Quick, short post today, but this will probably save you a lot of time searching for a pretty much non-existent answer to a new “feature” introduced in roaming profiles for Windows Vista and Windows 7. It cost me an hour to figure this out. Hopefully you’ll see this and solve the issue in a jiffy…
You join your brand new Vista or Win7 machines to a your domain and then try logging in with a roaming user account and get a popup notification error saying that Windows has logged you in with a temporary profile. You look in the event viewer and see the following:
All the permissions are set correctly for the share and folders for the roaming profile and the user can create files in the roaming profile folder, but the stupid “Access Denied” error message is still there.
What the hell, Microsoft? All along you’re lax (*nix had this enforced all along) and now you change it. At least let us know? Please and thank you…
On a slightly different note, I also suggest that you set the following Group Policies to make your sysadmin life easier:
Computer Config\Policies\Administrative Templates\System\Logon --> Always wait for network at computer startup and logon [Enabled]
Computer Config\Policies\Administrative Templates\System\User Profiles --> Add the Administrators security group to the roaming user profile share [Enabled]
Computer Config\Policies\Administrative Templates\System\User Profiles --> Wait for remote user profile --> [Enabled]
As usual, cheers.