# Solved: Roaming profile folders don't allow admins access



## paula_82 (Apr 13, 2004)

Hi all,

We are currently setting up roaming profiles on our windows 2003 server and are having some problems with permissions. By default only the user will have full control and ownership of the folder and administrators cannot access it.

I was wondering if anyone knows how to change this so the administrators are the owners and the users have full control (not sure if this is possible). Right now Id be happy with any solution that will at least give administrators access to open the roaming profile folders.

I found an article from Microsoft support (http://support.microsoft.com/kb/222043) but it only applies to Windows 2000 Server.

Any help/info/links will be greatly appreciated.

Thanks and sorry if Im in the wrong place

Paula


----------



## digitalsatori (Apr 28, 2010)

How do you have your folder redirection set up? Through a GPO? If so, there should be a checkbox in the GPO settings that says "grant user exclusive rights to this folder". Uncheck that and it will use the inherited permissions from the parent folder when the folder is created.

You can also right-click on the parent folder for your profiles and click Properties. Click on the Security tab, then click on the Advanced button. Click on the Owner tab and claim ownership of the folder and propagate the changes to all subfolders. From there, you should be able to modify the permissions to include your administrative account/group.


----------



## paula_82 (Apr 13, 2004)

Thank you so much for your answer. will try the GPO solution as i don't want to mess with the security settings on each individual folder.


----------



## digitalsatori (Apr 28, 2010)

You're welcome! Keep in mind that the GPO option will only affect newly created folders; it will not apply to folders that have already been created. If the folder already exists, you'll need to manually set the permissions on it.


----------



## paula_82 (Apr 13, 2004)

yep, that's what i thought... we're just moving everyone to a new domain so not all of the folders have been created (not many users have logged on to the new domain). Hey do you know how that works? do the users have to be created again with the new GP set or if we set the new group policy will it apply as soon as they log in?


----------



## digitalsatori (Apr 28, 2010)

No, you should not have to create the users again. The GPO will apply to both existing and newly created AD account. If the folder does not already exist, the GPO will automatically create the folder on the first login.


----------

