DOCUMENT:Q240994 06-AUG-2002 [winnt] TITLE :Roaming Profile Permissions Not Inherited on Server PRODUCT :Microsoft Windows NT PROD/VER:winnt:4.0 OPER/SYS: KEYWORDS:kbenv kbnetwork ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server version 4.0 - Microsoft Windows NT Workstation version 4.0 ------------------------------------------------------------------------------- SYMPTOMS ======== You may notice that roaming profiles stored on the computer running Windows NT Server do not inherit the parent folder's permissions or the source folder's permissions from the local drive. CAUSE ===== This behavior occurs because the process used in Userenv.dll to create the new profile folder uses the CreateSecureDirectory() API to set the following permissions: Administrators = FULL <%username%> = FULL System = FULL When the user logs off, the CopyProfileDirectory() API is used, which does not assign any permissions. RESOLUTION ========== To resolve this behavior, perform one of the following: - Create the profile folder in advance if it is necessary for the profile folder to inherit the parent's permissions. -or- - Delete the profile folder on the server after the user has logged on but prior to the user logging off. The process used to create the folder when the user logs off (or update the profile on the server) does not set any permissions, effectively inheriting the parent's permissions. Additional query words: ====================================================================== Keywords : kbenv kbnetwork Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT400search kbWinNTSsearch kbWinNTS400search kbWinNTS400 Version : winnt:4.0 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.