Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, January 17, 2012

Reset Roaming Profile and Folder Redirection Permissions

Resetting Permissions

If you run into permission issues, first make sure your parent folder permissions are correct as defined above.
If you need to reset permissions on a user folder, you will first need to take ownership of the entire folder, then reset permissions, then assign ownership back to the user. While it is possible to do this in the GUI, if you need to do it for lots of users, you’ll want to develop a script. Starting from Richard Teachout’s article, I came up with the following approach. Notes:
  • You can use the built-in utility takeown to assign ownership to Administrators. However in order to assign ownership back to end users, you’ll need to download and install subinacl.
  • For permission assignment, you can use the built-in cacls utility. Although Mr. Teachout recommended the /G parameter to grant permissions, I had better luck with the /P parameter to replace permissions. This hopefully takes care of the odd permission on some profiles where the user has full access to the top folder only.Using /G on that kind of folder generates errorlevel 13 and the message "The data is invalid".
My environment has the following physical folder structure:
D:\RoamingProfiles\UserProfiles\User01.V2 – used by new Windows 7 profile folder redirection

The Script
Based on that structure, I created my script in the D:\RoamingProfiles folder, and assumed it would be run with a single parameter, the %UserName%. Here are the basic commands. As always, use at your own risk!

No comments: