Link to home
Start Free TrialLog in
Avatar of TroyHrehirchuk
TroyHrehirchuk

asked on

Win2k profiles are not deleted when user logs off subsequent logins create user.domainname.000

When the user logs in and then logs out again say "troyh" in documents and setting there is another profile directory that get created. Upon investigating the origanial troyh profile directory ntuser.pol file remains as the only singular file in the directory c:\documents and setting\troyh. The security tab reveals that the ntuser.pol file has permissions of read for admins group and full control for the user. How do I fix this I know its a local policy that is causing this but don't know were to change it to fix this problem. If I log out and then in a few more times the directory that is created is troyh.domainname.001 and so on. I have scene as high as 25 of these profiles. It does not concern me that is takes up HD space but it is an annoyance when some of the settings do not follow the user because of this.

Help me Experts your my only hope...
End transmission...
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image
This behavior is by design? a username with a .000 extension is a standart domain profile, and is dosnt get deleted

PeteL
Avatar of TroyHrehirchuk
TroyHrehirchuk

ASKER

I'am not sure I understand you PeteLong are you saying that there will always be a profile in documents and settings of which the extension is 000,001,002,003 and so on of course this is the number that trails after the username.domainname.XXX....
Avatar of Luc Franken
Luc Franken
Flag of Netherlands image
this is normal, as PeteLong stated, I guess you're using roaming profiles, If it's really an annoyance for you, just make sure that the troubling client logs off and delete all profiles from the local computer (not from the server) and login again. This behaviour is caused by a user who logs in at different computers at the same time. Ask the troubling user not to do so, or give him a different account for his other computer (if he uses more than 1 computer)

LucF
ASKER CERTIFIED SOLUTION
Avatar of John Gates, CISSP, CDPSE
John Gates, CISSP, CDPSE
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of TroyHrehirchuk
TroyHrehirchuk

ASKER

Dimante is just to carify that is a local computer policy correct...
Avatar of John Gates, CISSP, CDPSE
John Gates, CISSP, CDPSE
Flag of United States of America image
You can set it at the domain level or local machine.  


D
Avatar of coopey247
coopey247
Just add a logoff script that deletes %userprofile%\*.* and remove directory %userprofile%.  It may also be prudent to whack the user SID key out of HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList.  Once you do these two things, the machine will act as though that person has never logged in.
Avatar of John Gates, CISSP, CDPSE
John Gates, CISSP, CDPSE
Flag of United States of America image
Or you can just set a group policy and it will do all that for you ;-)

D
Avatar of coopey247
coopey247
From what I read it sounded like the group policy was supposed to do this, but for some reason it was leaving behind enough to make a new profile every time they log in.  When policy fails, its time to do it manually.
Avatar of TroyHrehirchuk
TroyHrehirchuk

ASKER

okay I have set the two policys first is not to cache any copies of the profile second is to delete the copies that are actually there when the user logs out. When the policy is put into effect does this also delete the registry entry for that login account?
Avatar of John Gates, CISSP, CDPSE
John Gates, CISSP, CDPSE
Flag of United States of America image
Yes, it does the equivilent of delprof which removes the reg entry also =-)
D