I am setting up a server using windows 2k3 server on a university domain. I need the rights to police the files due to the fact that this is a military rotc unit, and my superiors want the content of our server watched. I have already set up my server to hold my users roaming profiles and have redirected the home folders to a central location. The problem I am running into is that no matter what I try in the polices, I am locked out of the users home folder and application data. I have even tried enabeling the setting in group policy editor in the computer, admin templates, system, user profiles that adds administrator to the roaming profiles share. This had no appearent effect. I really need to gain control of this soon, as I promised my superiors that I would have the system operational by the the begining of the next semester, which starts after the first week of january. If anyone has any ideas here I am all ears and would be your debt.

thanks guys/gals

Moved to Networking.

Are you both a domain and local admin? Are any files encrypted?

What do you mean you are locked out of the users home folders, does it give you access denied when you try to open it?

Do you really need access into them?

Have you tried right clicking on the folders, and going to properties and security and adding the administrator there?

to your question, yes it gives me access denied. The only way that I can gain access is by taking ownership of the folder and child folders.

ok, with that said, I guess I should ask this, can these folders still be backed up even though admin has no rights to them? also, will virus scans be able to look through the files in the folders if I dont have access?
These are more my concerns than just losing access. but to that question, I am setting this up for navy rotc. The lieutenants above me dont want to lose control of the contents since it is in thier minds a military system even though I am a student as are the othere users. This is the reason I am really trying to make sure I have access to the folders.
any thoughts are appreciated.

thanks

I just read your first one... Yes I am a domain admin and a local Admin

to my knowlege, none of the files are encrytped. I set up the policies to redirect the apps data folder and my documents folders to a set location. These folders are created upon first logon. It is these new folders that I dont have access to.

Have you tried taking ownership of the entire folder or drive where they are located? Be sure that all permissions are propagated to child objects below that level. All of these options are set in the Security tab in the properties of the folder when NTFS is used.

Frankly, I don't understand how you can be locked out if you have been given specific access. You're not Deny in any folder permissions, are you? Once you start using Deny, there can be all sorts of undesirable side-effects. Avoid using it at all.

ok, I went through and took ownership of the parent folder which effectively allowed me into the files and locked the users out. how do I accomplish both allowing myself (admin) and the users into the folders on a broad scale without individaully setting the permissions on every one of my 60 users folders? and without allowing anyone to view anyone elses files?

You haven't answered my question.

no, I am not deny in any of the folders...
the only thing I can think of is that the setting in the group policies to allow administrators is allowing an admin level higher than what I have been given. I do have admin rights and am a part of the domain admins, but I am still under the university administrators, and I cant help but wonder if the admin group that the policy added is thiers and not any admins. and to top it off, the administrators that I have been working with are all on break for the time being so I cant straighten any of this out till after the new year.

Still, you should be able to add your admin group to the groups with permissions to the folders in question. If not, they made a mistake in not giving you full domain rights - at least until the network was set up.