Roaming profile and administrator problem - Help
Using Windows Server 2003 Enterprise with Clients that are XP Professional.
I have several users setup in the Domain Admin group.
They all have Roaming Profiles. When I remove them from the Domain Admin
group, their roaming profiles do not show up on the client computer
Question 1 - Why does it matter whether or not they are in the Domain Admin
Question 2 - Shouldn't their profile follow them from computer to
computer - thats basic!?
Comment - When I add them back to the Domain Admin Group - all is perfect??
Any thoughts appreciated, I have been trying to figure this one out for a
couple months now.
Re: Roaming profile and administrator problem - Help
North Coast Sea Foods <firstname.lastname@example.org> wrote:
> Using Windows Server 2003 Enterprise with Clients that are XP
> I have several users setup in the Domain Admin group.
> They all have Roaming Profiles. When I remove them from the Domain
> Admin group, their roaming profiles do not show up on the client
> computer correctly?
> Question 1 - Why does it matter whether or not they are in the Domain
> Admin group?
> Question 2 - Shouldn't their profile follow them from computer to
> computer - thats basic!?
> Comment - When I add them back to the Domain Admin Group - all is
> Any thoughts appreciated, I have been trying to figure this one out
> for a couple months now.
Some initial comments-
1. I'd be wary of having that many domain admins. If you have IT staff who
need to perform specific tasks, delegate them in AD. Don't give the keys to
the kingdom to so many....they don't need it to do their jobs.
2. Nobody should be using an "admin-level" account for their daily use. They
should have another account for that purpose.....and it shouldn't have a
roaming profile on it. Certainly, no account that ever logs into a DC (or
file server or whatnot) should ever have a roaming profile on it.
In my book, admins shouldn't have roaming profiles, login scripts, or group
policy settings that other, regular "user" accounts, have. Keep things
That said - this is most likely a permissions issue. Here's my boilerplate
on roaming profiles; you might review your setup to see where it varies.
1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing. Make sure this share is *not* set
to allow offline files/caching! (that's on by default - disable it)
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
5. If you want the administrators group to automatically have permissions to
the profiles folders, you'll need to make the appropriate change in group
policy. Look in computer configuration/administrative templates/system/user
profiles - there's an option to add administrators group to the roaming
* Make sure users understand that they should not log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out wins,
when it comes to uploading the final, changed copy of the profile.
* Keep your profiles TINY. Via group policy, redirect My Documents at the
very least - to a subfolder of the user's home directory or user folder.
Also consider redirecting Desktop & Application Data similarly..... so the
user will have:
Alternatively, just manually re-target My Documents to
\\server\home$\%username% (this is not optimal, however!)
If you aren't going to also redirect the desktop using policies, tell users
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.
* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.
* Do not let people store any data locally - all data belongs on the server.
* The User Profile Hive Cleanup Utility should be running on all your
computers. You can download it here:
Roaming profile & folder redirection article -
|Tags: administrator, profile, roaming|
|Thread Tools||Search this Thread|
|Similar Threads for: "Roaming profile and administrator problem - Help"|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Vista and Roaming Profile: error when loading...temp profile used||YLo||Vista Help||10||25-08-2009 12:55 AM|
|Problems with roaming profile||smary||Operating Systems||3||01-07-2009 08:35 AM|
|XP Client does not create user profile on server for Roaming Profile||ChrisParker02134||Active Directory||3||08-01-2009 08:14 PM|
|Convert local profile to roaming profile on SBS||Drewski||Small Business Server||2||12-07-2008 03:26 AM|
|roaming profile ..access denied..canot load ur roaming profile @lo||tektech||Windows Server Help||2||18-12-2006 06:24 PM|