User Profiles

Posted on 2000-04-12
Last Modified: 2010-04-13
I have win2k server running as a domain controller and my other machines running professional. They log into the server. The users on the professional machines have local user profiles that they want to use. But for some reason when they logged into the domian for the first time it started a new profile which I assume is kept on the server. How do I get it to only use the local version of the profile? The sever is not always up and I want them to have access to their profiles. Also don't want to have the recreate their profiles. Any suggestions?
Question by:Breezin
  • 2

Accepted Solution

agrandville earned 200 total points
Comment Utility
The problem is that the profile that is local to the Professional boxes is associated with the local users account. When they log on to the domain they are using a different user account (Their Domain account) that is why the OS creates a different profile named Username.DomainName. Repairing the problem is the trick. As long as you don't configure the users accounts to use roaming profiles then they will use a local profile. It sounds like your problem is that the users have created profiles with local accounts and now you want to modify those profiles so that their domain accounts can use them. The problem is in the internal registry permissions. When the system created the users profiles it assigned rights to the users registry hive in user.dat. You can look at these security rights by looking at HKEY_USERS\UserSID where UserSID is the local user account of the user who created the local profile. Note: This user must be logged in to the box in order to have his registry fragment merged into the system registry and for you to see it. Anyway, the solution is to change these permissions to include the users domain account. Make sure you give the Users domain account full control of the entire HKEY_USERS\SID Key and all subkeys. Unfortunately, there is no easy way to modify these premissions on the fly. One good reason is that the user must be logged into the box for his registry fragment to be loaded and for you to change the permissions. You didn't mention how many workstations you have so I can't tell if that's a big deal or not. If it's just a few you can just do it from the users console. Log in as an Administrator and open Regedt32. Browse to the HKEY_USERS key and highlight the Root Key. From the Registry drop down menu choose "Load Hive" browse to the users profile directory and choose their user.dat file. Name it whatever you want. Once thier registry is loaded highlight the key and change the premissions. Don't forget to give the users domain account access the profile directory in c:\documents and settings.
However, if you have alot of workstations and you wish to automate this process it could get really tricky.

Author Comment

Comment Utility
we only have around 10 boxes that would need to be chaged. Is there a way to copy the old user profile to the domain profile and just start using that. And if we do this will a copy of the profile be saved and used if the domain controller is down when they boot up?
Would this be easier or should we just do the registry changes like you suggested?


Expert Comment

Comment Utility
As long as you haven't set the users accounts up to use roaming profiles than the profiles will always remain on the workstations. You would set up roaming profiles by editing the users profile path in the User object in your Domain. You could use the MyComputer\Properties\User Profiles\Copy To method to copy the old profile to the new one. You would do this by logging into the workstation as the local User. Use the method listed above to copy your profile to some path i.e. c:\documents and settings\ make sure you change the "permitted to use " box to include either the users domain account or a group to which he is a member. This will effectively change the internal permissions of the profile to give the user or group listed in the permitted to use box full control to the profile. Log off as the local user. Log in as some other account like administrator. Delete the local users profile in c:\documnets and settings\UserName if you want to be safe you can always rename it something like Username.Old. Then rename the profile you created in the previous step from to just Username. You will now have a copy of the local users original profile but now the users domain account will have permissions to it. The next time the user logs onto the box with his domain account he will load this profile and all should be well. This will accomplish the same thing as the method I described earlier with changing the permissions manually . It all depends on your preference. Either way as I mentioned above you don't have to worry about the profiles being copied off to some other server unless you tell it to by setting a profile path in the users account.

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now