If a users profile is created on the network share using PM, it cannot be viewed by admins.
If it is created by normal windows roaming profile then admins can view (modify/delete) no problem.
It seems that:
- PM creates subfolders with no inheritance (the admins group is not propegated).
- Roaming profile creates subfolders with full inheritance.
But why? Is this a fault? Should PM create the folders in the same way that roaming profile does?
We want admins to be able to clean/modify PM created folders, but they cannot - the problem ONLY happens when using PM.
Notes:
- We precreate roaming profile user folders when a user account is created.
- We don't populate the folder with a "default profile", but we make sure the users top level folder is created.
i.e:
- \\server\profileshare is the top level parent.
- When the user account is created, we then create \\server\profileshare\useraccount.v2 only (as part of a script). Permissions are setup as expected.
- Administrators can navigate into this particular folder.
- Administrator cannot navigate to subfolders of the user profile if created with PM, but can navigate if created with traditional roaming profile.