Cyber Security

Grant Administrators Full Control Access on Roaming Profiles Folders (Grant-RoamingProfilesAccess)

Maybe you already had the following problem: You’re using roaming profiles. You are the administrator of the domain. You can’t access the roaming profiles folder. You have to take ownership of each folder and grant yourself access to every subfolder inside the parent folder. It’s a nuisance. That’s over now. Just use my advanced PowerShell function Grant-RoamingProfilesAccess to get access to all profiles folder and files.

The Roaming Profiles Folder

In my case, all roaming profiles are stored on my domain controller in c:\Profiles.


When I try to access that folder, I get an Access Denied.

You don’t currently have permissions to access this folder.


If you now think you can get access simply by following the instructions and clicking on Continue, then you are right. But what if you need access to all profiles? It is very tedious to do the work for all folders. That brought me to an idea: I will make function out of it to grant access to all profiles and profiles subfolders. Let’s jump in.

Breaking into the Profiles Folders

Firstly, we have to take ownership of all folders. Secondly, we have to grant full access to the administrators group. My function will do all that.

Here it is in action:

Grant-RoamingProfilesAccess -Path C:\Profiles\


After running that command, administrators have full access to all folders including sub folders.

The function Grant-RoamingProfilesAccess

Here is the code:

function Grant-RoamingProfilesAccess {

# Grant-RoamingProfilesAccess is an advanced Powershell function. It takes ownership of the users roaming profiles folders and grants the administrators group full access.

# Uses takeown and icacls. Define the path to the roaming profiles root directory.

# Path
# Enter the path to the roaming profiles root folder.

# Grant-RoamingProfilesAccess -Path C:\Profiles\

# Author: Patrick Gruenauer
# Web:




[Parameter(Position=0,Mandatory=$true,Helpmessage = 'Enter Path to the Roaming Profiles Root Directory')]



Get-ChildItem $Path -Recurse |
ForEach-Object {

takeown /f $_.FullName /a
icacls $_.Fullname /grant "administrators:(OI)(CI)F" /t


Make it permanent

Copy this code into your PowerShell ISE session and run the code. Then type the command and have fun with it. Or download it here:


If you want to make the function permanently available, so that the function is there every time you start PowerShell, you have to create a folder in C:\Program Files\WindowsPowerShell\Modules. Name it Grant-RoamingProfilesAccess. Then save the code as .psm1 file in that folder. The screenshot below will help you.


4 replies »

  1. Patrick do you tell me what is and purpose of roaming profiles. What does mean when you say roaming profiles. Do you mean roaming profiles store my files and folders on server intend on my local pc or laptop


      • Hi Patrick – thank you for sharing!

        Have a little question for yourself in regards to the script.

        If i only wanted to run this on a particular sub folder or a set of folders how would i proceed with this?

        As i do not want to remove all Roaming Profile Folder and only need to remove around 15 is there anyway around this – i thought if i create a script now it will save me time and effort doing it in future plus leaning something new always excites me 🙂

        Awaiting in anticipation for a response – thank you in advance.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.