Taking Ownership of Roaming Profile??

hello,

i want take ownership of romaing profile can view contents. don't need remind me not best practice--but have legitimate need users profile data. know can reset password , log in myself--what wondering if there way take ownership of profile, without corrupting (ie. user still logon).

we running windows 2012r2 on domain network. 

thank in advance,

matthew

hi matthew,

unless clients seriously old - i.e. pre windows 2000 sp4 or xp sp1, (and i'd posit, should) enable following group policy:

computer configuration\administrative templates\system\user profiles: not check user ownership of roaming profile folders

out of principle, enable following policy, 1 isn't retrospective meaning won't solve immediate requirement (same location above):

add administrators security group roaming user profiles

the first group policy allow take ownership , subsequently add appropriate group in turn grants ability see content.

the second policy removes need take ownership - unless you're inclined browse user's profile locally on server hosting profiles, in case uac make mess of permissions if use approach, add explicit reference or other administrators account in acl - ugly @ , remedy.

if have trusted group of administrative users should able browse contents, either:

• do remotely via browsing unc.
• do locally command prompt (or powershell).
• create group, add members trust, then apply group folder structure rights want (i.e. perhaps read if you're worried changes being made).

this process allow bypass uac behaviour , leave acls untouched , arguably more secure relying on local administrators group since can give lower level ict support staff access without granting them real rights server itself.

in case, should bring things speed , @ 1 or both of above group policy settings.

so long you're not contravening business policy, there's nothing wrong using these policies or permissions guidance.

cheers,
lain

Windows Server  >  Management