help would be greatly appreciated.
> > > > > > >
> > > > > > > Thanks in advance.
> > > > > > >
> > > > > > > Mike
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >