JSI Tip 1757. Roaming Profiles do not inherit parent permissions?

If the user's profile folder does not exist when they first logon, the folder is created by a process in Userenv.dll, which sets:

Administrators = FULL
%username% = FULL
System = FULL

When the user logs off, no additional persmissions are set.

To workaround this behavior:

Pre-create the user's profile folder


Delete the user's profile folder after they logon but before they logoff.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.