Roaming Profile can not be read or saved (Log 1509)
Windows cannot copy file C:\Users\Frank\ntuser.pol to location \\DC1\Profiles\Frank.V2\ntuser.pol. This error may be caused by network problems or insufficient security rights.
DETAIL – Access is denied.
- Check the share permission and NTFS permission of the profiles folders. ( authenticated user the full control)
- Check the user profile setting in the “Active directory Users and computers” MMC. Then I found the the path been set was wrong, it supposed to be “\\DC1\shares\Profiles\Frank”, but I set it as “\\DC1\profiles\Frank” which does not exist.
Conclusion: the “access is denied” does not only mean the user permission, but also could be caused by the target does not exist.
Give the administrator permission to modify profile files
This week I have decided to chose “Add the Administrator security group to roaming users profiles” as the setting of the week. This setting can be found under “Computer Configuration > Policies > Administrative Templates > System > User Profiles” and applied to Windows XP / 2003 or later.
This setting adds the administrator ACL to the users roaming profile path on the server when it is first created. This greatly helps your user administrator as they don’t need to perform complicated take ownership and permission changes when they need to access a users profile to do something like a file restore or profile move.
In my experience unless the privacy of the users personal files on your companies file server needs to be guaranteed this option is normally enabled.
BUT!!!! Be very sure that you enable this option as soon as possible as this setting does NOT apply retrospectively to existing users profiles as it only applied the administrators group to the profile when the roaming profile when it is created on the server for the first time.