Forum Discussion
Server 2022 GPO roaming profile issues
I'm pretty weak with Domains but doing pretty good except for an issue that just popped up on me. I setup roaming or redirected profiles with GPO and included the "appdata(roaming)" folder and just had first issue with an installation. I was trying to install Zoom client and it fails. I had previously tried to install another app that is web related. It appears that I have a permissions issue writing to whereever these installers need. I am having a horrible time trying to open up permissions or determine what I really need to do. I have even assigned the domain user with domain admin rights with no luck. I have been able to install most other items without issue. Things like MS Office, printer software, and so on.
1 Reply
Check Folder Redirection Configuration
- Ensure proper redirection: Since you're redirecting the AppData\Roaming folder, make sure the Group Policy setting for folder redirection is configured correctly and is not causing access restrictions.
- Verify the redirection policy: Open Group Policy Management and ensure that the Folder Redirection policy for the AppData\Roaming folder is applied correctly to the user.
2. Permissions on the Redirected Folder
- Check the permissions on the folder: Roaming profiles and redirected folders need to be accessible by the user, but also properly secured to prevent unauthorized access. You need to make sure the user has the correct permissions to the redirected folder.
- Grant permissions on the network share: If the AppData\Roaming folder is redirected to a network share, check the share and NTFS permissions. The user should have Full Control or at least Modify permissions on that folder.
- Use the correct ownership: Ensure the folder has the correct owner (usually the domain user). Right-click the folder, go to Properties → Security → Advanced, and check the owner.
3. Profile and User Permissions
- Check if the profile is corrupt: Sometimes, user profiles may become corrupt, causing issues with file access. Test the issue with a different user account to see if the problem persists.
- User account permissions: While it's good practice to avoid giving users domain admin rights unless necessary, administrator rights are required for installing software. Try adding the user to the local Administrators group on the machine temporarily and see if that resolves the issue.
You can do this by running the following command in PowerShell:
Add-LocalGroupMember -Group "Administrators" -Member "domain\username"
Temporary Profile Issues
- Check if a temporary profile is being loaded: If a user profile is loading as a temporary profile, it can lead to problems accessing the proper folders for app installations. Verify that the user's profile is correctly loading (no TEMP profile) and that it's not getting stuck in a loop.
5. Security Software and Group Policy Restrictions
- Antivirus or security software: Check if security software on the machine (like antivirus, endpoint protection, etc.) is interfering with the installation. Some security software can block installers from modifying certain folders or creating new files.
- AppLocker or Software Restriction Policies: Ensure that no Group Policy is restricting the installation of software. AppLocker or Software Restriction Policies can block software installs in certain directories. You can check these settings in Group Policy Management under:
- Computer Configuration → Windows Settings → Security Settings → Application Control Policies → AppLocker or Software Restriction Policies.
6. Zoom-Specific Installation Permissions
- Zoom client installation permissions: Since you mentioned Zoom, it's important to ensure that Zoom can create and write data to the appropriate folders during installation. Zoom might be trying to access certain registry keys or files in the AppData\Roaming folder.
- Run the installer as administrator: If the user is having trouble installing Zoom, try running the installer as an administrator. Right-click the installer and select Run as Administrator.
- Temporary disable UAC: Sometimes, User Account Control (UAC) can block installations in the profile folders. Temporarily lowering the UAC settings or disabling UAC might help during the installation. Once installed, you can revert the UAC settings.
7. Log Files and Event Viewer
- Check event logs: Review the Event Viewer on the machine to see if there are any additional details about the installation failure. You may find clues related to file access or permission issues.
- Installer logs: Most installers, including Zoom, will create log files that may contain specific error messages. Check these logs for details on what might be blocking the installation.
You can check the Event Viewer logs under Windows Logs → Application for any errors related to the installation process.
8. Network Share Permissions
If you are redirecting to a network share (e.g., on a file server), make sure the following:
- The folder where the AppData\Roaming folder is redirected has share permissions for the user or group that needs access.
- In NTFS permissions, ensure that the user has read/write access to the share and that no restrictive settings are applied.
