Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Roaming Profile Access Deny (Server 2003)


  • Please log in to reply
1 reply to this topic

#1 windaaa

windaaa

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 November 2009 - 12:09 PM

Hi everybody, I am new for administrating AD in server 2003, I work at a school. Recently I need to create a new user account for the teachers to logon but I encountered logon problem.

Firstly, I created a new user account called eac1 in server 2003 under the teachers group.

Secondly, I used a client workstation called PC A with Windows XP Professional SP3 to create the roaming profile environment. In Windows XP, I created a account called localadmin and gave this account with Administrators group rights and setup the enviroment.
I logon as administrator(local computer) to upload localadmin's profile to server 2003 with the following path:

path: \\domainname\profile\eac5
permission: everyone in domain

And then I set the NTuser.DAT to NTuser.man. (I don't want the users change the enviroment after logout)

But when the teachers logon with eac1 in 24 classrooms (Windows XP Professional) in the morning, some of the client PCs (around 3-4 PCs) pop up a error message box as the following:

"Windows cannot copy the file \\domainname\eac5\Local Settings\Application Data\Microsoft\CD Burning\ to the location C:\Documents and Settings\eac1\Local Settings\Application Data\Microsoft\CD Burning\ . This may due to network problem or security permission rights. If this problem continues, please contact your network administrator.

Detail information - Access Deny"

I tried the following methods to solve this problem, but failed.

1. Logon as administrator(local) in client PC, go to path C:\Document and Settings\eac1 and removed the eac1 folder,
then Logon as eac1, it logon successfully but the next day same problem encountered (Access Deny).

2. Logon as administrator(local) in client PC, go to path C:\Document and Settings\eac1 and removed the eac1 folder,
then in run the command gpupdate \sync and reboot the computer , and then Logon as eac1, it logon successfully but the next day same problem encountered (Access Deny).

3. Formatted the PC A and reinstalled the Windows the XP Professional and programmes, removed the CD Burning folder in C:\Documents and Settings\eac1\Local Settings\Application Data\Microsoft\CD Burning\ then upload to server 2003 again, and run the command gpupdate \force in server 2003, but same problem encountered (Access Deny).

But there are some features I found out with this logon error:

1. When eac1 logon successful, the CD Burning folder in C:\Documents and Settings\eac1\Local Settings\Application Data\Microsoft\CD Burning\ has three security permission members:

Administrators group(local)
SYSTEM group
eac1@domainname

2. When eac1 logon failed, the CD Burning folder in C:\Documents and Settings\eac1\Local Settings\Application Data\Microsoft\CD Burning\ has three security permission members:

Administrators group(local)
SYSTEM group
localadmin@PC A

3. At Server 2003 C:\Profile\eac5, I can't find any folder called CD Burning

Is there any maximum connection limited to server 2003?

Can any administrator or expert help me to solve it? :thumbsup: Thank you very much.

Edited by windaaa, 10 November 2009 - 06:41 PM.


BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:13 AM

Posted 12 January 2010 - 09:59 AM

I believe the problem is in how you are trying to create the roaming profile. The steps are as follows. 1. create the user on the domain controller with all appropriate permissions and add the path to the home folder for the user(make sure it is shared with the right permissions). 2. Log on to the local computer and setup the user. 3. On the domain controller go to the control panel-users- click on the copy to and save the information in the folder for the user you created. 3. Check your settings by logging on and change everything to your prefered mandatory profile and log in on a different computer. 4. if all is well change the ntuser.dat in the home folder to ntuser.man.
Get your facts first, then you can distort them as you please.
Mark Twain




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users