What should I do with a temporary profile when using roaming profiles?

U

Uncle Seryozha2016-12-16 05:34:40

System administration

Uncle Seryozha, 2016-12-16 05:34:40

We use temporary profiles in the organization, the rights to the folder with temporary profiles were granted before me according to lessons from the Internet:
the Domain Users group had full rights to the profile folder and subfolders (to folders with profiles), it is logical that any user could open any folder of any user (desktop, my documents, etc.)
Then I removed the inheritance: by script I gave each user the rights to his folder with his profile:

From the point of view of protection, it became OK, but now some users, some on their cars, some on the RDP server , who goes to what other server with temporary profiles, everyone has different ways. Shouldn't everything be returned?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Andrey Ermachenok, 2016-12-16
@Protos

So what should you get at the end - temporary or roaming profiles?
From experience - a shared folder is created on the server for profiles with access for the Admin and the System like \\Server\Profiles$, The path to the roaming profile \\Server\Profiles$\User is written in the properties of the domain user - the User folder will be created by Windows with the rights ONLY of this user - even the administrator will not be able to enter it. When changing the rights to the automatically created folder, the roaming profile stops moving - the user starts working with a temporary profile.
So I made a subfolder under the profile with my hands before the user first logged into the system - the user had the rights to the folder for work and the admin for archiving.