#StackBounty: #windows #active-directory #permissions #windows-server-2019 #roaming-profile Active Directory roaming profile permission…

Bounty: 50

I have a problem with one specific folder while user profiles are synced at logon. Let me explain the situation:

I have:

  • A user account (MYDOMAINaccountname)
  • Security group ‘Access to WADUP_RW’
  • A SMB share (\my-smbWADUP)
  • A pc with Windows 10 pro installed (Up-to-date) and joined into MYDOMAIN

Permissions on the WADUP folder on \my-smb:

  • ‘Access to WADUP_RW’ has read and write access
  • Domain Admins and Enterprise Admins groups have read and write access

Configuration for the user account:

  • Profile path: \my-smbWADUPaccountname

The problem I’m having:

  1. Log in accountname on the pc.
  2. \my-smbWADUPaccountname folder is created. (Owner is accountname)
  3. Log out accountname on the pc.
  4. All data in user profile is being saved to the \my-smbWADUPaccountname
  5. So far so good
  6. Now I log in accountname on the pc again
  7. I get the error ‘There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event log for details or contact your administrator.’
  8. I check the event log, which says that \?UNCmy-smbWADUPaccountnameAppDataRoamingMicrosoftInstaller can’t be copied to \?C:UsersaccountnameAppDataRoamingMicrosoftInstaller with DETAIL – Access is denied
  9. I check the folder C:UsersaccountnameAppDataRoamingMicrosoftInstaller permissions, which are:
    • Everyone: Read
    • System: Full control
    • Administrators (PCAdministrators) Full control

What I’ve tried:

  • Changed SMB server, made no difference.
  • Manually changed the folder permissions to everyone: Read and write. Though the permissions reset whenever I logged out.
  • All Pc’s do it but they are the same windows version.

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.