We have a script that sets up new users. It sets where the profile directory is to go but does not create it. When the user first logs in it creates the directory and works fine. What I have found is that when it creates it the only account that has access to it is the user's account. Local or Domain Admins do not have access unless I go in and take ownership of the directory. But If I do that the user's account gets taken off of the security tab. So I re-add the account and give them full access to the folder, sub-folders and files. Then replicate it throughout the directory. When the user logs in they get an access denied to the profile directory even though I have checked the files and they have the rights. I have since changed the script to setup the folder too and set the correct rights. What I need to know is if there is a way to add domain admins full control rights to all the existing profile directories without hosing the user's rights to the folder?
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!