Windows 7 - Problem with permissons on some machines in our AD

Associate
Joined
20 Oct 2002
Posts
1,535
Location
Selby
I've got a problem with a certain number of machines within our Active Directory. The Domain controllers are running Server 2008 R2, as is the NAS drive.

There are 1200 users and each user is split into 5 year groups:

Year 07.
Year 08.
Year 09.
Year 10.
Year 11.

Each user has a home folder on the NAS server which the profile path for the user points to. So when a year 09 user logs on, it directs to \\nas-a\year 09\$username...

Each user's home folder has a parent folder which corrisponds with the year group of the user. So a Year 09 user has a home folder which is inside a parent folder called 'Year 09'.

Each user is a member of a year group. So a Year 09 user is a member of 'Year 09' user group, a year 08 user is a member of 'year 08' user group etc.

The permissions for the folder are set accordingly so that a 'Year 08' user can't access the Year 09 parent folder and vice versa.

This works flawlessly on 99% of the workstations but occasionally there are workstations which don't play ball. When a user logs on they are unable to access their home folder.

In this example it is a Year 11 user. If I log on (as the domain administrator) to the workstation and manually navigate to the year 11 parent folder I get the following error message: Windows cannot access \\Nas-a\Year11 You do not have permission to access....... (But I'm the domain administrator??)
However, I can navigate to all the user Year group parent folders (year 07, year 08 etc...). If I get a Year 07, Year 08, Year 09 or Year 10 user to log on all is fine and the users can access their document folders.

The workstation in question is nearly always a laptop which connects to the domain via a wireless access point.

I understand that it may be difficult for me to explain the situation exactly.

How can I resolve the problem?

I hope you can help.
 
Permabanned
Joined
28 Dec 2009
Posts
13,052
Location
london
If a specific user has a problem with their home directory. Does the directory exist ? Was it empty? If you can not access the directory take ownership of the directory. If you can see the files in the directory. I assume based on your post that you are referring to the profile tab in AD and the home directory option. What you can do is just add a 1 or another character on to that path and the home directory will be created again. If there is still problems then it could be the inherited permissions from the parent folder.
I don't like using that method, I much prefer the redirected folders options in group policy. That way you can redirect their documents folder to a server location. But it works just the same.
 
Associate
OP
Joined
20 Oct 2002
Posts
1,535
Location
Selby
Thank you for replying so promptly.

The situation I've got is that if I ask the user to log in on another laptop then the problem disappears. So the problem is something to do with the workstation rather than the user.

If say for example it is a year 09 user who is unable to see their home directory on a laptop, if the user logs on to a different laptop they won't have any problems.

This occurs for any year 09 user, yet a user from any other year group can log on without any issues.

It can be any year group which the problem occurs with.

If I log in as an administrator on the laptop in question I do not have the permissions to view the year 09 parent directory :confused: yet I can view all the other year groups.

It isn't always year 09 either, it's occurs with any year group.

Thanks
 
Associate
Joined
30 Aug 2009
Posts
467
I take it then the nas is windows then.

So he said in the first post.

Tdh1987
It might be worth double checking gpresult /R between two different laptops where they display the differing behaviour.

Have you double checked that the workstations themselves are in the correct OUs and members of the correct group/groups?
 
Associate
Joined
3 May 2009
Posts
805
Cached credentials??

In control panel do any entries appear in the credentials icon? I have noticed my boss' laptop tries to use some odd credentials connecting directly to our 2 nas devices.
 
Back
Top Bottom