Grant Admins Full Control Policy

[ne0-reloaded]

I know the "add the administrators security group to roaming user profiles" exists, but for some reason I can't get it to work. The explanation says the policy needs to be set on the client and not the server, so i created and linked the policy to the OU with the workstation that'll ultimately house the roaming user profile. The problem is this doesnt work. I tried linking it to the server as well, but the policy had the same affect. Ultimately I gave domain admins full permission over the shared profile folder and allowed the security to be inherrited (which worked), but I still cant figure why the policy doesnt work. If anyone can tell me how I can get this to work Id appreciate it.

Thanks

 

[LittleMe]

Sounds like you have the GPO linked correctly. Your problem is most likely that you expect it to apply to profiles that are already created, which is not the case. This policy will only apply to new users with romaing profiles or those that you're just giving roaming profiles.

 

[ne0-reloaded]

I knew that the policy doesn't apply to profiles that have been previously recreated. I created a new user to test with to make sure a previous account wasn't there. The policy just doesn't seem to work the way im thinking it is.

 

[MorfiusX]

When I did this last, I assigned the policy to both the client machines and the file server that held the profiles. Everything worked for me then.

You could use RSOP to make sure the policy is getting applied correctly.