Go Premium for a chance to win a PS4. Enter to Win


User Profiles

Posted on 2000-04-12
Medium Priority
Last Modified: 2010-04-13
I have win2k server running as a domain controller and my other machines running professional. They log into the server. The users on the professional machines have local user profiles that they want to use. But for some reason when they logged into the domian for the first time it started a new profile which I assume is kept on the server. How do I get it to only use the local version of the profile? The sever is not always up and I want them to have access to their profiles. Also don't want to have the recreate their profiles. Any suggestions?
Question by:Breezin
  • 2

Accepted Solution

agrandville earned 800 total points
ID: 2709168
The problem is that the profile that is local to the Professional boxes is associated with the local users account. When they log on to the domain they are using a different user account (Their Domain account) that is why the OS creates a different profile named Username.DomainName. Repairing the problem is the trick. As long as you don't configure the users accounts to use roaming profiles then they will use a local profile. It sounds like your problem is that the users have created profiles with local accounts and now you want to modify those profiles so that their domain accounts can use them. The problem is in the internal registry permissions. When the system created the users profiles it assigned rights to the users registry hive in user.dat. You can look at these security rights by looking at HKEY_USERS\UserSID where UserSID is the local user account of the user who created the local profile. Note: This user must be logged in to the box in order to have his registry fragment merged into the system registry and for you to see it. Anyway, the solution is to change these permissions to include the users domain account. Make sure you give the Users domain account full control of the entire HKEY_USERS\SID Key and all subkeys. Unfortunately, there is no easy way to modify these premissions on the fly. One good reason is that the user must be logged into the box for his registry fragment to be loaded and for you to change the permissions. You didn't mention how many workstations you have so I can't tell if that's a big deal or not. If it's just a few you can just do it from the users console. Log in as an Administrator and open Regedt32. Browse to the HKEY_USERS key and highlight the Root Key. From the Registry drop down menu choose "Load Hive" browse to the users profile directory and choose their user.dat file. Name it whatever you want. Once thier registry is loaded highlight the key and change the premissions. Don't forget to give the users domain account access the profile directory in c:\documents and settings.
However, if you have alot of workstations and you wish to automate this process it could get really tricky.

Author Comment

ID: 2709311
we only have around 10 boxes that would need to be chaged. Is there a way to copy the old user profile to the domain profile and just start using that. And if we do this will a copy of the profile be saved and used if the domain controller is down when they boot up?
Would this be easier or should we just do the registry changes like you suggested?


Expert Comment

ID: 2709489
As long as you haven't set the users accounts up to use roaming profiles than the profiles will always remain on the workstations. You would set up roaming profiles by editing the users profile path in the User object in your Domain. You could use the MyComputer\Properties\User Profiles\Copy To method to copy the old profile to the new one. You would do this by logging into the workstation as the local User. Use the method listed above to copy your profile to some path i.e. c:\documents and settings\Username.new. make sure you change the "permitted to use " box to include either the users domain account or a group to which he is a member. This will effectively change the internal permissions of the profile to give the user or group listed in the permitted to use box full control to the profile. Log off as the local user. Log in as some other account like administrator. Delete the local users profile in c:\documnets and settings\UserName if you want to be safe you can always rename it something like Username.Old. Then rename the profile you created in the previous step from Username.new to just Username. You will now have a copy of the local users original profile but now the users domain account will have permissions to it. The next time the user logs onto the box with his domain account he will load this profile and all should be well. This will accomplish the same thing as the method I described earlier with changing the permissions manually . It all depends on your preference. Either way as I mentioned above you don't have to worry about the profiles being copied off to some other server unless you tell it to by setting a profile path in the users account.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Loops Section Overview
Suggested Courses
Course of the Month11 days, 13 hours left to enroll

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question