Library sysadm 2006-07-14 22:16:21
Win2K domain controllers; WinXP Pro SP2 clients. A GPO has been created and
the adm files for 2003 have been applied to it for the computers contained.
While all appropriate policies have been set to allow a roaming profile to
copy settings back, save settings on exit, etc., changes to settings do not
seem to be saved.
For example, changing the setting for the desktop wallpaper is never saved;
setting the Windows Explorer or Internet Explorer taskbar icons to small
instead of the defaul large icons must be done after every login; Quicklaunch
bar icons are causing Security Warnings unless deleted and recreated – which
must be done every session.
There are no extra folders added to the defaults in excluded directories.
Its clear that the session settings are not being saved to the roaming
profile when the user logs off. Roaming profiles are not cached, although we
have also tried turning this on to see if it would correct the situation. It
Does anyone know why this is occurring?
Ktosser@gmailc 2006-07-14 22:16:39
Have you verified that the users proper access to the share where the
profiles are stored. The profile path is set on the Profile tab of the
users properties in Active Directory. When you set the profile path in
AD for the user you can use “\\servername\sharename\%username%”. Then
at the users first logon the folder will automatically generate with
the username as the folder name in the share and set the correct
security. Only that user will be able to access the folder. You can
test to make sure the user has access by logging in as the user, then
navigating to the profile folder using the UNC path
“\\servername\sharename\username” If you can navigate to the folder
and see the information then security should be set correctly.
If it is no generating the folders double check both the share
permissions and security for the share to make sure the users have
Library sysadm 2006-07-14 22:16:49
Yes, NTFS permissions on the users roaming profile directories are correct.
We aren’t getting any error messages or event log entries when the user logs
Basically, it’s acting like the policy of “Don’t save settings on exit” is
enabled, even though it isn’t. We have verified this many times.
Coalbiter 2006-07-14 22:16:55
I suppose the ntuser.dat file is still called that? It isn’t ntuser.man
is it? That is, mandatory roaming profile?
Lforbes 2006-07-14 22:17:34
What about Share Permissions? With Windows 2000 the default is Everyone Full
Control. With Windows 2003 it is Everyone = Read which always messes me up.
What is the Event Log on the local machines saying? Everytime I have a
problem with this, the Event log logs the errors.
Library sysadm 2006-07-14 22:17:54
Yes, the file is ntuser.dat, not ntuser.man
Library sysadm 2006-07-14 22:17:55
Thanks for the reply.
We changed the “Everyone” permissions to fit our domain. However, I don’t
believe this is the problem. The user has Full Control over the entire
profile directory for his/her name. Those permissions are inherited by all
In addition, these are Domain Admins, as well. The Domain Admin group also
has Full Control NTFS permissions over all directories/files.