Win2K Profiles

Windows 2000's profile redirection policies have some useful settings, such as the ability to use an Active Directory (AD) Group Policy Object (GPO) to redirect the Desktop, My Documents, Start Menu, and Application Data objects. To customize these settings, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in. Right-click the site, domain, and organizational unit (OU). Select Properties, and click the Group Policy tab. Select the policy (or create a new policy), and click Edit. Select User Configuration, Folder Redirection. Right-click the item you want to edit, and select Properties. You'll see a Target tab with a drop-down menu containing three options: No administrative Policy Specified, Basic—Redirect everyone's folder to the same location, and Advanced—Specify locations for various user groups. Select the Basic—Redirect everyone's folder to the same location option.

I tried redirecting the folders in a small shop of 10 users. I redirected all items (i.e., Desktop, My Documents, Start Menu, and Application Data) to a Profiles share on the DFS root. In the Profiles folder, I created directories for each user by user ID, then had the redirect put the information in subfolders with the same names (e.g., Desktop, My Documents). I gave the users change permissions on these folders.

Everything worked until the users logged off. When the users tried to log off, they received the error message Can't copy profile to the server share, reason: Access Denied. I then gave the users full permissions, but the same error message generated. I couldn't figure out what was causing the problem.

I decided to set the policy back to No administrative Policy Specified. However, this action didn't affect the client because I was telling the client that no policy was set from on high and to therefore use the Local Policy, which I had used Group Policy to set from on high. I ended up having to create a custom MMC snap-in that edited the Local Policy back to No administrative Policy Specified.

I finally discovered the reason for the error message: In Win2K, a user must own a directory to be able to copy the Profile data to the directory. When you create a home drive in Win2K and Windows NT, the OS creates the folder for you and sets security if you use the %Username% variable in User Manager or the Active Directory Users and Computers snap-in.

To solve the problem, I gave all users full control, then logged on as each user and took ownership of the \profiles\username folder and all the subfolders. Each user could then log off and save the redirected folders to the Profiles share without receiving the error message.

Win2K Service Pack 2 (SP2) corrects the problem I experienced. SP2 correctly assigns the user as owner of the redirected folders.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.