We have a script that sets up new users. It sets where the profile directory is to go but does not create it. When the user first logs in it creates the directory and works fine. What I have found is that when it creates it the only account that has access to it is the user's account. Local or Domain Admins do not have access unless I go in and take ownership of the directory. But If I do that the user's account gets taken off of the security tab. So I re-add the account and give them full access to the folder, sub-folders and files. Then replicate it throughout the directory. When the user logs in they get an access denied to the profile directory even though I have checked the files and they have the rights. I have since changed the script to setup the folder too and set the correct rights. What I need to know is if there is a way to add domain admins full control rights to all the existing profile directories without hosing the user's rights to the folder?
Software/Hardware used:
ASKED:
April 30, 2008 7:43 PM
UPDATED:
May 28, 2008 2:34 PM
One update. I tried cacls from the command prompt and it says ACCESS DENIED when trying to add Domain Admins to the acl list. So that option does not work.