Reconfigure roaming profile folder and home folder permission for all the users

By | February 15, 2011
0 Comment
Reconfigure roaming profile folder and home folder permission for all the users
If you ever faced an permission issue on roaming profile folder and home folder, if not it may happen in future it’s better to have a solution for this, you know the profile folder and home folder have their respective user  permissions ( that will be unique for each folder)

Its very difficult to resolve the permission issues if you have more folders, lets say by mistakenly you or someone else reset the root folder permission, checked the “Replace permission entries on all child objects with entries shown here that apply to child objects” on the root folder, this will reset all the sub folder permission, now all the sub folder (user folder) have lost their respective user permissions
All the user in that root folder will receive the access denied error, if its a roaming folder they will not able to log in with roaming profile
To resolve this issue use the below command
Run this command from the affected root folder, this command will check every folder with the user name in the Active Directory (same name as the folder name) and if the user available then this will provide the corresponding user permission, provide the modify permission to user folder for the user
for /f "tokens=1" %a in ('dir /b') do net user %a /dom | findstr /i /c:"The command completed successfully." >nul && subinacl /file %a /grant=%a=C
for /f "tokens=1" %a in ('dir /b') do net user %a /dom | findstr /i /c:"The command completed successfully." >nul && subinacl /sub %a*.* /grant=%a=C

If you want to remove some permission from all the folder

for /f "tokens=1" %a in ('dir /b') do net user %a /dom | findstr /i /c:"The command completed successfully." >nul && subinacl /file %a*.* /grant=useradmins=F /grant=%a=C /revoke=user
for /f "tokens=1" %a in ('dir /b') do net user %a /dom | findstr /i /c:"The command completed successfully." >nul && subinacl /sub %a*.* /grant=useradmins=F /grant=%a=C /revoke=user
In the above example we have removing the domain user from all the folder and providing full access to useradmins group and providing modify access to folder owner

Note: you can customize this command for your requirement, change the group name and permissions, (F for full access and C for modify access) if you understand the above command you can resolve permission issue in any scenarioRelated Articles

Roaming profile issues
Roaming profile will not work with the remote site (especially low bandwidth sites like VPN site)
GPO update failed in Slow Link VPN site with Event ID 1000 and 1054

Related posts:

Default ThumbnailCommand to Create/Delete bulk DNS Record Default ThumbnailSearch for text in files Default ThumbnailCheck the server IP address from multiple servers Default ThumbnailTo check the list of Users Group Membership Default ThumbnailScript to Ping list of Computers to Reports Back with the Current IP’s for Inventory

Leave a Reply

Your email address will not be published. Required fields are marked *