One of the challenges I’ve run across recently is when using Persona Management in View, the default permissions on the Persona network share are only for the user. If an administrator tries to take a look at the share, they are denied. If an administrator tries to “Take Ownership” of the user’s persona folder, it can cause numerous issues and cease to function for that user (requiring a restore of that users Persona directory or total deletion and regeneration with a new clean profile – losing the user’s data in the process.)
So how does an admin get rights to the user’s persona directory to repair a single file without destroying the persona completely? There is an MS group policy object that applies here.
Computer Configuration\Administrative Templates\System\User Profiles
Add the Administrators security group to the roaming user profile share
By enabling this policy, administrators will have additional rights to the profiles so that they can edit them if needed. Perhaps you corrupted your sandbox environment for a specific ThinApped application, now the admin can erase just the sandbox for that app and not have to restore or erase any more information than is needed.
- This works for the user’s persona only. If you are also using redirected folders, those targets will still only give the user permission to that data. This policy does not apply to redirected folders.
- This does not add administrator permissions to persona folders that already exist on the persona network share.
- The group that gets added is local administrators for the server that the share is on. This may be an issue if you are using MSCS for your network share. If the share switches MSCS nodes, those administrative permissions will not apply.