Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


User Profiles

Posted on 2000-04-12
Medium Priority
Last Modified: 2010-04-13
I have win2k server running as a domain controller and my other machines running professional. They log into the server. The users on the professional machines have local user profiles that they want to use. But for some reason when they logged into the domian for the first time it started a new profile which I assume is kept on the server. How do I get it to only use the local version of the profile? The sever is not always up and I want them to have access to their profiles. Also don't want to have the recreate their profiles. Any suggestions?
Question by:Breezin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

agrandville earned 800 total points
ID: 2709168
The problem is that the profile that is local to the Professional boxes is associated with the local users account. When they log on to the domain they are using a different user account (Their Domain account) that is why the OS creates a different profile named Username.DomainName. Repairing the problem is the trick. As long as you don't configure the users accounts to use roaming profiles then they will use a local profile. It sounds like your problem is that the users have created profiles with local accounts and now you want to modify those profiles so that their domain accounts can use them. The problem is in the internal registry permissions. When the system created the users profiles it assigned rights to the users registry hive in user.dat. You can look at these security rights by looking at HKEY_USERS\UserSID where UserSID is the local user account of the user who created the local profile. Note: This user must be logged in to the box in order to have his registry fragment merged into the system registry and for you to see it. Anyway, the solution is to change these permissions to include the users domain account. Make sure you give the Users domain account full control of the entire HKEY_USERS\SID Key and all subkeys. Unfortunately, there is no easy way to modify these premissions on the fly. One good reason is that the user must be logged into the box for his registry fragment to be loaded and for you to change the permissions. You didn't mention how many workstations you have so I can't tell if that's a big deal or not. If it's just a few you can just do it from the users console. Log in as an Administrator and open Regedt32. Browse to the HKEY_USERS key and highlight the Root Key. From the Registry drop down menu choose "Load Hive" browse to the users profile directory and choose their user.dat file. Name it whatever you want. Once thier registry is loaded highlight the key and change the premissions. Don't forget to give the users domain account access the profile directory in c:\documents and settings.
However, if you have alot of workstations and you wish to automate this process it could get really tricky.

Author Comment

ID: 2709311
we only have around 10 boxes that would need to be chaged. Is there a way to copy the old user profile to the domain profile and just start using that. And if we do this will a copy of the profile be saved and used if the domain controller is down when they boot up?
Would this be easier or should we just do the registry changes like you suggested?


Expert Comment

ID: 2709489
As long as you haven't set the users accounts up to use roaming profiles than the profiles will always remain on the workstations. You would set up roaming profiles by editing the users profile path in the User object in your Domain. You could use the MyComputer\Properties\User Profiles\Copy To method to copy the old profile to the new one. You would do this by logging into the workstation as the local User. Use the method listed above to copy your profile to some path i.e. c:\documents and settings\ make sure you change the "permitted to use " box to include either the users domain account or a group to which he is a member. This will effectively change the internal permissions of the profile to give the user or group listed in the permitted to use box full control to the profile. Log off as the local user. Log in as some other account like administrator. Delete the local users profile in c:\documnets and settings\UserName if you want to be safe you can always rename it something like Username.Old. Then rename the profile you created in the previous step from to just Username. You will now have a copy of the local users original profile but now the users domain account will have permissions to it. The next time the user logs onto the box with his domain account he will load this profile and all should be well. This will accomplish the same thing as the method I described earlier with changing the permissions manually . It all depends on your preference. Either way as I mentioned above you don't have to worry about the profiles being copied off to some other server unless you tell it to by setting a profile path in the users account.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I’ll show how research, determination, and use of modern technology helped me solve a DNA mystery.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question